Skip to Content

The one good thing about cyberattacks

FORTUNE — The normally humdrum world of IT security is heating up, and not just because of comedian Stephen Colbert’s controversial closing keynote at last week’s RSA Conference.

Why? As the number of large-scale cyberattacks grows, so does the number of innovative startups developing new solutions to thwart those attacks. Venture capitalists are taking notice: In 2013, they made a total 123 investments in security-focused companies, up 108% from the year before, according to research from AGC Partners.

Then there are the recent exits, like FireEye’s (FEYE) $1 billion acquisition of computer forensics firm Mandiant and VMware’s (VMW) bid to buy mobile security player AirWatch for $1.5 billion. The IPO market is also healthy, with newly public security companies like Palo Alto Networks (PAN), Proofpoint (PFPT), and Barracuda Networks (CUDA) all showing steady if not stellar growth since their debut. In short, it would appear that the recent spate of cyberattacks has been good to the security industry.

“The security market is incredibly interesting,” says Shardul Shah, a partner with venture capital firm Index Ventures. “What’s happening today is data is residing in new locations — like the cloud and mobile devices. This is really a change in computing, and it’s presenting new opportunities [in security].”

MORE: Check Point president: Firewalls aren’t enough

Shah’s firm has invested in security startups like Lookout and a still-stealth company called Niara. That said, starting a new security company isn’t as easy as, say, launching a mobile app or social media tool. Many security entrepreneurs have already spent years working in the sector, dealing with security-related issues for larger vendors or various branches of government. And they aren’t necessarily Ivy League dropouts in their 20s — more like fully graduated executives in their 30s or 40s.

At last week’s RSA Conference in San Francisco, Index Ventures’ Shah says he met with about 40 companies seeking investment. (Over 30,000 people attended the confab.) Larger incumbents are taking notice of the increased interest — and competition — in the security space. Last year Cisco Systems (CSCO) snapped up security software provider Sourcefire for a whopping $2.7 billion, and this week the networking giant unveiled its strategy for integrating the smaller company’s technology. For starters, it is adding Sourcefire’s malware protection capabilities into its email and web security appliances. It’s also open-sourcing some of its software, allowing users to “create, share, and implement custom application detection.”

“Before Sourcefire we weren’t doing a ton in the open source community on the security side,” says Christopher Young, SVP of Cisco’s security group. “Now we’re investing heavily in that.”

MORE: Juniper SVP to Silicon Valley: Get ready for WWIII

Cisco isn’t embracing open source for the sake of the larger community. Rather, it’s trying to weave in newer technologies and platforms in an effort to beef up and legitimize its own product portfolio. The fact is, as the sophistication and breadth of cyberattacks has grown, the old tools — antivirus software and firewalls — are no longer sufficient. But evolving along with the “bad guys” is harder for larger companies than for new upstarts. That’s why it’s likely Cisco and its equally deep-pocketed peers are eyeing additional security acquisitions in the coming months and years.

With such consolidation, innovation (on the part of both the good guys and the bad guys), and competition, it’s likely investments in security startups will grow even more in 2014. Another perk to the growth in cyberattacks? The RSA conference is a lot less boring — and more controversial — than in the past.