Israel is at the center of the global cybersecurity ecosystem. Spurred by record funding in 2021, we view Israeli cybersecurity as well-positioned to be a solution that companies and government agencies around the world turn to for support. A series of high-profile attacks has brought cybersecurity to the forefront of the world’s attention in recent years, and the trend is not expected to abate in 2022. Russia’s invasion of Ukraine is the latest example of the growing importance of cybersecurity and its intrinsic relationship with geopolitics. In this piece, we examine Israel’s presence in the industry and three firms in the country adapting to the rising threat of malicious cyber activity.
- Israeli firms have a crucial position in the global cybersecurity ecosystem. The growth of the industry has made Israel into one of the largest centers of cybersecurity innovation in the world.
- Increasing vulnerabilities during the pandemic helped boost funding for Israeli cybersecurity startups to a historic high of $8.8 billion in 2021.1 Roughly a third of the unicorns in cybersecurity around the world were based in Israel in 2021.2
- While potentially long-term trends, like the rise of cloud-computing, are acting as tailwinds for cybersecurity, events in 2022 are putting geopolitical risk as a top of mind concern for governments and businesses alike. The growing awareness of the need for cooperation and investment in the field of cybersecurity should create opportunities for leading Israeli firms.
Pinpointing the Israeli Cybersecurity Cluster
Globally, three geographical regions stand out as the largest clusters of cybersecurity innovation when taking into account factors such as venture capital funding, number of leading firms, human capital, and knowledge spillover effects: the San Francisco Bay Area, Greater Washington D.C., and Israel. The term cluster refers to a “concentrated density of firms within a geographic region” which typically enjoy the benefits of high concentrations of human capital, shared knowledge, and institutional support.3 In the context of cybersecurity or other fields that rely heavily on innovation, the formation of clusters can have a decisively positive effect.
Of these clusters, Israel is second in terms of venture capital funding at $4 billion and percentage of top 150 innovative cybersecurity firms (as compiled by Cybercrime Magazine) at 32%, which underscores Israel’s reputation as a “start-up” nation.4 Tel Aviv is the heart of cybersecurity and the broader tech industry in Israel. However, the inland city of Be’er Sheva is a rapidly growing presence in cybersecurity, in no small part because of a deliberate policy effort to move national cyber units there.5
The rapid ascent of Israel’s cybersecurity can be explained in part by the country’s focus on national defense and government efforts to promote the industry. In 2017, Israel founded a national center of cyber education, which now has 80 nationwide learning centers and 330 staff members.6,7 Between 2011 and 2021, the number of active cybersecurity companies in Israel multiplied, increasing from 162 to 459.8 These companies include Check Point and CyberArk, two global cybersecurity giants with a combined market capitalization of over $20 billion as of April 2022.9
As the chart below indicates, the national commitment to cybersecurity has Israeli cyber firms positioned to maintain a higher level of revenue growth compared to other major countries, such as the United States, Japan, and the United Kingdom.
Notes: Data shown is using current exchange rates as of March 2022. Data shown does not yet reflect market impacts of Russia-Ukraine war, we are currently working on an update.
Incidents Mount, 2021 a Record Year for Cyber Funding in Israel
As the COVID pandemic left companies with no choice but to accept the new normal of the work-from-home environment, newly exposed vulnerabilities and often neglected cybersecurity best practices became a source of consternation around the world. That consternation persisted into 2021 as the Delta and Omicron variants became stumbling blocks to economies reopening. At the same time, a number of high profile cyberattacks drew the world’s attention, including the Colonial Pipeline ransomware attack in the United States. Israel wasn’t spared either, where multiple cyber incidents were identified.
In March 2021, the perpetrators of the December 2020 phishing campaign aimed at Israeli and American medical researchers were identified as the Iran-based TA453.10 In October 2021, a ransomware attack on Hillel Yaffe Medical Center in Hadera, Israel brought the hospital’s systems offline, forcing doctors to use pen and paper for recordkeeping for over a day.11,12 Also, the Israeli-based cybersecurity firm NSO Group received global scrutiny. A number of authoritarian governments around the world used the company’s surveillance software, Pegasus, to hack into iPhone and Android devices of human rights activists, journalists, and lawyers.13
The net effect of these events likely contributed to a record-breaking year for cybersecurity funding in Israel. Israel’s cybersecurity sector amassed $8.84 billion in funding during 2021, presenting an over three-fold increase in comparison to 2020’s $2.75 billion.14 Globally, 40% of private investments in cyber funding rounds went to Israel in 2021, which is remarkable considering the relatively small size of the country.15
The massive inflow of funds into Israeli cybersecurity in 2021 contributed to the emergence of 11 new cyber unicorns, defined as startups with a market value of over $1 billion. To put this growth into perspective, as of 2021, 33% of cyber unicorns around the world were in Israel.16
Cyber Awareness, Cooperation Rising Alongside Geopolitical Risks
Prior to Russia’s invasion of Ukraine in February, all signs pointed towards more cyber risks in 2022. The invasion set an anxious tone for the year and underscored how geopolitical tensions correlate with rising fear of cyberattacks. Ukraine was the second most targeted country for cyberattacks behind the United States between July 2020 and June 2021, potentially foreshadowing the invasion in 2022.17
