The Current Market For Cyber Security Founders & Investors

The news that cyber security financing slowed down slightly in the first half of 2022 and continued to slide in Q3 has had some commentators questioning whether valuations have peaked, particularly when it comes at a time of economic slowdown.

Certainly, if it was another part of technology, this perspective might be valid. Yet it is worth considering the demand side: put bluntly, the need for sophisticated, effective cyber defenses isn’t going away. Digital transformation continues to accelerate, and with that comes an expansion of risk. The more online companies are, the more their operations are targets for bad actors. 

Add to this the increasing professionalism and expertise of attackers, many of whom are backed by or directly employed by nation-states, and it is unsurprising when data from PwC reports that more than 50% of organisations expect a surge in reportable incidents above 2021 levels.  

Cybersecurity Is Still A Priority

Norges Bank Investment Management, the world’s largest sovereign fund, appears to agree with the sentiment: its Chief Executive Officer recently told the Financial Times that cyber security has eclipsed tumultuous financial markets as its biggest concern, as it faces an average of three “serious” cyber attacks each day and they are becoming “increasingly sophisticated”. 

As such, cyber security remains the undisputed spending priority for businesses and public sector organisations, with 69% of respondents to PwC’s survey predicting a rise in cyber spending this year. 

In addition, Microsoft, Google, and IBM all recently announced major investment plans in the sector, all of which will contribute to driving demand for tools, solutions, and support services (such as training and certification). 
Technology valuations have taken a hit in the last few months, and we’re entering a time when companies are going to be prioritising certain investments. Some tech sectors are going to struggle to not be seen as luxuries, or at least nice-to-haves, whereas others are firmly embedded in decision-makers’ conscious as necessities. Cyber security is very definitely one of the latter, which gives those operating in the space an advantage.

The Attraction Of An Evolving Sector

Plus, there is the fact that the sector is constantly evolving, one of its most fascinating aspects and one that makes it extremely attractive to investors. Even as companies acquire new tools, vendors are having to come up with updates, devise new solutions for emerging issues, and try to stay ahead of the latest threats. Granted, there are some areas, such as managed services, end-point security, and messaging security that are crowded and dominated by established players, but newer segments offer more to investors focusing on cyber. These include External Attack Surface Management (EASM), Secure Access Service Edge (SASE), Digital Risk Protection (DRP), Network Detection and Response (NDR), and Continuous Controls Monitoring (CCM). 

Of course, that doesn’t mean a SASE start-up, for instance, should expect the funding to just roll in. The basic principles of being investable still apply. Having differentiated intellectual property and a solid growth profile, coupled with a management team with the right mix of experience, energy, and vision, are all critical. 

Financing is going to be more subdued for some time. There is significant volatility in capital markets, which puts pressure on both private and public valuations, shackles initial public offerings and makes funding rounds harder and more drawn out. 

A Fragmented Market

At the same time, the market remains fragmented. As such, there are a number of mergers and acquisitions taking place involving both strategic buyers and financial sponsors, with further consolidation expected.  

YTD Q3-2022, $16.5 bn has been invested across 799 cyber security financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth . This included eight worth more than $1 billion, with Google’s $5.3 billion acquisition of Mandiant, Broadcom’s $69.2 billion purchase of VMware, and Thoma Bravo’s $6.9 billion deal for SailPoint among the most notable. More recently, Thoma Bravo’s  $2.3 billion move for ForgeRock and Vista Equity spending $4.6 billion on KnowBe4 (less than two years after the latter’s initial public officering) illustrate the continued strength of M&A in the sector. 

The Implications For Founders & Investors

This all has implications for both start-ups and their investors.  For the former, there is an opportunity to adjust business plans and focus on sustainable growth while exploring ways to extend their runway to preserve cash until market conditions improve. At the same time, they need to maintain the strength of their IP and continue to invest in research and development. This means they need to strike a balance between maintaining cash levels and enhancing their proprietary offerings. 

Investors need to readjust their expectations and look at how they can support their portfolios to maintain that balance between protecting cash and continuing R&D.

Depending on the start-up’s management team, this may be the first economic downturn they’ve experienced whether professionally or as founders. As such, investors should bring to bear their own experiences to advise and support their portfolio teams. In doing so, they can not only ensure that start-ups are well placed to capitalise on economic improvements but will help boost valuations when funding and IPO markets start to reopen. 

Strong IP & Clear Growth Lead To Opportunities

Companies are going to continue to need cyber security. In certain areas, competition is tough, but in emerging segments, there are still opportunities for both start-ups and investors to identify opportunities.

The dip in financing is to be expected in the current macroeconomic environment, but with strong IP, clear sustainable growth potential, and a large defined addressable market, start-ups can and will continue to prosper. As they do, we as investors need to fulfill our roles as advisors to founders and ensure our portfolio companies are approaching the slowdown in the right manner. 

Damien Henault is Partner at TempoCap 

You Might Also Read:

The Cyber Security Investment Boom Continues:

 

« The Role Of Policies In Driving ‘Secured Productivity’
Chinese Hackers Steal $20m US Covid Relief Benefits »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Avatier

Avatier

Avatier identity management software products automate identity access management, user provisioning and IT governance to ensure information security and compliance.

FoxGuard

FoxGuard

FoxGuard develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Industry IoT Consortium (IIC)

Industry IoT Consortium (IIC)

The Industry IoT Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

CyberAcuView

CyberAcuView

CyberAcuView is a company dedicated to enhancing cyber risk mitigation efforts across the insurance industry.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

Noma Security

Noma Security

Noma Security's mission is Application Security for the Entire Data & AI Lifecycle.

Prismo Systems

Prismo Systems

Prismo provides a unified platform to secure software development across the entire SDLC and deployment on any cloud or on-premises infrastructure.