The Current Market For Cyber Security Founders & Investors

The news that cyber security financing slowed down slightly in the first half of 2022 and continued to slide in Q3 has had some commentators questioning whether valuations have peaked, particularly when it comes at a time of economic slowdown.

Certainly, if it was another part of technology, this perspective might be valid. Yet it is worth considering the demand side: put bluntly, the need for sophisticated, effective cyber defenses isn’t going away. Digital transformation continues to accelerate, and with that comes an expansion of risk. The more online companies are, the more their operations are targets for bad actors. 

Add to this the increasing professionalism and expertise of attackers, many of whom are backed by or directly employed by nation-states, and it is unsurprising when data from PwC reports that more than 50% of organisations expect a surge in reportable incidents above 2021 levels.  

Cybersecurity Is Still A Priority

Norges Bank Investment Management, the world’s largest sovereign fund, appears to agree with the sentiment: its Chief Executive Officer recently told the Financial Times that cyber security has eclipsed tumultuous financial markets as its biggest concern, as it faces an average of three “serious” cyber attacks each day and they are becoming “increasingly sophisticated”. 

As such, cyber security remains the undisputed spending priority for businesses and public sector organisations, with 69% of respondents to PwC’s survey predicting a rise in cyber spending this year. 

In addition, Microsoft, Google, and IBM all recently announced major investment plans in the sector, all of which will contribute to driving demand for tools, solutions, and support services (such as training and certification). 
Technology valuations have taken a hit in the last few months, and we’re entering a time when companies are going to be prioritising certain investments. Some tech sectors are going to struggle to not be seen as luxuries, or at least nice-to-haves, whereas others are firmly embedded in decision-makers’ conscious as necessities. Cyber security is very definitely one of the latter, which gives those operating in the space an advantage.

The Attraction Of An Evolving Sector

Plus, there is the fact that the sector is constantly evolving, one of its most fascinating aspects and one that makes it extremely attractive to investors. Even as companies acquire new tools, vendors are having to come up with updates, devise new solutions for emerging issues, and try to stay ahead of the latest threats. Granted, there are some areas, such as managed services, end-point security, and messaging security that are crowded and dominated by established players, but newer segments offer more to investors focusing on cyber. These include External Attack Surface Management (EASM), Secure Access Service Edge (SASE), Digital Risk Protection (DRP), Network Detection and Response (NDR), and Continuous Controls Monitoring (CCM). 

Of course, that doesn’t mean a SASE start-up, for instance, should expect the funding to just roll in. The basic principles of being investable still apply. Having differentiated intellectual property and a solid growth profile, coupled with a management team with the right mix of experience, energy, and vision, are all critical. 

Financing is going to be more subdued for some time. There is significant volatility in capital markets, which puts pressure on both private and public valuations, shackles initial public offerings and makes funding rounds harder and more drawn out. 

A Fragmented Market

At the same time, the market remains fragmented. As such, there are a number of mergers and acquisitions taking place involving both strategic buyers and financial sponsors, with further consolidation expected.  

YTD Q3-2022, $16.5 bn has been invested across 799 cyber security financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth . This included eight worth more than $1 billion, with Google’s $5.3 billion acquisition of Mandiant, Broadcom’s $69.2 billion purchase of VMware, and Thoma Bravo’s $6.9 billion deal for SailPoint among the most notable. More recently, Thoma Bravo’s  $2.3 billion move for ForgeRock and Vista Equity spending $4.6 billion on KnowBe4 (less than two years after the latter’s initial public officering) illustrate the continued strength of M&A in the sector. 

The Implications For Founders & Investors

This all has implications for both start-ups and their investors.  For the former, there is an opportunity to adjust business plans and focus on sustainable growth while exploring ways to extend their runway to preserve cash until market conditions improve. At the same time, they need to maintain the strength of their IP and continue to invest in research and development. This means they need to strike a balance between maintaining cash levels and enhancing their proprietary offerings. 

Investors need to readjust their expectations and look at how they can support their portfolios to maintain that balance between protecting cash and continuing R&D.

Depending on the start-up’s management team, this may be the first economic downturn they’ve experienced whether professionally or as founders. As such, investors should bring to bear their own experiences to advise and support their portfolio teams. In doing so, they can not only ensure that start-ups are well placed to capitalise on economic improvements but will help boost valuations when funding and IPO markets start to reopen. 

Strong IP & Clear Growth Lead To Opportunities

Companies are going to continue to need cyber security. In certain areas, competition is tough, but in emerging segments, there are still opportunities for both start-ups and investors to identify opportunities.

The dip in financing is to be expected in the current macroeconomic environment, but with strong IP, clear sustainable growth potential, and a large defined addressable market, start-ups can and will continue to prosper. As they do, we as investors need to fulfill our roles as advisors to founders and ensure our portfolio companies are approaching the slowdown in the right manner. 

Damien Henault is Partner at TempoCap 

You Might Also Read:

The Cyber Security Investment Boom Continues:

 

« The Role Of Policies In Driving ‘Secured Productivity’
Chinese Hackers Steal $20m US Covid Relief Benefits »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

WEBINAR: 2024 and Beyond: Top Six Cloud Security Trends

April 4, 2024 | 11:00 AM PT: Join this webinar to find out about six emerging trends dominating the cloud cybersecurity landscape.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

ST Engineering Antycip

ST Engineering Antycip

ST Engineering Antycip (formerly Antycip Simulation) is Europe’s leading provider of professional grade COTS simulation software, projection & display systems, and related engineering services.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Strata Identity

Strata Identity

Strata is pioneering identity orchestration to unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.