TEL AVIV (Reuters) - U.S. software firm Microsoft Corp MSFT.O will continue to invest over $1 billion annually on cyber security research and development in the coming years, a senior executive said.

A sign marks the Microsoft office in Cambridge, Massachusetts, U.S. January 25, 2017. REUTERS/Brian Snyder

This amount does not include acquisitions Microsoft may make in the sector, Bharat Shah, Microsoft vice president of security, told Reuters on the sidelines of the firm’s BlueHat cyber security conference in Tel Aviv.

“As more and more people use cloud, that spending has to go up,” Shah said.

While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000-700,000, according to Microsoft data.

Long known for its Windows software, Microsoft has shifted focus to the cloud where it is dueling with larger rival Amazon.com AMZN.O to control the still fledgling market.

In October it said quarterly sales from its flagship cloud product Azure, which businesses can use to host their websites, apps or data, rose 116 percent.

In addition to its internal security investments, Microsoft has bought three security firms, all in Israel, in a little over two years: enterprise security startup Aorato, cloud security firm Adallom, and Secure Islands, whose data and file protection technology has been integrated into cloud service Azure Information Protection.

Financial details of these deals were not disclosed.

“If you are talking about an ecosystem with more than 400 start-ups it’s not really a coincidence. Israel is huge in security,” said Secure Islands founder Yuval Eldar.

Microsoft’s venture arm has also made three cyber security investments in Israel, including this week an undisclosed amount in Illusive Networks, which uses deception technology to detect attacks and has been installed at banks and retailers.

Earlier this month Microsoft said it invested in Israel’s Team8, which created Illusive Networks.

Though Microsoft does not have any near-term plans to implement deception technology, “we look at lots of different technologies that might be of use in the future,” Shah said.

Shah believes that in the next year or so progress should be made in moving toward broader implementation of user authentication without need for a password.

Microsoft’s Windows 10 operating system includes Windows Hello, which allows users to scan their face, iris or fingerprints to verify their identity and sign in.