Insecurity as an Asset Class
How Cybersecurity and European Intelligence Form a Single System of Power and Capital
The Allocator Playbook: 30 Private Conversations With Capital in Motion
Our definitive playbook—featuring rare, in-depth conversations with the world’s most powerful allocators, from sovereign wealth funds to leading fund-of-funds—has been released. Some of these investors have never spoken publicly, not even to the top financial media.
If you haven’t secured your copy yet, this is your window to do so.
The industry we call cybersecurity is often mischaracterised as a technology sector among many others, as if it were simply an offshoot of IT or enterprise software. In reality it is something far more fundamental, for at its essence it is the institutionalisation of insecurity into a permanent market. The imbalance between offense and defense, the fragility of human trust, the intrusion of state power into the most private spaces, all converge here. To understand cybersecurity one must see it not as a product category but as the commercial face of intelligence, and to understand European intelligence one must see it not as an unknowable black box but as a stratified market that shapes and is shaped by private capital.
The origins of the industry lie not in venture capital or consumer demand but in mathematics and state necessity. When Whitfield Diffie and Martin Hellman introduced public key cryptography in the 1970s, they were not merely solving an academic puzzle, they were creating the very conditions under which secure communication could exist in the digital age. The elegance of the idea that one key could encrypt and another decrypt was the seed from which everything else grew. Without it there could be no secure banking, no protected messaging, no encrypted intelligence traffic.
Around that breakthrough gathered a generation of figures who would turn abstruse cryptographic concepts into living systems. Bruce Schneier became the philosopher of the field, turning complex protocols into words that policy makers could digest, reminding all who listened that security was never a product but a process. John McAfee built one of the first companies that translated insecurity into a consumer product, making antivirus software a household name, even as his later life turned into an erratic spectacle. Eugene Kaspersky scaled an antivirus lab in Moscow into a global threat intelligence powerhouse, admired and feared in equal measure. Mikko Hyppönen emerged from Finland as the great communicator of malware analysis, bridging the world of research and the needs of governments. Kevin Mitnick turned from being the most wanted hacker in the world into an emblem of how systems can be broken and how they might be defended. Clifford Stoll chronicled in The Cuckoo’s Egg how a sysadmin’s persistence exposed espionage, turning what had been invisible into public narrative. These figures were larger than life because they were simultaneously technical innovators, cultural icons, and lightning rods for society’s unease at a world becoming dependent on code.
Yet the other side of the story mattered as much. Hackers were never simply adversaries to be defeated; they were the counterweight that forced the industry to evolve. The chaos of early viruses such as Brain and Melissa, the worms that cascaded across networks in hours, the botnets that transformed millions of machines into silent armies, the exploits that brought down companies and governments, all forced cybersecurity vendors to innovate under fire. Figures like Adrian Lamo, who exploited vulnerabilities across corporations and then disclosed them, blurred the lines between outlaw and auditor. Groups such as Anonymous turned hacking into spectacle, leveraging distributed denial of service attacks as political protest. Eastern European cybercriminal syndicates professionalised malware, making it a service economy of its own. Chinese advanced persistent threat groups built long-term campaigns of espionage, targeting industrial secrets. Russian actors like Fancy Bear and Cozy Bear fused state and criminal capability, shifting the perception of cyber from nuisance to geopolitical weapon. The adversary was never static, and it was precisely this dynamism that fuelled the perpetual demand for defense.
The Allocator Playbook: 30 Private Conversations With Capital in Motion
Our definitive playbook—featuring rare, in-depth conversations with the world’s most powerful allocators, from sovereign wealth funds to leading fund-of-funds—has been released. Some of these investors have never spoken publicly, not even to the top financial media.
If you haven’t secured your copy yet, this is your window to do so.
Governments and intelligence agencies both fed and constrained this system. The NSA, with its unmatched technical depth, not only collected signals but shaped the standards and algorithms that would become ubiquitous worldwide, often inserting backdoors or weakening protocols to preserve advantage. GCHQ maintained mastery in signals intelligence, pushing Britain to the forefront of intercept technology. The CIA wove together human tradecraft with technical capabilities, pioneering the fusion of HUMINT and cyber. France’s DGSE built a culture of global intercept, sustaining demand for interception platforms. Germany’s BND was repeatedly checked by its own constitutional court, creating one of the sharpest examples of how law directly defines intelligence capability. These services were not spectators to the rise of the cybersecurity industry. They were customers, patrons, rivals, and sometimes predators. Their doctrines and budgets determined which tools private firms could build and sell, which contracts would sustain companies, and which markets would be closed by law or politics.
Investors entered the story once it became clear that security was not a discretionary expenditure but a structural requirement. The earliest companies were small, often consultancy-like operations serving corporate clients or government contracts. What changed in the 2000s was the recognition that cybersecurity could be built into platforms, scalable in the same way that enterprise software was. Palo Alto Networks, FireEye, CrowdStrike, and Darktrace emerged as institutional giants precisely because investors saw the opportunity to treat insecurity as a service model. Venture firms such as Sequoia and Accel backed security startups not as niche experiments but as future category leaders. Private equity discovered that mature security firms were cash flow machines because once a system is embedded into a client’s architecture, it is almost impossible to dislodge. Hedge funds began trading cybersecurity names as proxies for threat environment volatility. The result was the transformation of insecurity into an investable asset class.
