Upon arriving for work on March 19, 2019, employees of Norwegian aluminum producer Norsk Hydro found alarming signs posted throughout the office notifying staff that the company had been hacked and to not use any network devices. Locked out of all company computers, and unable to even use the office printers, desperate employees drove to local print shops to make the signs.

What happened at Norsk Hydro in early 2019 was a significant, and increasingly-common, type of cyberattack in which hackers gain entry to a company’s secure network, encrypt important data, and hold it hostage until the company agrees to pay a ransom. Norsk Hydro decided early-on that it would not pay the ransom and would instead endeavor to retrieve the data from back-up servers. While Norsk Hydro scrambled to address the attack, no company computers or devices could be used, which meant that the 35,000 employees across 40 countries were, temporarily, reliant on pen and paper to conduct business. 

Ultimately, the attack cost Norsk Hydro an estimated $71 million.

The threat of cyberattack is becoming more sinister as life moves increasingly online. Hackers continuously probe systems for vulnerability, and individuals, businesses, and even governments are learning (sometimes the hard way) that cybersecurity needs to be taken extremely seriously. 

[Cybersecurity matters more than ever in today’s Blockchain-enabled economy. Here’s how.]

The World Economic Forum’s 2019 Global Risks Report, which annually identifies the most pressing global challenges, ranked cyberattacks among the top 10 risks globally in terms of overall impact. Facing this looming threat, organizations around the world are investing heavily in cybersecurity solutions. 

For instance, federal funding for the newly-created Cybersecurity and Infrastructure Security Agency increased by $334 million between 2019 and 2020. In addition to building internal cybersecurity capability, businesses are under increasing pressure to comply with new data privacy laws, such as the recently implemented General Data Protection Regulation in the European Union. Implementing strong cybersecurity practices is increasingly seen as essential for organizations of all sizes, and businesses offering cybersecurity solutions are in high demand. 

For those interested in the investment potential of this booming market, there are a few important points to understand.

What is cybersecurity?

According to the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (often referred to as the NIST Cybersecurity Framework), cybersecurity is defined as “the process of protecting information by preventing, detecting, and responding to attacks.” 

[It’s not all virtual. Here’s how to invest in… Military & Defense]

A successful cybersecurity strategy involves multiple layers of protection integrated across an organization’s technology and workforce. This involves securing devices, the network, and cloud with advanced protection technologies that prevent outside intrusion and bolster internal security. Educating people on basic cybersecurity principles is equally as important as implementing advanced security tools; even the best security systems can fail if people are careless or unaware of potential threats. 

Organizations that implement a successful cybersecurity strategy often do so with the help of a cybersecurity framework, which helps inform decision-making when it comes to thinking critically about cybersecurity risks within an organization. The NIST Cybersecurity Framework is one such framework, and it is increasingly implemented by private companies in the U.S. as cybersecurity concerns increase.

Still, cyberattacks are becoming more sophisticated as technology becomes increasingly interconnected, and organizations of all shapes and sizes are scrambling to update their cybersecurity strategies. Unfortunately, hackers adapt, and the threats evolve just as fast as the defenses. There is a growing gap between the need for cybersecurity solutions and the ability for organizations to produce those solutions in-house. 

Increasingly, organizations are looking to third-party security providers to help cope with complex, evolving threats. Even a robust, well-trained staff of IT professionals may not be sufficient to protect an organization from these threats. As such, there is growing interest in companies like Splunk, which specializes in analytics-driven security solutions. Splunk is valued at more than $25 billion, and the company’s total revenues increased 36% over the past year. 

The U.S. Department of Defense recently announced that it is buying Splunk software as part of a 10-year, $820 million purchase agreement.

Why invest in cybersecurity? 

The global cybersecurity market is growing rapidly. According to market research by Mordor Intelligence, the global cybersecurity market was worth about $161 billion in 2019 and is projected to grow to about $363 billion by 2025 at an annual growth rate of 14.5%. 

However, market research by International Data Corporation (IDC) paints a more conservative picture, valuing the 2019 cybersecurity market at $106 billion and growing at an annual rate of 9.4% to $151 billion by 2023. 

Regardless, the trend is undeniable: cybersecurity is a healthy and growing market. 

All the fundamentals are solid, and powerful global trends are pushing cybersecurity toward the forefront of all conversations surrounding technology for years to come (data privacy issues, the internet of things and increased connectivity, grid vulnerabilities, etc.). 

Mordor’s research notes that the cybersecurity market is somewhat fragmented, meaning that it is highly competitive and not completely dominated by a few powerful companies. For potential investors, this diverse market offers real opportunities for sustained and potentially rapid growth. 

Venture capital (VC) funding in cybersecurity companies has been increasing rapidly over the past several years. According to KPMG, VC funding of cybersecurity companies in 2018 reached a record $6.4 billion, and 2019 funding numbers are expected to exceed that figure. Given that technological innovation and adoption are accelerating globally, and that cyberattacks are occurring more frequently and with greater impact, investment in cybersecurity solutions will likely continue to grow for the foreseeable future. 

For the savvy investor with an eye on the future of technology, the cybersecurity market offers excellent growth potential. 

How to invest in cybersecurity

However, as an emerging and highly-technical industry, jumping right into cybersecurity by investing directly in one of the field’s leading firms can bring with it undo risk for investors. As with any tech investment, it’s important to understand the products and services that these companies are offering their customers, and how those offerings truly set them apart from the competition, in order to accurately gauge the potential growth as well as the potential risk in any cybersecurity investment.

A search on Magnifi suggests that there are a number of mutual funds and ETFs available that offer exposure to the growing field of cybersecurity requiring investors to get a PhD in technology first. 

Magnifi is changing the way we shop for investments, with the world’s first semantic search engine for finance that helps users discover, compare and buy investment products such as ETFs, mutual funds and stocks. Try it for yourself today.

This blog is sponsored by Magnifi. The information and data are as of the publish date unless otherwise noted and subject to change. This material is provided for informational purposes only and should not be construed as individualized investment advice or an offer or solicitation to buy or sell securities tailored to your needs. This information covers investment and market activity, industry or sector trends, or other broad-based economic or market conditions and should not be construed as investment research or advice. Investors are urged to consult with their financial advisors before buying or selling any securities. Although certain information has been obtained from sources believed to be reliable, we do not guarantee its accuracy, completeness or fairness. Past performance is no guarantee of future results. This content may not be reproduced or distributed to any person in whole or in part without the prior written consent of Magnifi. [As a technology company, Magnifi provides access to tools and will be compensated for providing such access. Magnifi does not provide broker-dealer, custodian, investment advice or related investment services.]