Cybersecurity is a top concern for advisory firms and businesses in general, which opens up investing opportunities in companies that are good at building defenses against hacker attacks, according to Pedro Palandrani, research analyst at Global X, a New York City-based financial services firm that specializes in ETFs.

More companies are pouring money into cyber defense tools, increasing the worth of firms that develop effective products, he said. Corporate spending on cybersecurity is projected to increase from approximately $125 billion in 2020 to $175 billion by 2024, with much of that expense going to conversions to cloud networks, he added.

Global X feels four companies that will benefit from the increased spending are CrowdStrike (CRWD), an endpoint protection platform firm based in Sunnyvale, Calif.; Zscaler (ZS), a cloud-native platform that offers secure web gateways based in San Jose, Calif.; Okta (OKTA), a key player in the identity access management vertical based in San Francisco; and Mimecast (MIME), a top provider of solutions that detect and block suspicious emails based in London.

The rise of these and other cyber defense companies has resulted from such things as the May 7 shutdown of the Colonial Pipeline following a cyberattack on the company's computer systems, which raised gasoline prices in the Northeast; and the JBS meat processing hacker attack earlier this month that prompted the company to pay out $11 million in ransom. It is estimated that more than 380 million individuals had their data compromised in 2020.

“We see clearly that cyberattacks grab headlines, but they also grab budgets,” Palandrani said, which is why cybersecurity is a good investment area. The future of cyber defense companies also has been boosted by the fact that President Biden recently signed an executive order prioritizing upgrading the nation’s cyber defenses.

“The growing number of cyberattacks and their potential implications for sectors and governments worldwide makes cybersecurity tools indispensable for organizations to operate securely across multiple business functions,” Palandrani said in a recent blog.

CrowdStrike provides protection to help customers secure end-user devices such as mobile devices, laptops and servers. It uses a cloud-based solution that is software based that works continuously to detect and analyze threats, the analyst said.

Zscaler also is a 100% cloud-based cybersecurity platform. The firm’s Secure Web Gateways solutions primarily focus on giving customers secure access to internally managed applications, like corporate emails. It also provides solutions for external applications, like customer relationship management software. The platform prevents unsecured traffic from entering an internal network through external web applications, he said.

Okta is a cybersecurity company in the identity access management space, which focuses on enabling the right individuals and employees to access the right resources at the right times for the right reasons. “Multifactor authentication, application programming interface access management, and single sign-on are a few identity solutions that companies increasingly leverage to ensure the right users are authorized to access different applications, Palandrani said. With employees working from multiple locations and connecting from different devices, the platform lets IT departments monitor who is accessing specific apps at a given time.

The final entry in the cybersecurity defense space, according to Palandrani, is Mimecast, “a top player in probably the best-known type of cybersecurity space, secure email gateways. Ninety-five percent of cyberattacks leverage email, making it the preferred channel for opportunistic and targeted attacks.” There are upwards of a billion business users of email worldwide and Mimecast has roughly 15 million users, or 1.5% of the global market.

Global X offers the Global X Cybersecurity ETF that invests in companies that could benefit from the increased adoption of cybersecurity technology. Companies include those whose principal business involves the developing and managing security protocols to prevent intrusion and attacks on systems, networks, applications, computers and mobile devices.