Skip to main content

Never before has humankind stored so much data. In 2021, the world is estimated to produce 74 zettabytes of data – up from 59 zettabytes in 2020 and 41 zettabytes in 2019. A zettabyte is one trillion gigabytes; the equivalent of one billion computers with 1,000 gigabytes of hard drive storage space. Our species has come a long way considering the first “data” we stored took the form of cave paintings, then printed books. In the last few decades, we have increased our data storage capacity more than in the previous 2,000 years. 

Yet this vast growth in data also brings additional risks. Much of the data is sensitive to security breaches – e.g. personal information, company financials and national security data – particularly through online hacks. This has led to the growth of the information security industry and its subfields such as cybersecurity. In this industry report, our team at Bure Valley Group outlines how this wider industry has grown, where trends could lead in the year ahead and how investors can identify opportunities for their portfolio in this exciting space.


Definition & market cap

Information security is sometimes called InfoSec, and refers to companies and organisations which mitigate information risks by inventing, applying and improving protective measures. Not too long ago, most people understood this to relate mainly to software tools, such as firewalls, which helped stop computer viruses from stealing identities, hacking emails and blackmailing the desktop device owner. They might, also, have vaguely been aware that information security helped governments to stop terrorists stealing state secrets and nuclear codes. 

Today, however, the definition has expanded with the development of new technologies such as smartphones. In 2021, for instance, individuals face risks such as “keyloggers” which install onto a device (e.g. from visiting an insecure website), monitor all of the user’s keystrokes and use the information to hack sensitive applications – such as online banking. Moreover, companies which now largely store their information on the cloud face threats from online data security breaches. For instance, perhaps an employee’s company password is intercepted after they log in via an open network WiFi connection (e.g. in a cafe). 

In short, it has never been easier – or cheaper – to store, access and share data. Yet the other result is that “weak points” have proliferated in digital data storage, requiring companies to offer innovative solutions which help address them. Enter the InfoSec industry. Sometimes equated with the cybersecurity industry (although they are not quite the same, since the latter focuses on online threats), the global market cap is estimated at $179.96bn in 2021 and could reach $372.04bn by 2028 at a 10.9% CAGR.


Common threats

Information security companies must offer solutions to a range of threats to personal, company and state data. Most people today have experienced a software attack of some sort – especially during 2020, when remote working soared due to social distancing measures and cybercrime rose 600%. Common threats in 2021-22 include:

  • Theft of intellectual property (IP), which is a particular problem for many IT businesses.
  • Software attacks such as trojan horses, worms, viruses and phishing attacks.
  • Identity theft – .e.g. Taking your name, date of birth and other personal information to impersonate you (i.e. identity fraud) and open your bank account, order goods in your name and conduct other illegal activity. 
  • Sabotage, such as infecting a company website and crashing it (e.g. to cause a loss in customer confidence).
  • Information extortion. For instance, sensitive company information might be stolen and threatened with public release, unless the perpetrators are paid a sum.
  • Equipment theft – e.g. using technology to hack into a company warehouse and steal valuable items such as machinery.


Responses from companies

Generally, there are three ways to address information security threats: reduction/mitigation, assignment/transfer and acceptance:

  • Reduction/mitigation. Here, measures are taken to reduce the number of weak points in information security and obstruct threats.
  • Assignment/transfer. This involves moving the cost of the threat elsewhere – e.g. a business takes out insurance to compensate customers if their data is compromised.
  • Acceptance. If the cost of protecting certain information is deemed to outweigh the cost of its compromisation, then nothing is done.

Information security companies largely fall into the first category – with some, such as those in the insurance tech (insurtech) industry, focusing on the second. Some examples of the former include both established large-caps and smaller, early-stage companies which are seeking to disrupt the infosec landscape:

  • Microsoft, which not only makes personal computers but also offers security services through its cloud infrastructure & services (Microsoft Security Essentials).
  • McAfee – a large business which focuses its anti-virus and network security products to three industries: financial services, healthcare and the public sector.
  • Clearswift. This UK-based company offers data loss prevention, endpoint protection and web and email security to business clients. 
  • RebellionDefence; a UK-American startup business providing AI-driven products to the departments of defences in both countries. 
  • CybSafe. This London-based startup uses its technology to monitor behaviour patterns within organisations (e.g. the NHS) and identify unusual, potentially harmful activity. The team also collaborates with UCL, the University of Bath and other academic institutions to develop their platform.



If you are interested in expanding your portfolio into these kinds of exciting spheres of investing, then we invite you to get in touch with us here at Bure Valley and to consider joining our exclusive investor network:

+44 160 334 0827

 [email protected]