Information security (also called InfoSec) is the process of managing risks to information and data. It involves protecting against unauthorised activity such as modification, recording and destruction. Cybersecurity is often thought of as a synonym for InfoSec, yet the latter is an umbrella term referring to data protection across all mediums. Cybersecurity focuses on data protection in cyberspace. “Network security” is a further cybersecurity subset protecting an organisation’s IT infrastructure from online threats. Below, we describe the InfoSec market landscape in 2023, the key players and notable rising stars, opportunities, risks and trends for investors to consider.
InfoSec: market overview
Most researcher attention in 2023 is focused on cybersecurity which stood at a global market capitalisation of $197.36 billion in 2020. This is projected to reach $478.68 billion by 2030, growing at a 9.5% compound annual growth rate. InfoSec can take many different forms, making it difficult to fully categorise. The following are the most common types:
- Cloud security. This type is focused on building and security cloud-based apps.
- Infrastructure security. Dedicated to securing and safeguarding intranet and extranet networks.
- Application security. This stops and blocks vulnerabilities and data breaches from affecting applications (e.g. using firewalls).
- Cryptography. Securing data, both at rest and in transit, through encryption.
- Incident response. Solutions which identify, contain and recover from security breaches.
- Vulnerability management. Patching and reconfiguring of operating systems and applications as weak points are identified.
Key players and trends
There is often a lot of cross-over with the aforementioned types of InfoSec, with companies often offering two or more of them to users. Some of the biggest names in the space include familiar brands like CISCO, McAfee, IBM, Microsoft and Amazon. Unlike cloud computing, however, the global market is fairly diversified. Cisco, Palo Alto Networks and Fortinet are the leading providers in 2023 and together comprise 22.8% of global market share.
Increasingly, InfoSec is being taught in primary schools such as the need for strong passwords and not clicking on suspicious ads or links in private messages. Rather than trying to create a world of online “fortresses” where perfect InfoSec is achieved and users live without fear, the focus is moving towards acceptance of ongoing information risk and improving resilience and recovery solutions. In November 2022, the EU updated its laws to boost cybersecurity investment and unify member states’ cybersecurity efforts into a single framework. This will help move members to an EU-wide certification process for products, facilitating operational cooperation and crisis management across jurisdictions.
Opportunities & risks
As mentioned, information security threats are increasingly recognised as a matter of “when”, not “if”. This creates a great opportunity for companies offering threat detection and response tools like endpoint detection and response (EDR). Also, those which analyse historical data using artificial intelligence and machine learning, finding strange patterns to detect and block advanced threats. These solutions are often called extended detection and response (XDR) and managed detection and response (MDR), with demand expected to soar in the coming years.
Third-party risk management demand is also projected to rise. One vulnerability faced by many businesses in 2023 is their supply chain. Here, smaller organisations may have access to the same information as the large company, but with lower InfoSec protections. Gartner predicts a threefold rise in attacks on supply chain companies by 2025, with 45% of total companies potentially to be victims. As more businesses recognise these third-party information risks, demand for InfoSec is likely to rise.
One of the biggest risks to InfoSec is the potential for worsening trust online, potentially undermining offline institutions and relationships. Artificial intelligence (AI) and machine learning (ML), in particular, can be seen as a double-edged sword. Whilst they are spurring innovation at a rapid pace, they could also open new cybercrime risks (e.g. ML teaching itself to achieve malicious goals). Internet “fragmentation” is also an issue – e.g. rogue states isolating from other parts of the world wide web, creating a “wild west” of disinformation and surveillance. There is also uncertainty about whether the metaverse will materialise and, if it does, what form it might take. Here, the biggest danger is the proliferation of “passive consumers” who use it to escape from the real world.
InfoSec companies in the UK
With so many “weak points” remaining in information systems around the world, the marketplace is ripe for new entrants to offer innovative solutions to offer specialised resilience and recovery solutions. Here are some top UK InfoSec startups to explore in 2023:
- RiverSafe. This Northamptonshire-based tech startup offers a unique take on data security, working with the likes of Vodafone, Sky and BP.
- Dot Origin. A leading supplier of identity, security and proximity solutions based in Goldaming. The company provides smartcard and other hardware-based security products, as well as RFID, NFC and Bluetooth communications.
- RevEng.ai. A deep AI framework for analysing binary computer programs. This company helps businesses identify supply chain security risks and uses AI to build a proactive cyber defence “shield”.
- Searchlight Cyber. This interesting business pre-empts and prevents cyberattacks with actionable dark web intelligence. The company has been adopted by law enforcement agencies to deal with hostile intelligence, organised crime and human trafficking.
If you are interested in expanding your portfolio into these kinds of exciting spheres of investing, then we invite you to get in touch with us here at Bure Valley and to consider joining our exclusive investor network:
+44 160 334 0827