INTEGRATIVE INSIGHTS
ON EMERGING OPPORTUNITIES

Integrative research means our extensive company research informs every thesis and perspective. The result is deep industry knowledge, expertise, and trend insights that yield valuable results for our partners and clients.

About the Author:
Howard Smith
Managing Director
Howard Smith has nearly three decades of experience at First Analysis, working with entrepreneurs as an investor and as an advisor on growth transactions to help build leading technology businesses. He leads the firm’s work in the Internet of Things, cybersecurity, and internet infrastructure sectors. He also built the firm's historical franchises in call centers and computer telephony. His thought-leading research in these areas has been cited for excellence by the Wall Street Journal and other publications. He serves on the boards of AppDetex, Fortress Information Security, SmartWitness, VisiQuate and ObervIQ. Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA with honors from the University of Chicago and a bachelor’s degree in accounting with highest honors from the University of Illinois at Urbana-Champaign. He is a certified public accountant.
First Analysis Cybersecurity Team
Howard Smith
Managing Director
Matthew Nicklin
Managing Director
First Analysis Quarterly Insights
Cybersecurity
Signs of notable change in federal cybersecurity posture; who stands to benefit?
September 30, 2021
  • The U.S. federal government has generated a flurry of orders, pronouncements and guidelines over the past year aimed at helping government entities and the private sector deal with an increasing number of high-profile cyberattacks.
  • The words are remarkably similar to what policy makers have written over the past 25 years. Most would say these policies led to actions that fell well short of their goals.
  • Skeptics say this time will be no different, but we see several signs the current measures will create sustained momentum toward a meaningfully improved cybersecurity posture.
  • We think prospects for this change bode well for companies that can tap into spending by the U.S. federal government as well as those that serve companies that supply and partner with the government, and we highlight some of the potential winners and losers from such a change.

TABLE OF CONTENTS

Includes discussion of AVGO, CRWD, CSCO, FTNT, IBM, MSFT, PANW, PLTR, TENB, ZS and five private companies

Flurry of federal initiatives the latest in a series dating to the 1990s

Why this time is different

Opportunities for technology companies

The factors above are tailwinds even without federal pressures

Cybersecurity index widens its lead over Nasdaq, S&P 500

Q3 cybersecurity M&A pace in line with recent quarters

Q3 cybersecurity private placements slow

Flurry of federal initiatives the latest in a series dating to the 1990s

The U.S. federal government has generated a flurry of orders, pronouncements and guidelines over the past year aimed at helping government entities and the private sector deal with an increasing number of high-profile cyberattacks on a variety of assets, including critical infrastructure. The most prominent measure is Executive Order 14208, signed by President Biden on May 12, which has eight major provisions and directs several agencies to take specific actions by specific dates. While this measure is more specific and prescriptive in some areas relative to past measures (and as the headlines of the sections indicate, quite broad in scope), overall, the order is remarkably similar to numerous other executive orders on cybersecurity we’ve seen since the advent of the internet, starting with Executive Order 13010 in 1996 by President Clinton and running through orders issued by presidents Bush, Obama and Trump, a sample of which are shown in Table 2.

With each order, organizations that track cybersecurity risks hoped the government was finally waking up to the magnitude of the problem and taking definitive action to protect itself. These measures were greeted with enthusiasm by cybersecurity companies hoping to gain business from increased federal initiatives and directives. But while the government and society are no doubt marginally more secure because of these efforts, most would say they fell well short of their promise. Bureaucracy hindered implementation while technology advanced quickly, leaving overall cybersecurity risk as great as ever.

To access the full report, please provide your contact information in the form below. A First Analysis representative will follow up with you shortly. Thanks for your interest in First Analysis research.
First Name required!
Last Name required!
Email required!
Industry required!
Unfortunately, your request to access the complete report has failed.

Please check the contact information you have entered.

If the form submission failure persists, please contact Person at (xxx) xxx-xxxx to handle your request. Thank you.
©2021 by First Analysis Corporation.
One South Wacker Drive
  ·  
Suite 3900
  ·  
Chicago, IL 60606
  ·  
312-258-1400