Despite cybersecurity boom, fewer firms acquired or go public

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

By Rob Lemos, Third­Cer­tain­ty

A flur­ry of invest­ment announce­ments and a major acqui­si­tion has under­scored that the cyber­se­cu­ri­ty gold rush con­tin­ues in 2015.

On June 30, Cis­co announced it would pur­chase Inter­net secu­ri­ty firm OpenDNS for $635 mil­lion in cash. The same day, key-man­age­ment sys­tem ven­dor Venafi announced an addi­tion­al $39 mil­lion in fund­ing, and a few days ear­li­er, appli­ca­tion secu­ri­ty firm Check­marx attract­ed an $84 mil­lion invest­ment from a pri­vate equi­ty and ven­ture firm.

Bob Ackerman,  Allegis Capital founder and managing director
Bob Ack­er­man,
Allegis Cap­i­tal founder and man­ag­ing direc­tor

Such val­u­a­tions and deal sizes have become typ­i­cal in the cyber­se­cu­ri­ty sec­tor. Over the past five years, more than $7.3 bil­lion has been invest­ed in cyber­se­cu­ri­ty firms, accord­ing to invest­ment track­ing ser­vice CB Insights. The annu­al val­ue of deals has climbed every year since 2011, reach­ing $2.4 bil­lion last year.

While the val­u­a­tions have increased dra­mat­i­cal­ly over the past five years, inter­est in the cyber­se­cu­ri­ty sec­tor is ground­ed in neces­si­ty and that sets it apart from many oth­er sec­tors, said Robert Ack­er­man, man­ag­ing direc­tor and founder of ven­ture-cap­i­tal firm Allegis Cap­i­tal.

The inno­va­tion is being dri­ven by demand for solu­tions, not spec­u­la­tion that there might be a prob­lem that needs to be solved,” he said.

Growth ram­page based on need

The deals sug­gest that 2015 will be anoth­er ban­ner year for invest­ments in the cyber­se­cu­ri­ty sec­tor. Sig­nif­i­cant pay­offs, such as the OpenDNS deal, will con­tin­ue to fuel inter­est, both by entre­pre­neurs and investors.

Jeff Hud­son, CEO of Venafi, likes to evoke bio­log­i­cal analo­gies to explain why secu­ri­ty is still such a dynam­ic mar­ket. While the real-world envi­ron­ment has evolved over bil­lions of years, the cyber realm has had just a few decades. The cyber­se­cu­ri­ty indus­try will con­tin­ue to inno­vate, because the envi­ron­ment is still in its infan­cy, he said.

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

The bad guys are attack­ing from cyber (space) because there is no equiv­a­lent of the immune sys­tem, and there‘s more and more val­ue there, so more attacks will go there,” he said. “Because of that, the invest­ments will con­tin­ue to go there as well.”

Yet, the sup­ply of secu­ri­ty firms may be lev­el­ing off. In 2014, the num­ber of invest­ment deals only increased by 4 per­cent from the pre­vi­ous year, a far cry from 21 per­cent and 37 per­cent increas­es in the pre­vi­ous two years, accord­ing to CB Insights data. While investors are will­ing to put cap­i­tal into the mar­ket, find­ing the start­up com­pa­nies with the right skill sets to suc­ceed in the cyber­se­cu­ri­ty mar­ket is tricky, said Don Dixon, gen­er­al man­ag­er for ven­ture-cap­i­tal firm Tri­dent Cap­i­tal.

Qual­i­ty vs. quan­ti­ty

More peo­ple are com­ing into the indus­try as it attracts more mon­ey, and you see more ven­ture firms come in, but if you look at the num­ber of qual­i­fied peo­ple and the num­ber of oppor­tu­ni­ties, both are lim­it­ed,” he said.

In addi­tion, the endgame is still ques­tion­able for most secu­ri­ty firms. The num­ber of exits—companies that are acquired or go public—is small com­pared to the num­ber of com­pa­nies being fund­ed, accord­ing to CB Insights. While more than 350 com­pa­nies have exit­ed in the past five years, the trend peaked in 2012 and dropped by a quar­ter the fol­low­ing two years. Only 15 cyber­se­cu­ri­ty com­pa­nies have gone pub­lic since 2010.

A sig­nif­i­cant part of the prob­lem is that, to prove them­selves, cyber­se­cu­ri­ty firms need to gain cus­tomers among com­pa­nies and their chief infor­ma­tion offi­cers who are taxed by ever-increas­ing attacks, Trident’s Dixon said. More­over, the short­age in qual­i­fied CISOs means that prod­ucts from the hun­dreds of cyber­se­cu­ri­ty firms are vying for the lim­it­ed resource of CISO atten­tion.

I think you have a glut of com­pa­nies,” Dixon said. “How many com­pa­nies are the CISOs will­ing to look at and look to process? I think that, at the end of the day, that is what’s going to lim­it the num­ber of oppor­tu­ni­ties.”

More on emerg­ing best prac­tices
5 data pro­tec­tion tips for SMBs
What SMBs need to know about CISOs
Pro­tect­ing your dig­i­tal foot­print in the post pri­va­cy era


Posted in Cybersecurity, News & Analysis