Hacks of the Democratic National Committee, Yahoo! (YHOO) and a long list of high-profile victims underscore the growing importance of cybersecurity to government and corporations.

Despite the clear need for online protection, 2016 has been a turbulent year for leading companies like FireEye (FEYE) - Get Report , Imperva (IMPV) - Get Report , Fortinet (FTNT) - Get Report and Check Point Software Technologies  (CHKP) - Get Report . Activist firms such as Paul Singer's Elliott Management have agitated in some situations.

FireEye CEO Kevin Mandia described some of the issues that the sector is working through.
"What I call the fear uncertainty and doubt spend is now transitioning at the enterprise level into more of a total cost of ownership decision-making," Mandia said, with companies taking a harder look at the funds they have deployed.

The attack against Target  (TGT) - Get Report in late 2013 heightened awareness, and ensuing campaigns against Home Depot  (HD) - Get Report and Sony (SNE) - Get Report   were free advertising for cybersecurity. Venture capital tracking firm CB Insights reports that global cybersecurity funding totaled $2.6 billion in 2014 and nearly $3.8 billion in 2015. Investment is on track to hit $3.1 billion this year.

Competition has greatly increased at a time when corporations are weighing the cybersecurity investments of recent years.

"The macro trend is there are a lot more cybersecurity companies and there are a lot of folks who have bought a lot of point products, and now they are trying to sort out how do we get all of these things to work together how do we integrate them and how do we automate stuff for some cost savings," Mandia explained.

As the competition has become more intense and corporate spending has slowed, activists have made their voices heard.

FireEye has gone through a restructuring that included 350 layoffs. The company solidly topped forecasts in its early-November third-quarter earnings report. TheStreet's sister publication The Deal removed the company from its activist watch list. UBS analyst Brent Thill described the report as the company's first "clean" beat of revenue and earnings forecasts since the second quarter of 2015. FireEye reduced guidance for the full year.

"We were able to accomplish what we set out to do in the third quarter both in terms of maintaining our path to profitability while exceeding guidance on all of the ranges," Mandia said. "Billings came in above [the guidance] range. Revenue came in above range. We had our best operating margin in the history of FireEye."

Shares of the company have gained about 25% since the Nov. 3 earnings report.

Market dynamics may lead to consolidation.

Corporations may favor an IT security 'platform' over dealing with a collection of different security vendors. The read through is larger IT players that need to fill out their security portfolio will look to be acquisitive, said Brad Vizi of activist fund Legion Partners. "Longer sales cycles and a more measured pace of IT security spend will result in many cybersecurity vendors taking a hard look at their current cost structures," he suggested.

"Once these companies hit the inflection point in their growth trajectory (which many already have), smaller cybersecurity players need to make the decision of either considering strategic alternatives and becoming a part of a larger platform, or restructuring the cost footprint in order to grow more modestly but at a higher profitability level," Vizi said. "You're seeing this across the space, and we believe activists can help continue to drive this discussion in the future."

Paul Singer's Elliott Management launched a campaign against Imperva earlier this year. The security shop hired Qatalyst Partners in August to conduct a review, but terminated the process without a sale in November.

Elliott has also taken a 1.9% stake in Symantec  (SYMC) - Get Report , which went through a breakup in 2015 and a $500 million investment from Silver Lake Management earlier this year. Singer's firm also holds a 7.2% position in Imperva and 0.3% of Fortinet, according to an anlaysis of 13F filings by Lazard.

Other firms with histories of activism have taken positions below the 5% reporting positions in cybersecurity companies, the Lazard report said.

For example, Starboard Value holds a 0.5% stake in Imperva, Blue Harbour Group has a 0.1% stake in Check Point and Coatue Management holds 0.5% of FireEye.

There have been shifts in the threats that FireEye and others have been fighting back.

"You've got an abatement of the cyberespionage out of China that might have contributed to the fear, uncertainty and doubt sales going down a little bit," Mandia said.

"Russia has dialed it up a notch though," he added. "Ransomware is more commonly being done."

Cybersecurity companies will continue to scrutinize costs, and consolidation is likely amid a crowded group of competitors. Morningstar analyst Ilya Kundozerov suggested the security shops could benefit from more high-profile attacks.

"Activity in the sector has a direct correlation to the amount of publicity hacking incidents get in the media," he said. "If tomorrow a couple of big companies get blown up, security is going to be back in the minds of the IT managers and CEOs of companies."