Despite changing landscape, VC investment in cybersecurity still strong
As attacks mushroom, companies have more need for bigger, better protection
Featured Story
By Byron Acohido, ThirdCertainty
Wall Street’s keen interest in funding cybersecurity innovation is as robust as ever. Consider that in 2015, venture capitalists pumped $3.8 billion into 332 cybersecurity–related deals, up from $1.1 billion in 166 deals in 2011, according to CB Insights.
That’s a 235 percent growth rate over five years. Global demand for cybersecurity products and services remains insatiable. And VC funding continues to flow to startups and established vendors. However, deals are taking much longer to put together, and consolidation is underway.
Related: Fewer cybersecurity firms go public
ThirdCertainty asked two leading venture capitalists—Sean Cunningham, managing director of Trident Capital Cybersecurity, and Venky Ganesan, managing director of Menlo Ventures—to supply context. Here’s what they had to say:
Cybersecurity sector
Cunningham: Cybersecurity is a highly fragmented market and so many companies make niche products. The problem is that they don’t talk to one another. A corporate CISO is forced to stitch together a number of different products. That’s inefficient. Increasingly, large enterprises want to buy platforms that can do more than one thing and also work with other products.
Ganesan: Cybersecurity remains one of the top areas of investment for venture capitalists. It’s the one area of investing that is not dependent on macro conditions because there are organized groups of hackers working every day to create demand for security products. We are not even in the first innings of this market evolution. While there will be some ups and downs depending on capital flows into the venture capital industry, the long-term need for security products is secular.
Underlying drivers
Ganesan: The new battlefront is cyber. Countries like China, Russia and North Korea are going to threaten and attack the U.S., not physically, but through cyber. Most experts believe that we already are at cyber war with certain countries. Hacking is getting corporatized. There are companies in certain countries that look like startups with offices and holiday parties, but their main job is corporate espionage.
Cunningham: Today’s large computer systems have virtually no boundaries and are in a constant state of evolution. Malicious traffic can be found on all corporate networks. Bad actors are ubiquitous, increasingly skilled, and go to extremes to hide their exploits. In a nutshell, today’s online criminals and their nonstop efforts to breach network security and steal data have far outstripped the ability of IT and security professionals to stop them.
What’s coming
Cunningham: Cybersecurity is moving away from the era of building walls toward more flexible and proactive approaches. This requires constant monitoring for breaches and vulnerabilities and remedial responses. So we’re seeing a wave of consolidation among cybersecurity companies of all sizes.
Symantec just announced the acquisition of Blue Coat for $4.7 billion. Tech giants such as IBM and Microsoft have started buying young cybersecurity companies. Cybersecurity is expected to surpass all other technology sectors in merger and acquisition deals this year.
Ganesan: There are a ton of folks who are now starting to invest in cybersecurity who don’t have prior experience. This has resulted in a “Game of Clones” when it comes to each security sector. This is not sustainable because we now have eight to 10 companies in each space and CISOs are experiencing Powerpoint fatigue.
Given that everyone’s Powerpoint says the same thing, people need to evaluate the products to know who truly has the goods. This has slowed down the sales cycle for everyone. Eventually we will see some separation between the companies, but it will take time.
More about cybersecurity investment:
Cybersecurity startup is in the money, investment-wise
How you invest in your identity portfolio can make or break you
Few adopt NIST cybersecurity guidelines, but that could change
Posted in Cybersecurity, Featured Story