It is here that the fusion with European intelligence becomes impossible to ignore. Investors too often assume that intelligence services are opaque, their activities unknowable, their budgets irrelevant to private markets. The reality is the opposite. The doctrines and procurement cycles of MI6, GCHQ, DGSE, DGSI, BND, BfV, and their Nordic and Baltic counterparts directly shape the opportunity set. Europe is not a monolithic intelligence bloc. It is a mosaic. Britain operates within Five Eyes, aligning its procurement cycles with the United States and guaranteeing long-term scale. France retains autonomy, mixing civil and military intelligence functions and sustaining multiple procurement streams. Germany is resource rich but legally constrained, limiting offensive procurement but creating demand for defensive and compliance-friendly solutions. The Nordics maintain lean services with deep liaison dependence, creating openings for small vendors who can plug capability gaps. The Baltics concentrate on Russian threats, producing steady demand for niche cyber and SIGINT products. Southern and eastern Europe are fragmented and politicised, creating volatility but also opportunities for foreign vendors to sell ready-made solutions. For capital the continent is less a federation than a marketplace of doctrines.
Legal frameworks are not incidental. Britain’s Investigatory Powers Act codified maximal collection within judicial oversight, making it a stable buyer of data analytics platforms. France’s surveillance mandate sustains demand for cable taps and satellites. Germany’s constitutional court ruling of 2020 curtailed external collection, shrinking the domestic market for offensive tools. Investors must treat these frameworks as they would fiscal policy, for they set the hard limits of what products can exist.
Procurement aligns with capability domains. HUMINT services sustain niche markets in forgeries, biometrics, and secure communications. SIGINT leaders such as GCHQ and DGSE demand satellites and decryption systems. GEOINT contracts flow to aerospace primes like Airbus, Thales, Leonardo, and OHB. OSINT is the fastest growing, as services automate ingestion of open data through AI and natural language processing. FININT ties directly to sanctions enforcement and anti-money laundering, driving demand for compliance software and blockchain tracing. Cyber splits between offense, where Britain and France maintain active procurement, and defense, where Germany, Poland, and the Baltics concentrate their spend. These categories are not abstractions but direct indicators of which companies will grow.
Budgets translate into industrial orders. Britain spends over three billion pounds annually across its services, France more than three billion euros, Germany around two billion, Italy and Spain less than half. The Nordics maintain smaller but efficient budgets, the Baltics survive on NATO subsidy. These allocations cascade into contracts for primes and opportunities for SMEs. The investor who reads them as demand curves will anticipate where growth will materialise.
Alliances stratify access. NATO fusion ensures that certain contracts flow through Brussels or Mons, not national capitals. Five Eyes integration guarantees British firms derivative opportunities from American technology. France and Germany sustain privileged bilaterals but remain outside the inner circle. Eastern Europe depends on American patronage, ensuring funding but limiting autonomy. EU institutions such as INTCEN and Europol lack collection authority but sustain secondary demand for analytic platforms. The hierarchy is clear, and so is the flow of opportunity.
Oversight and scandal shape risk. Britain and Germany’s robust oversight stabilises procurement, while France, Italy, and Spain sustain volatility through weaker oversight. Eastern and southern states often politicise their services, exposing vendors to reputational risk. The Pegasus and Predator spyware scandals showed how quickly vendor association can trigger backlash, sanctions, and collapse in enterprise value. Investors must weigh permissive but fragile markets against regulated but reputationally safe ones.
Threat environments drive procurement like commodity cycles. Russian aggression has guaranteed structural demand for battlefield SIGINT and tactical cyber. Chinese penetration sustains counterintelligence contracts in Germany and Britain. Middle Eastern terrorism drives diaspora monitoring and FININT. Domestic extremism drives social media analytics. Each vector translates directly into budgets.
Technological frontiers reveal the next phase. AI-driven OSINT, quantum-resistant cryptography, next-generation SIGINT satellites, battlefield cyber exploitation, and blockchain tracing are all being procured today. The firms at the edge of these domains are already being acquired or folded into primes. For investors this is the growth frontier.
The vulnerabilities of services create market opportunities. Britain is tied to American cycles, France risks overextension abroad, Germany is legally shackled, Italy and Spain are underfunded, Eastern Europe is penetrable, the EU lacks central fusion. Vendors who deliver compliant solutions for Germany, expeditionary support for France, or resilience for the Baltics will find buyers.
If one assembles these elements into an index of capability, Britain and France stand at the top, Germany constrained but rich, the Nordics and Baltics resilient, southern Europe middling, the Balkans fragile, Turkey powerful but politicised. The investor who sees this not as unknowable but as stratified will find advantage. The cycles of cybersecurity vendors, the doctrines of intelligence services, the scandals that erupt and recede, the technologies that shift from laboratory to procurement order, all belong to a single system.
The lesson is that cybersecurity and intelligence are not separate domains. They are the same structure seen from different sides. Entrepreneurs, hackers, agencies, investors, and regulators have all contributed to building a market in which insecurity itself is the raw material. To invest here requires not just technical literacy but doctrinal literacy, not just financial models but an understanding of law, geopolitics, and threat vectors. For those who study it with forensic precision, the reward is not only exposure to one of the fastest growing industries in the world but also an early warning system for the trajectory of European security and global power.
As always, thank you for reading.
As we continue exploring the complexities of global markets together, I’m genuinely humbled by the growth of this community—now 56,000+ strong. It’s an honour to engage with such an insightful and globally diverse audience, with readers spanning 107 countries, from the United States to Switzerland.
Your feedback and engagement have been instrumental in shaping the topics I explore. If you've found value in these perspectives, I’d love for you to share this newsletter with your networks. Together, we’re fostering deeper discussions and critical thinking about where the markets are heading. Please write to me at kam@amanahcapital.uk