 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. Despite the more than $100 billion spent each year fighting cybercrime, when we do an end of the year look back and ask, how'd we do? The answer is invariably the same. Worse than last year. Pre-pandemic, the picture was disheartening, but since March of 2020, the situation has only worsened as cyber criminals have become increasingly sophisticated, better funded, and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side, of course, is that markets continue to value cybersecurity firms at significant premiums, because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from Enterprise Technology Research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CISOs. This latest ETR survey once again asked IT buyers to rank their top priorities for the next 12 months. Now in the last three polling periods, dating back to last March, cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives and it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade, many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS Meat Company hack, they paid $11 million CWT travel, paid $5 million, the disruption from the Colonial Pipeline Company was widely reported. They paid more than $4 million as did Brentag, the chemical company. The NBA got hit, computer makers Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021, up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomwareist today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like dark side, evil, the cobalt crime gang, wizard spider, the Lazarus gang and numerous others. Criminals, they have negotiation services as most typically the attackers, they'll demand a specific amount of money, but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware, supply chain attacks like the SolarWinds hack, hit organizations within the US government and companies like Minecast this year. Now, while these attacks often do end up in a ransom situation, the attackers sometimes find it more lucrative to live off the land in stealth fashion and exfiltrate sensitive data that can be sold or in the case of many financial institution attacks, they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course, phishing remains one of the most prominent threats, only escalated by the work from home trend as users bring their own devices and of course, home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Spicer. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day. His company, Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now, Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds, so very timely. So watch that company, they're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years and you can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020, right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we like to show this slide from Optiv. It's their security taxonomy, it'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link at our post so you can stare at this. We've used this chart before. It's pretty good, it's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the data set on the horizontal axis. That's a measure of mentioned share, if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see there are a lot of companies that in this map, first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study. Cisco and Splunk are also quite prominent. They don't have as much spending momentum but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Auth0, all companies that we've extensively covered in previous Breaking Analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis? You see that in the left-hand side up high. They're becoming more and more competitive to Splunk in this space as an alternative. And lines are blurring between observability, log analytics, security, and as we previously reported, even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same XY view, same data construct and framework, but we required more than 100 responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. You know, it's perhaps a bit less crowded but it's still very packed, isn't it? You can see firms that are less prominent in the space, like Datadog fell off. The big companies we mentioned, obviously still prominent, Microsoft, Palo Alto, Cisco, and Splunk. And then those with real momentum, they stand out a little bit. They're somewhat smaller, but they're gaining traction in the market as we felt they would. Okta and Auth0, which Okta acquired, as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, Cybroc, which does identity and competition with Okta, and Sentinel-1, which went public mid this year. The company, Sentinel-1 uses AI to do threat detection and has been doing quite well. SailPoint and ProofPoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business, but they're not in the chart specifically. But you see Microsoft is because much of AWS' security is built into services. Amazon customers heavily rely on the Amazon ecosystem, which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies, you see right there like Juniper in the bottom there and in the ETR data set and players like VMware in the middle of the pack, they've been really acquisitive, for example, with Carbon Black. And of course you got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data. It's in the raw form, but it'll give you a sense of two things. One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data list, the top companies in the ETR data set are sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions, which is shown on the left hand side of the chart as shared in, i.e. that's shared accounts in the data set. And you can track the data from last October, July of this year and the most recent October 2021 survey. So we again drew that red line just about at the 40% net score market. Coincidentally, there are 10 companies that are over that figure, over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 in spending momentum and the top in prominence are shared in in the data set. So some of these 10 would fit into that profile by that methodology, specifically Microsoft, Octa, CrowdStrike and Palo Alto networks. They would be the four star companies. Now, a couple of other things to point out here. DDoS attacks, they're still relevant and they're real threat. So a company like Cloudflare, which is just above that red line, they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk, for example, they're major players in the security space with very strong offerings in customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. Yeah, it's not like the high-end disk array market where literally every vendor in the Gartner Magic Quadrant is up in the right, okay? And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub-segments and it's such a vital space. There's so many holes to fill with an ever-changing threat landscape as we've seen in the last two years. So this is in part, which makes it such a good market for investors. There's a lot of room for growth. And not just from stealing market share, that's certainly an opportunity there, but things like cloud, multi-cloud, shifting endpoints, the edge and so forth to make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure place security firms to see how their stock performance has done recently. So you can see that here. I know it's a little hard to read, but it's not hard to see that the Locta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here starting at the lockdown last year. The only exception is Sentinel-1, which IPO'd mid this year. So that's the point March, 2020, when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CISOs. No longer are organizations just spending on hardening a perimeter. That perimeter has been blown away. The network is flattening. Work is what you do. It's no longer a place. As such, threats are on the rise and cloud, endpoint security, identity access tools, they've become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging, the entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of inbounds this time of the year because we do an annual predictions post. So folks, they want to help us out. So now most of the inbounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like, were you right or were you wrong? So for the most part, I like predictions that are binary. For example, last December, we predicted that IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound, but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think the market's going to actually grow spending's going to grow more like 7% this year. Not to worry. Plenty of our predictions came true, but we'll leave that for another day. At any rate, I got an email from Dean Fisk of Fisk Partners. It's a PR firm representing an individual named Lyndon Brown, his chief strategy officer of a ponderance. Ponderance is a security consultancy. And the email had the standard. Hey, in case you're working on a predictions post this year and blah, blah, blah. But instead of sharing with me a bunch of non predictions, the note said, here are some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call on a couple of the comments from Lyndon Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat. I'll share that the United Nations reports cyber crime is up 600% due to the pandemic, as if I couldn't feel worse already. His first point though, was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. We actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight. And many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now, the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where cyber criminals have had their critical infrastructure dismantled by governments. No doubt the U.S. government has the capabilities to do so and is very much focused on this issue. But it's tricky. Robert Gates, who's the former Defense Secretary, told me a few years back in the Cube. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful. But Lyndon's key point was, you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude. Again, it's tricky, kind of like the Patriot Act was tricky, but it's coming. Now, another call out from Lyndon Al-Share is assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters that are on the rise and when there's chaos, there's cash opportunities for criminals. And I'll add to this, that the supply chain risk is far from over. This is going to be a continuing theme this coming year and beyond. And one of the things that Lyndon Brown said and has note to me is essentially, you can't take humans out of the equation. Automation alone can't solve the problem. But some companies operate as though they can. Just as bad human behavior can trump good security, good human education and behavior is going to be a key weapon in this endless war. Now, the last point is, we're going to see continued escalation. Government crackdowns are going to bring retaliation and to Gates's point, the US has a lot at stake. So expect insurance premiums are going to go to the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively, but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay, that's a wrap for today. Remember these episodes, they're all available as podcasts wherever you listen. Just search, breaking analysis podcast. Check out ETR's website at ETR.plus. We also publish a full report every week on wikibon.com and siliconangle.com. You can get in touch, email me at david.volante at siliconangle.com or you can DM me at dvolante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights, powered by ETR. Have a great week, everybody. Stay safe, be well, and we'll see you next time.