Conservative estimates state global cybersecurity spending will hit $248bn by 2023, which equates to an approximate 11 per cent compound annual growth rate (CAGR) for cybersecurity spending over the next three years. These estimates are conservative because Statista made them prior to the onset of the global coronavirus pandemic. 
Last year was an inflection point for the cybersecurity sector. It’s a year that fundamentally changed how governments and companies secure themselves online, but also how we – individuals – considered our own security and privacy in a digital age.
During 2020, cyber-attacks and data breaches escalated to levels previously unseen. It truly felt as if nothing was immune. Household names like Facebook, Twitter, Cathay Pacific, EasyJet, Microsoft and Capital One were all been targeted by hackers, affecting billions of users. Hackers targeted coronavirus relief packages, the World Health Organization, video communications platforms like Zoom and Teams, and even the US presidential election, according to reports from Microsoft.
Of course, cybercrime is not a new phenomenon. The first ever cyber-attack dates back to 1988, became known as the ‘The Morris Worm’ and was in fact accidental. However, the effects of the pandemic on our lives, last year, was unprecedented, and the resulting digital vulnerabilities that came with ‘work from home’ (WFH) were not something we were prepared for. This meant hackers had easier access to our data and networks than ever before. As you can imagine, they took advantage of that.
And there is no putting the cork back into the bottle. As cybercrime permeates the digital ecosphere, here are three key trends we’re watching unfold on the other side, in the cybersecurity sector, which we believe will drive returns for cybersecurity companies during 2021 and beyond:
1 Predictive security
We have already seen the emergence of cybersecurity companies leveraging technologies like AI and machine learning to eliminate threats in real-time. Both companies and governments are now using such security tools – in many cases – to plug potential vulnerabilities before they even have a chance to mature into real threats. This has become known as ‘predictive security’.
One company that has stood out this year for its offering is CrowdStrike. Its Falcon platform is one of the world’s first, and leading cloud-native platforms known for its powerful application of prognostic threat detection to help secure endpoints continuously. Other companies that have leveraged AI and machine learning to offer cybersecurity solutions include names like Dark Trace, F-Secure, and Vade Secure.
2 The death of hardware
One of the major business model innovations in the last decade has been Software-as-a-Service, or SaaS as it’s now conventionally known. This business model was first pioneered by Mark Benioff at Salesforce and has since been adopted by most software companies.
This trend has also spilled over into the cybersecurity sector. Today, when talk about security, we talk about it ‘as a service’. Put simply, these are cybersecurity software solutions delivered entirely over the cloud on a subscription basis. Such cybersecurity companies will increasingly offer greater predictability around revenues and cash flows. We’re now in the early innings of an industry that will totally metamorphose in software services in the years to come.
Companies like Sailpoint, Okta and Zscaler have been well prepared to take advantage of the accelerated shift to the ‘security cloud’ that is now well underway.
3 ‘Zero Trust’
The third trend is Zero Trust. As we move to increasingly hybrid working environments, it’s not just going to be employees and their company devices that will be the vulnerable endpoints in the network.
In a WFH environment, every single device (company and/or personal) will be a vulnerable endpoint in the network. If I am connected to my corporate network through a local connection, every single device that is also connected to my local network will represent a point of vulnerability. This could be my smartphone, my tablet, my television (if it is connected to the internet), my printer, my car, my robotic vacuum cleaner, the list goes on…). Adding to the challenge will be the act that we’ll also no longer be dealing with just a single network. We will have multiple networks and distributed networks in a WFH environment.
Hence it’s going to be more important than ever to ensure that those people logging in to company systems, to access data and files are indeed who they say they are. Enter Zero Trust authentication.
Zero Trust is an information security framework that states that organisations should not trust any entity inside or outside of their perimeter at any time. The goal of Zero Trust security, therefore, is to protect the company from advanced cybersecurity threats and data breaches, while at the same time helping the company comply with data privacy and security laws. Zero Trust is going to be an increasingly important part of a holistic identity access management (IAM) offering, and it is only natural to expect companies like Ping Identity, Varonis and CyberArk benefitting from this trend.
Rahul Bhushan is co-founder of Rize ETF, which runs the Rize Cybersecurity and Data Privacy UCITS ETF. The views expressed above are his own and should not be taken as investment advice.