Recent years have seen strong growth in the cybersecurity market, which is expected to continue booming. Now worth about $122.45 billion, cybersecurity is expected to increase about 10% a year through 2021, according to a recent study by MarketsandMarkets. The growth of the industry is driven by a wide array of existing segments that have grown to touch more and more parts of our lives, as well as by completely novel security needs that arise in changing market conditions.
This great diversity within the cybersecurity sector yields a field whose products and services range from authenticating users with facial recognition to evaluating the likelihood that a known vulnerability might be exploited. This is frequently reflected in the breadth of cybersecurity investors’ portfolios, including OurCrowd’s. For example, Fireblade relies on behavioral patterns to identify malicious or unwanted users on web applications. BioCatch offers a similar behavioral-based solution to identify users based on their physical interaction with devices. Companies like Argus make sure that cars, increasingly connected to the internet, are inaccessible to bad actors. Kenna, helps security teams prioritize their response to the vast amounts of cybersecurity warnings and alerts presented to them daily based on perceived relevance to the particular organization and its setup.
Though diverse in their approaches, essentially all companies in the cybersecurity space today – both young and mature – deal with information technology (IT). That is to say that they deal with technology as “lay people” may think of it – PCs, smartphones, the internet and world wide web, software and apps.
Meanwhile, operational technology (OT), which refers to the hardware and software that controls the physical operations in industrial facilities and large machinery, has remained relatively untouched by the $100B+ of products and services sold to secure IT annually. This has left industrial facilities and critical infrastructure facing growing risk of cybercrime and warfare. Here, it is the physical operations of facilities themselves – such as utility companies’ distribution of electricity or water – rather than business or customer information, that must be protected from outside manipulation or disruption. Other examples of operational technology include networks that control transportation systems, such as railway, air and shipping traffic, as well as the manufacturing of food and pharmaceuticals. While such industrial processes have long been controlled partially by computers, the connection of these systems to the internet in recent years has made them vulnerable to cyber-attacks.
The world has seen a growing number of attacks on industrial facilities and infrastructure. 2015 saw more attacks on these systems than ever before, according to a report from Booz Allen Hamilton Inc. About one-third of surveyed companies reported a breach in the previous 12 months, according to the Booz Allen Hamilton report.
Attacks and breaches have targeted OT in various sectors, making it clear that traditional IT-based cybersecurity solutions are not sufficient. For example, in December, 2015, Iranian hackers gained access to information about the water levels, temperature, and status of gates in the Bowman Dam in New York. Later that month, Russian cyber-attacks installed malware on two Ukrainian systems controlling railway and mining operations. In early 2016, malware was discovered on a fuel assembly loading station at a German nuclear power plant, and a Michigan utility had to shut down part of its corporate network to prevent malware from affecting the distribution of water and electricity.
The OT cybersecurity sector is poised for growth as demand increases for services and products to protect industrial systems and networks, in places ranging from manufacturing plants to electric grids.