fb-pixelWith cyberattacks on the rise, Boston security firms are growing - The Boston Globe Skip to main content

With cyberattacks on the rise, Boston security firms are growing

Corey Thomas, president and chief executive of Rapid7, in the company's offices in 2015.Lane Turner/Globe Staff

As cyberattacks skyrocket across the globe, business is booming for Massachusetts information-security firms, and the flow of money is cementing the state’s status as a leader in cybersecurity.

The trend is no surprise, according to local investors and cybersecurity executives. High-profile breaches have captured the world’s attention, and companies are rushing to find solutions to protect their data and networks.

In the Boston area, which has created a thriving ecosystem for cybersecurity companies, that has translated into a stream of positive financial news. Rapid7, the Boston-based cybersecurity firm, on Wednesday announced it brought in $126.4 million in second-quarter revenue, a 28 percent increase over the same period last year. BitSight, a security ratings company based in the city, said this week its revenue increased 67 percent in the first half of 2021, compared to the same period last year.


“Accelerated investment in digital transformation is turning every company into a technology company,” Corey Thomas, the chief executive of Rapid7, said in the company’s earnings call, “[prompting] an explosion in the surface area that customers must monitor and protect.”

Meanwhile, Cybereason, a threat intelligence company headquartered in Back Bay, raised $275 million in funding last month from a venture capital firm started by former president Donald Trump’s treasury secretary Steven T. Mnuchin, upping its valuation roughly three-fold to $3 billion. And Transmit Security, an artificial intelligence-driven cyber firm in the city, raised $543 million in June, making it one of Boston’s newest cybersecurity “unicorns,” valued at around $2.2 billion.

The growth in business and funding comes amid a sharp rise in high-profile, costly cyberattacks that have plagued government systems and large corporate networks.

Late last year, software from SolarWinds, the Texas-based IT management company, was the conduit for Russian hackers to breach US government computers. In May, Colonial Pipeline, an energy company, was held for ransom by DarkSide, a Russian criminal hacking group, effectively shutting down one of the nation’s largest providers of fuel. And in July, REvil, another cyber criminal group, launched what may have been the largest ransomware attack in history, impacting hundreds of businesses, all for a $70 million ransom.


Amid the chaos, dealmaking for cybersecurity firms has skyrocketed. Nationwide, over $12 billion has been invested into privately owned cyber companies this year, up from $10.2 billion in 2020, reports show. As of August, investors have poured $1.6 billion into Massachusetts-based companies, up by more than a factor of four over the $373 million raised during the same period last year, a Globe analysis of PitchBook data shows. (In comparison, investment in private New York-based cybersecurity companies grew 42 percent during the same period, and 36 percent for firms headquartered in California.)

Greg Dracon, a partner at Boston venture capital firm .406 Ventures, said companies are flourishing because of the growth in ransomware actors, the attention that cyberattacks receive, and the damage breaches can cause to a company’s product. He added, however, that the rise in funding is making the market red hot and could lead to overvalued companies.

“At the very early stages, we’re still seeing pretty reasonable valuations,” Dracon said, referencing tech companies that have just started. “As soon as companies show a little bit of traction, the valuations are ridiculous.”

Lior Div, the cofounder and chief executive of Cybereason, said the demand for his company’s product — which provides intelligence to predict and prevent cyber breaches — is “unbelievable” and reflects the impact recent cyberattacks have had on organizations scrambling to protect their own networks.


“I cannot hire people fast enough in order to meet the demand,” he said. Cybereason currently employs roughly 1,000 workers.

Div, a former commander of the Israeli military’s cyber intelligence unit, added that investors have taken notice. “People see that you’re growing and they want in,” he said. “There are still people knocking on our door wanting to buy Cybereason shares.”

Stephanie Helm, director of the MassCyberCenter, a Baker administration initiative that fosters the cybersecurity sector, said the good fortunes for the state’s companies is not a surprise. She noted the Commonwealth’s array of cyber-focused higher education programs, its geographical proximity — compared to California — to global cybersecurity powerhouses like Israel, and focus from lawmakers to foster a cyber-friendly ecosystem, will make the state a global leader in the sector.

“We do have a lot going for us in Massachusetts,“ she said, adding that the state could be “the national leader, as opposed to Silicon Valley.”