Cyberattacks Mean Big Business for Small Security Firms

Cybercriminals aren't the only ones cashing in on espionage and hacking attacks. There's a slew of smaller security software companies that are also poised to rake in profits as cyberthreats mount.

With cyberattacks continuing to bombard government agencies and companies, there's growing pressure to spend more on securing the networks and platforms where valuable information lives. And this bodes well for security companies—small as well as large, experts say.

"There is a huge amount of runway for security software companies to sell their technology to enterprises around the world to guard against hackers and protect loss of data that could be devastating to companies," said Daniel Ives, an analyst at FBR Capital Markets.

(Read More: Threat of 'Spectacular' Cyberattack Looms: Official)

In fact, only 15 to 20 percent of all private enterprise and federal agencies combined have upgraded their security to the level needed to keep up with the current state of threats, Ives said, which makes it a ripe market for investing.

"I think part of what's happened is there's much more sophisticated types of security out there now that could guard against the threat environment and it's brought security software to the top of IT spending lists," he said. "You can't put security spending into the closet anymore."

(Read More: 10 Ways Companies Get Hacked)

Companies that are focused on network security are some of the best plays in the space, he said.

Some high growth security software companies that have carved out solid segments in the sector include Palo Alto Networks, Fortinet and Sourcefire, said Ives, who has a buy rating on those stocks.

"Those three," he said, "have separated themselves from the pack. They are focused on network security, and a good proportion of spending is on the network."

Other companies that are also likely to get a boost are Imperva and Proofpoint, he said.

One of the biggest spenders on securing valuable data on networks is the U.S. government.

(Read More: US Charges Eight in $45 Million Cybercrime Scheme)

While U.S. budget cuts continue to stifle federal spending in many departments, the Defense Department is actually planning to ramp up its cybersecurity spending both defensively and offensively. The Pentagon increased its cyber-operations budget to $4.7 billion for 2014, up from $3.7 billion this year, according to budget documents.

"There's more potential data being lost in this country than we saw throughout the whole Cold War. It may not be physical, you may not be able to see it, but the amount of data being taken is the equivalent of cargo ships docking on our shore and leaving with our goods," Ives said.

(Read More: Inside a Cyber War Room: The Fight Against Hacking)

Columbia, Md.-based Sourcefire, which was founded in 2001 and went public in 2007, is one of the companies that will benefit the most from federal spending, Ives said.

"They really skated to where the puck was going. Federal spending was under pressure," he said. "But what was once a headwind has become a strong tailwind for the company."

But it's not just the government ramping up spending, companies across all sectors are boosting their investments in security, said Jason Brvenik, vice president of security strategy at the security firm Sourcefire.

"The reality is no one is safe anymore," Brvenik said. "If you are a company and you have something valuable, they are going to come after you persistently."

One area where fighting cyberattacks will be very profitable is in protecting critical infrastructure—like the electrical grid, water systems and nuclear plants—said Stuart Carlaw, the chief research officer at ABI Research.

Total global spending on security infrastructure is expected to reach $86 billion by 2016, up from an estimated $65.7 billion this year, according to the Gartner technology firm. And securing electrical grids alone from cyberattacks will be a $2.9 billion market by the end of this year, according to ABI Research.

"It really is the wild west, that is the fundamental thing," Carlaw said. "Everyone says the next world war will be a cyber one, but we are already fighting the next world war."

Sourcefire is also one of the biggest players in securing critical systems, as well as a handful of defense contractors—including Lockheed Martin and Northrup Grumman—and other networking companies like Cisco, that also play in this sector, Ives said.