Ransomware Attacks May Accelerate Security Software Transformation

By Matthew Hedberg
RBC Capital Markets, LLC
Published May 21, 2021 | 2 min read

The ransomware attack against the Colonial Pipeline and other high-profile breaches may force organizations to swiftly re-evaluate their network security infrastructures. Our Software Research Analyst Matthew Hedberg explores how this transformation may impact the security software sector in his research report “Security Software Implications from the Colonial Pipeline Ransomware Incident,” published on May 10, 2021.

Disclosures and Disclaimers


The cyberattack against the Colonial Pipeline is the latest in a long line of high-profile breaches in the energy sector. Although the ransomware incident did not spread to Colonial’s operational network, it crippled a critical gasoline pipeline that supplies nearly 45% of the East Coast’s fuel supply.

This breach is a stark example of how professional-scale hack-for-ransom threats are spreading rapidly, creating more severe implications for supply chains and our national security.

We break down three key implications that these threats will have on the security software sector.

1. Cyberattacks underscore the need for software security transformation

The Cybersecurity & Infrastructure Security Agency (CISA), a unit of the Department of Homeland Security, has issued security advisories for energy as well as several other critical infrastructure sectors.

We expect the rise in cyberattacks on this sector will drive more federal actions and funding, as President Biden termed cybersecurity a “top priority” for his administration with $650M of the recent $1.9T COVID-19 relief package dedicated to the CISA.

It will likely also force the public and private sector to re-evaluate and potentially increase cybersecurity spending, which may result in a corresponding security software transformation.

2. Energy sector may accelerate cloud computing adoption

In our RBC Imagine Research Report Faster to the Future: Thinking through the Evolving Security Software Landscape, we envisioned a security stack that would be essential to all security transformations by 2025.

We believe ransomware attacks such as the one at Colonial could push the energy sector among others to more rapidly adopt components of this stack, which include cloud security/application access and security, identity, workload protection, and security monitoring/workloads. Security software vendors may be best positioned to benefit from and consolidate legacy security spend due to breaches.

3. Increased cybersecurity spend may increase M&A activity

We expect an increased focus around securing critical public and private assets could push Big Tech to prioritize cybersecurity spend, potentially increasing M&A activity in this sector.

Focus on security transformation may accelerate IT spend

Although it may seem like most organizations have already reevaluated their network security systems to accommodate the pandemic-led surge in remote work, many are still behind on fully securing networks for the anticipated rise in ransomware attacks. We expect the increase in cyberactivity, particularly in critical infrastructure areas, will significantly change the landscape. Our research suggests a heightened public/private focus on security transformation, which should accelerate IT spending and cloud infrastructure management.

Matthew Hedberg authored “Security Software Implications from the Colonial Pipeline Ransomware Incident,” published on May 10, 2021. For more information about the full report, please contact your RBC representative.


Matthew Hedberg

Matthew Hedberg
Software Equity Research Analyst
RBC Capital Markets, LLC


EnergySoftwareTechnology