Despite changing landscape, VC investment in cybersecurity still strong

As attacks mushroom, companies have more need for bigger, better protection

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Wall Street’s keen inter­est in fund­ing cyber­se­cu­ri­ty inno­va­tion is as robust as ever. Con­sid­er that in 2015, ven­ture cap­i­tal­ists pumped $3.8 bil­lion into 332 cybersecurity–related deals, up from $1.1 bil­lion in 166 deals in 2011, accord­ing to CB Insights.

That’s a 235 per­cent growth rate over five years. Glob­al demand for cyber­se­cu­ri­ty prod­ucts and ser­vices remains insa­tiable. And VC fund­ing con­tin­ues to flow to star­tups and estab­lished ven­dors. How­ev­er, deals are tak­ing much longer to put togeth­er, and con­sol­i­da­tion is underway.

Relat­ed: Few­er cyber­se­cu­ri­ty firms go public

Third­Cer­tain­ty asked two lead­ing ven­ture capitalists—Sean Cun­ning­ham, man­ag­ing direc­tor of Tri­dent Cap­i­tal Cyber­se­cu­ri­ty, and Venky Gane­san, man­ag­ing direc­tor of Men­lo Ven­tures—to sup­ply con­text. Here’s what they had to say:

Cyber­se­cu­ri­ty sector

Sean Cunningham_Trident Capital_400
Sean Cun­ning­ham, Tri­dent Cap­i­tal Cyber­se­cu­ri­ty man­ag­ing director

Cun­ning­ham: Cyber­se­cu­ri­ty is a high­ly frag­ment­ed mar­ket and so many com­pa­nies make niche prod­ucts. The prob­lem is that they don’t talk to one anoth­er. A cor­po­rate CISO is forced to stitch togeth­er a num­ber of dif­fer­ent prod­ucts. That’s inef­fi­cient. Increas­ing­ly, large enter­pris­es want to buy plat­forms that can do more than one thing and also work with oth­er products.

Gane­san: Cyber­se­cu­ri­ty remains one of the top areas of invest­ment for ven­ture cap­i­tal­ists. It’s the one area of invest­ing that is not depen­dent on macro con­di­tions because there are orga­nized groups of hack­ers work­ing every day to cre­ate demand for secu­ri­ty prod­ucts. We are not even in the first innings of this mar­ket evo­lu­tion. While there will be some ups and downs depend­ing on cap­i­tal flows into the ven­ture cap­i­tal indus­try, the long-term need for secu­ri­ty prod­ucts is secular.

Under­ly­ing drivers

Venky Ganesan_Menlo Ventures_400
Venky Gane­san, Men­lo Ven­tures man­ag­ing director

Gane­san: The new bat­tle­front is cyber. Coun­tries like Chi­na, Rus­sia and North Korea are going to threat­en and attack the U.S., not phys­i­cal­ly, but through cyber. Most experts believe that we already are at cyber war with cer­tain coun­tries. Hack­ing is get­ting cor­po­ra­tized. There are com­pa­nies in cer­tain coun­tries that look like star­tups with offices and hol­i­day par­ties, but their main job is cor­po­rate espionage.

Cun­ning­ham: Today’s large com­put­er sys­tems have vir­tu­al­ly no bound­aries and are in a con­stant state of evo­lu­tion. Mali­cious traf­fic can be found on all cor­po­rate net­works. Bad actors are ubiq­ui­tous, increas­ing­ly skilled, and go to extremes to hide their exploits. In a nut­shell, today’s online crim­i­nals and their non­stop efforts to breach net­work secu­ri­ty and steal data have far out­stripped the abil­i­ty of IT and secu­ri­ty pro­fes­sion­als to stop them.

What’s com­ing

Cun­ning­ham: Cyber­se­cu­ri­ty is mov­ing away from the era of build­ing walls toward more flex­i­ble and proac­tive approach­es. This requires con­stant mon­i­tor­ing for breach­es and vul­ner­a­bil­i­ties and reme­di­al respons­es. So we’re see­ing a wave of con­sol­i­da­tion among cyber­se­cu­ri­ty com­pa­nies of all sizes.

Syman­tec just announced the acqui­si­tion of Blue Coat for $4.7 bil­lion. Tech giants such as IBM and Microsoft have start­ed buy­ing young cyber­se­cu­ri­ty com­pa­nies. Cyber­se­cu­ri­ty is expect­ed to sur­pass all oth­er tech­nol­o­gy sec­tors in merg­er and acqui­si­tion deals this year.

Gane­san: There are a ton of folks who are now start­ing to invest in cyber­se­cu­ri­ty who don’t have pri­or expe­ri­ence. This has result­ed in a “Game of Clones” when it comes to each secu­ri­ty sec­tor. This is not sus­tain­able because we now have eight to 10 com­pa­nies in each space and CISOs are expe­ri­enc­ing Pow­er­point fatigue.

Giv­en that everyone’s Pow­er­point says the same thing, peo­ple need to eval­u­ate the prod­ucts to know who tru­ly has the goods. This has slowed down the sales cycle for every­one. Even­tu­al­ly we will see some sep­a­ra­tion between the com­pa­nies, but it will take time.

More about cyber­se­cu­ri­ty investment:
Cyber­se­cu­ri­ty start­up is in the mon­ey, investment-wise
How you invest in your iden­ti­ty port­fo­lio can make or break you
Few adopt NIST cyber­se­cu­ri­ty guide­lines, but that could change

Posted in Cybersecurity, Featured Story