The Hacking Economy

As cyberthreats increase, big money chases patches

Data breaches in 2014

The year since hackers broke into Target and accessed millions of credit and debit card numbers has been a brutal one for cyberattacks. Next year's threat forecast doesn't look any better.

But for cybersecurity firms and companies offering cyber-insurance, the year has been great. Business is booming and stock prices are shooting upward. Security start-ups are also getting a massive boost in funding.

The year of cyberthreats

The hackers that infiltrated Target's point-of-sale terminals sometime before Black Friday last year were able to steal as many as 70 million credit and debit card records. That, it turns out, was just the beginning.

Read More Selling stolen card info online? That's the least of it

Twenty major U.S. retailers have been breached so far this year, according to data from the security benchmarking company BitSight. According to the Identity Theft Resource Center, there have been a total of 679 breaches spanning the industries listed in the chart below.

Companies across all industries worldwide have reported a total of 42.8 million detected attacks in 2014, according to PwC's Global State of Information Security Survey 2015. That's a 48 percent increase in incidents since last year.

From retailers to financial services, no industry has been safe. But as the cyberthreat landscape has gotten worse, there's been a silver lining of sorts for investors.

A silver lining for investors

Cybersecurity spending is expected to reach $71.1 billion this year (a 7.9 percent increase year over year) and estimated to grow about 8 mpercent annually through 2016, according to Gartner Group.

Read More How to tap the braintrust on cybersecurity

"With the myriad of sophisticated attacks and the ad infinitum game of "cat and mouse" between hackers and security software vendors, we believe a big ramp in cybersecurity spending will continue in the coming years as "cyber warfare" heats up, adding to growth prospects at next-generation security software companies," said Daniel Ives, an analyst at FBR Capital Markets, in a recent note.

Read More Making money with cybersecurity ETF 'HACK'

But there's a shift of sorts that is taking place. Ives said that his checks indicate that IT professionals are moving their investments away from traditional security technologies, like perimeter defenses (like firewalls), and investing more in advanced cyber-protections, like firms that provide big data analytics for security.

Ives said software vendors including Palo Alto Networks, FireEye, Proofpoint and Splunk all appear to be well-positioned (FBR has an 'Outperform rating for these companies) heading into 2015.

Some of these companies already have gotten a boost this year.

Palo Alto Networks share price has increased more than 140 percent in the last 12 months and is up 89 percent year- to-date.

In the last quarter, Palo Alto Network's top line growth trumped its competitors. The company reported revenue of $178.2 million, a 59 percent increase year-over-year.

By comparison, Fortinet increased 25 percent, Cisco grew 1.3 percent and Juniper reported a 5 percent decline.

Cyber start-ups get funding boost

The huge jump in security incidents has also spurred venture capitalists, especially corporate venture arms, to pour money into the cybersecurity start-ups.

Read More Inside a cybersecurity start-up

"The markets react to a market opportunity," said David Burg, PwC's Global and US advisory cybersecurity leader.

"One of the problems is it's hard to secure the enterprise absolutely. So one of the reasons there is a flood of venture capital money into the space is because investors see an opportunity for innovation to solve some of these hard problems that exist out there."

Funding for cybersecurity companies that included corporate participation is already 29 percent higher than in all of 2013 and 129 percent more than in 2012, according to CB Insights.

Intel and Google Ventures are the top two corporate ventures investing in the space.

But even with all the money being invested in these cyberfirms, the influx of young companies means competition is fierce, Burg said.

"There are a flood of new entrants trying to get a foothold," he said. "What we see is venture capital firms evaluating hundreds if not thousands of new ideas, some of them stick, some of them don't."

Cyber insurance boom

The insurance industry is also evolving to meet the demands caused by the increase in cyberthreats.

Read More Cyber insurance becoming more mainstream

Firms are increasingly offering cyber-insurance to provide coverage for costs associated with an attack or security breach. Some of this includes legal and forensic costs, as well as civil fines and losses to a business caused by an attack. There is even coverage to cover the cost of cyber-extortion.

"For the last year the product has practically advertised itself," said Bob Hartwig, the president and economist at the Insurance Information Institute.

"There is no business, no government institution that is immune to cyberattack. And so what we are seeing is an enormous amount of dollars being spent on cybersecurity in 2014."

According to data from the insurance broker Marsh & McLennan, its cyber-insurance sales grew 21 percent from 2012 to 2013 and for the first half of 2014 was double what it was during the same period in 2013.

Hartwig said the market for cyber-insurance continues to grow and is expected to reach as much as $2 billion by the end of this year. While this is just a sliver of the $1.1 trillion that was spent on insurance premiums in 2013, its an area primed for big growth, Hartwig said.

Read MoreWhy cyber-insurance will be the next big thing

"While that is small compared to industry standards—relative to such things like auto insurance or worker's compensationit's a relatively new product. And more importantly it's growth trajectory is growing at a 50 to 60 percent annual clip," he said.

"The demand this year has been particularly intense. Because coming off the Target experience, there have been almost daily reminders of the vulnerability ever since. So more insurers are offering this and more companies are going to buy it."