Information security has focused on the security of personal information for the last quarter century. As a result, a vast number of mature security products and services have evolved to meet enterprise security needs.

But what is the financial value of personal information, PII, PHI, or even credit card numbers? Not that much, as it turns out. There’s a reason that the government regulates minimum cybersecurity standards—most companies are not financially incentivized to secure consumer personal information.

As a result, enterprise security tooling is optimized to manage the regulatory risk of a data breach resulting in exposure of personal information. As a secondary concern, such tooling is optimized to defend against ransomware.

But what happens when money becomes information, and information security becomes the security of fungible, non-reversible digital cash?

Most enterprise security tooling is completely inadequate to meet such security needs.

I say this as the CISO of a multi-billion dollar cryptocurrency company with just such extreme security risk. I’ve kicked the tires of all the major and many of the minor security offerings out there, and I use quite a few in my day-to-day work. But it’s square peg meets round hole. It’s like using a cardboard shield and going into battle against a Roman legion. Dodge and weave, dodge and weave…

So this complaint is directed at industry at large: There is a huge market opportunity here to meet the underserved needs of cryptocurrency companies. And as money continues its one-way migration from a bank’s database entry into blockchain-based digital cash, everyone is going to need such a level of security.

Maybe no one really cares about data breaches because the financial impact is so low, but it turns out people really care about thieves stealing all of your money. Being your own bank means caring about bank robbers.

Now, I recognize that I work in a niche vertical with niche security needs. And maybe it’s not profitable for security companies to care about companies like mine. But I see the total addressable market growing by an order or two of magnitude. We are still very early in the blockchain journey. As real-world assets become tokenized, the security of those tokens—in whatever digital representation they may take—becomes the security of everything.

The deed to your house stored as an NFT on chain? Gone. Dude, who stole my house?

Absent larger fines and stricter enforcement, no one cares about the security of PII/PHI. Absent greater government funding, no one cares about the security of critical infrastructure—that becomes a covert defensive play by NSA et al. But no incentives are required to convince companies to not get robbed. You can’t get cybersecurity insurance for cryptocurrency theft. The failure mode is immediate financial loss. Not regulatory fines, not lost reputation, not your CEO being hauled before Congress to get grilled in some Kabuki Theater pantomime of outrage, but actual immediate financial harm.

So entrepreneurs, start your engines. Existing security tooling companies are unlikely to innovate. There’s a whole new security tooling vertical to create, almost from scratch, with huge profits to those able to deliver.