Several interesting, and, in some cases, surprising, trends about cybersecurity recently came to light with the publishing of the current Cybersecurity 500. The quarterly report contains a global compilation of the 500 leading companies providing cybersecurity solutions and services, and is managed and updated by research firm Cybersecurity Ventures (full disclosure: I am a member of the firm's advisory board), after analysis that includes continuously looking at thousands of companies, soliciting feedback from CISOs, IT security practitioners, and service providers, and studying hundreds of cybersecurity events and news sources. Creating the list also allows researchers at the firm to discover various trends. Here are some of them I thought my readers would find most interesting:

1. Health care has replaced financial services as the hardest hit sector

The health care sector has risen to become the top vertical being victimized by cyber-attacks. This is particularly interesting when one considers that just two years ago, health care was, according to some measures, not even in the top five. (I have previously discussed the problem of ransomware, which has plagued health care firms this year like never before.)

2. Email insecurity is on people's minds

Likely as a result of the seemingly incessant discussions about the topic during the recent presidential election campaign, the public has become much more aware of the security risks related to email, and firms (especially those that have not invested sufficiently in email security in the past) are increasingly spending money to better protect their email infrastructure and data.

3. There is an increased focus on people, rather than on technology

"Pure-play" cybersecurity companies and business units focusing on people more so than on technology continue to gain prominence. This is not surprising -- after years of spending on technology, firms are realizing that they need more people, while simultaneously understanding that people can become the Achilles' heel of information security.

4. Social media risks are gaining attention

CISOs are starting to recognize the risk that social media is creating for data leaks, and how it is helping criminals more effectively perpetrate sophisticated social engineering attacks (such as spear-phishing) than just a few years ago. As was the case vis-a-vis email security, the presidential election helped bring to the forefront the issue of offensive social media posts and of fake news being shared on social media.

5. Spending is being directed toward large and small firms

While three-fourths of publicly traded cybersecurity related firms met or beat analyst expectations for Q3 revenue, money is increasingly being spent upstream (with huge firms like Cisco and IBM) or downstream (with start ups and other niche players).

You can read the full Cybersecurity 500 report here.

Like this column? Sign up to subscribe to weekly email alerts and you'll never miss a post.