The Current Market For Cyber Security Founders & Investors

The news that cyber security financing slowed down slightly in the first half of 2022 and continued to slide in Q3 has had some commentators questioning whether valuations have peaked, particularly when it comes at a time of economic slowdown.

Certainly, if it was another part of technology, this perspective might be valid. Yet it is worth considering the demand side: put bluntly, the need for sophisticated, effective cyber defenses isn’t going away. Digital transformation continues to accelerate, and with that comes an expansion of risk. The more online companies are, the more their operations are targets for bad actors. 

Add to this the increasing professionalism and expertise of attackers, many of whom are backed by or directly employed by nation-states, and it is unsurprising when data from PwC reports that more than 50% of organisations expect a surge in reportable incidents above 2021 levels.  

Cybersecurity Is Still A Priority

Norges Bank Investment Management, the world’s largest sovereign fund, appears to agree with the sentiment: its Chief Executive Officer recently told the Financial Times that cyber security has eclipsed tumultuous financial markets as its biggest concern, as it faces an average of three “serious” cyber attacks each day and they are becoming “increasingly sophisticated”. 

As such, cyber security remains the undisputed spending priority for businesses and public sector organisations, with 69% of respondents to PwC’s survey predicting a rise in cyber spending this year. 

In addition, Microsoft, Google, and IBM all recently announced major investment plans in the sector, all of which will contribute to driving demand for tools, solutions, and support services (such as training and certification). 
Technology valuations have taken a hit in the last few months, and we’re entering a time when companies are going to be prioritising certain investments. Some tech sectors are going to struggle to not be seen as luxuries, or at least nice-to-haves, whereas others are firmly embedded in decision-makers’ conscious as necessities. Cyber security is very definitely one of the latter, which gives those operating in the space an advantage.

The Attraction Of An Evolving Sector

Plus, there is the fact that the sector is constantly evolving, one of its most fascinating aspects and one that makes it extremely attractive to investors. Even as companies acquire new tools, vendors are having to come up with updates, devise new solutions for emerging issues, and try to stay ahead of the latest threats. Granted, there are some areas, such as managed services, end-point security, and messaging security that are crowded and dominated by established players, but newer segments offer more to investors focusing on cyber. These include External Attack Surface Management (EASM), Secure Access Service Edge (SASE), Digital Risk Protection (DRP), Network Detection and Response (NDR), and Continuous Controls Monitoring (CCM). 

Of course, that doesn’t mean a SASE start-up, for instance, should expect the funding to just roll in. The basic principles of being investable still apply. Having differentiated intellectual property and a solid growth profile, coupled with a management team with the right mix of experience, energy, and vision, are all critical. 

Financing is going to be more subdued for some time. There is significant volatility in capital markets, which puts pressure on both private and public valuations, shackles initial public offerings and makes funding rounds harder and more drawn out. 

A Fragmented Market

At the same time, the market remains fragmented. As such, there are a number of mergers and acquisitions taking place involving both strategic buyers and financial sponsors, with further consolidation expected.  

YTD Q3-2022, $16.5 bn has been invested across 799 cyber security financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth . This included eight worth more than $1 billion, with Google’s $5.3 billion acquisition of Mandiant, Broadcom’s $69.2 billion purchase of VMware, and Thoma Bravo’s $6.9 billion deal for SailPoint among the most notable. More recently, Thoma Bravo’s  $2.3 billion move for ForgeRock and Vista Equity spending $4.6 billion on KnowBe4 (less than two years after the latter’s initial public officering) illustrate the continued strength of M&A in the sector. 

The Implications For Founders & Investors

This all has implications for both start-ups and their investors.  For the former, there is an opportunity to adjust business plans and focus on sustainable growth while exploring ways to extend their runway to preserve cash until market conditions improve. At the same time, they need to maintain the strength of their IP and continue to invest in research and development. This means they need to strike a balance between maintaining cash levels and enhancing their proprietary offerings. 

Investors need to readjust their expectations and look at how they can support their portfolios to maintain that balance between protecting cash and continuing R&D.

Depending on the start-up’s management team, this may be the first economic downturn they’ve experienced whether professionally or as founders. As such, investors should bring to bear their own experiences to advise and support their portfolio teams. In doing so, they can not only ensure that start-ups are well placed to capitalise on economic improvements but will help boost valuations when funding and IPO markets start to reopen. 

Strong IP & Clear Growth Lead To Opportunities

Companies are going to continue to need cyber security. In certain areas, competition is tough, but in emerging segments, there are still opportunities for both start-ups and investors to identify opportunities.

The dip in financing is to be expected in the current macroeconomic environment, but with strong IP, clear sustainable growth potential, and a large defined addressable market, start-ups can and will continue to prosper. As they do, we as investors need to fulfill our roles as advisors to founders and ensure our portfolio companies are approaching the slowdown in the right manner. 

Damien Henault is Partner at TempoCap 

You Might Also Read:

The Cyber Security Investment Boom Continues:

 

« The Role Of Policies In Driving ‘Secured Productivity’
Chinese Hackers Steal $20m US Covid Relief Benefits »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Payload Security

Payload Security

Payload Security's VxStream Sandbox is a fully automated malware analysis system.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

UPX Technologies

UPX Technologies

UPX Technologies is one of the largest digital security centers in Brazil providing full protection for data, networks and content.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

National Security Services Group (NSSG)

National Security Services Group (NSSG)

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Ceeyu

Ceeyu

Ceeyu is an all-in-one cybersecurity ratings and third party risk management platform.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.