With the overwhelming focus of cyberattacks on government institutions, NGOs, and think tanks, governments are upping the ante on cybersecurity spending. For example, in the United States, the Biden administration is proposing $2.5 billion for the Cybersecurity and Infrastructure Security Agency (CISA) in 2023, a $500 million increase from 2022, and Australia is spending $10 billion to double the size of its Australian Signal Directorate.18,19 Meanwhile, France is working to build Campus Cyber, a state-funded cybersecurity innovation center that is modeled on Israel’s CyberSpark center in Be’er Sheva.20
Given that cyber exports from Israel reached $11 billion in 2021, up from $6.9 billion in 2020, Israel could stand to benefit from these efforts around the world.21 As an example, roughly 20% of Australia’s IT security imports are from Israel, as of August 2021.22
Perhaps just as important as the increase in spending by individual governments is the increased awareness that cybersecurity requires a cooperative effort. As a cybersecurity powerhouse, Israeli firms are in a position to play a leadership role in that effort. In December 2021, the Israeli Ministry of Finance led the International Monetary Fund (IMF) and 10 other participating countries in testing their capabilities against a simulated attack on the global financial system in a first-of-its-kind cyber “wargame.”23 The signing of an agreement between Israel and the United States in March 2022 to bolster cybersecurity cooperation, which includes plans to engage with private sector companies, is another sign of this trend.24
Also, the annual Cybertech Global Conference in Tel Aviv is the world’s largest cybersecurity conference outside of the United States, regularly attracting participants from leading firms, up and coming startups, investors, and governments. Held in March, this year’s conference showcased the role of Israeli firms in cooperative cybersecurity efforts. Prime Minister Bennett highlighted the slew of cooperative agreements that Israel has signed with other countries.
Three Israeli Cybersecurity Firms Responding to Growing Threats
The combination of the pandemic and swelling geopolitical risks makes 2022 a unique year, while attacks continue to become more and more sophisticated. Below, we highlight the major initiatives three well-established Israeli firms are taking in 2022. The geographically diversified revenue streams of these firms could become an advantage in the current environment as global demand rises.
Check Point: Pivoting to Focus on Gen V attacks
Founded in 1993, Check Point is one of the most influential tech companies in Israel. Check Point established itself by becoming a pioneer in firewall technology, controlling a 40% share of the worldwide firewall market by 1996.25 Early this year, Check Point revealed its plans for a shift in strategy in 2022. The strategy emphasizes the rising threats posed by Gen V attacks, which are large-scale multi-vector attacks that can quickly infect a large number of targets across geographical regions.26 Check Point sees AI technology as a crucial tool in countering Gen V attacks and believes its partnership with the chipmaker Nvidia positions it well to use cutting-edge AI technology to thwart these threats.27
CyberArk: Move to Subscription-Based Service Nearly Complete
CyberArk was founded in 1999 with a solution for the problem of IT administrators having access to all of a network’s data without a robust structure in place to supervise them.28 The privileged access management (PAM) concept was the foundation upon which CyberArk was built, and it remains integral to the company’s operations today. One of CyberArk’s most notable achievements was its 2016 launch of the C3 Alliance, which now has more than 100 members, including Amazon Web Services, McAfee, and Check Point.29 Members of the alliance work together to implement privileged accounts solutions.
In recent years, CyberArk, one of the largest Israeli cybersecurity firms with a market capitalization of $6.4 billion as of April 2022, has been transitioning its business model away from perpetual software licenses towards subscription-based service.30 The subscription-based service model effectively transfers the burden of convoluted cyber infrastructure from customers to CyberArk, and that could be a much-needed solution as demand for cybersecurity services rises despite a shortage of skilled workers in the field. CyberArk aims to complete its transition to an 85% subscription and bookings mix by Q2 2022.31 As of the end of Q4 2021, its subscription and bookings mix was 71%, compared to 35% in Q4 2020.32
Radware: Initiatives to Boost Cloud Security Begin to Materialize
Radware has become a leading data center security provider since it was founded in 1997. In 2022, Radware’s focus is the rapidly emerging opportunities in cloud security. The company’s strategy includes acquiring the business of SecurityDAM, a distributed denial-of-service (DDoS) protection services provider. Radware is also establishing cloud security research and development centers in India, expanding the cloud service capacity of its global delivery network, and adding cloud centers in major cities around the world.33 The launch of Radware’s cloud security platform, SecurePath, is also a key part of the company’s 2022 strategy.34
Israel’s Cybersecurity industry made significant gains in 2021, adding to its strength. In our view, the industry is well-positioned to solidify and build upon those gains in 2022. While a new cohort of unicorns works with a record amount of funding raised in 2021, well-established Israeli firms are readjusting to the changing landscape in 2022. We believe investors may find compelling opportunities to capture the growth of a global industry critical to protecting the most important information governments and companies possess. And they may find many such opportunities based in Israel.
BUG: The Global X Cybersecurity ETF seeks to invest in companies that stand to potentially benefit from the increased adoption of cybersecurity technology, such as those whose principal business is in the development and management of security protocols preventing intrusion and attacks to systems, networks, applications, computers, and mobile devices.
Click the fund name above to view the fund’s current holdings. Holdings subject to change. Current and future holdings subject to risk.