The Current Market For Cyber Security Founders & Investors

The news that cyber security financing slowed down slightly in the first half of 2022 and continued to slide in Q3 has had some commentators questioning whether valuations have peaked, particularly when it comes at a time of economic slowdown.

Certainly, if it was another part of technology, this perspective might be valid. Yet it is worth considering the demand side: put bluntly, the need for sophisticated, effective cyber defenses isn’t going away. Digital transformation continues to accelerate, and with that comes an expansion of risk. The more online companies are, the more their operations are targets for bad actors. 

Add to this the increasing professionalism and expertise of attackers, many of whom are backed by or directly employed by nation-states, and it is unsurprising when data from PwC reports that more than 50% of organisations expect a surge in reportable incidents above 2021 levels.  

Cybersecurity Is Still A Priority

Norges Bank Investment Management, the world’s largest sovereign fund, appears to agree with the sentiment: its Chief Executive Officer recently told the Financial Times that cyber security has eclipsed tumultuous financial markets as its biggest concern, as it faces an average of three “serious” cyber attacks each day and they are becoming “increasingly sophisticated”. 

As such, cyber security remains the undisputed spending priority for businesses and public sector organisations, with 69% of respondents to PwC’s survey predicting a rise in cyber spending this year. 

In addition, Microsoft, Google, and IBM all recently announced major investment plans in the sector, all of which will contribute to driving demand for tools, solutions, and support services (such as training and certification). 
Technology valuations have taken a hit in the last few months, and we’re entering a time when companies are going to be prioritising certain investments. Some tech sectors are going to struggle to not be seen as luxuries, or at least nice-to-haves, whereas others are firmly embedded in decision-makers’ conscious as necessities. Cyber security is very definitely one of the latter, which gives those operating in the space an advantage.

The Attraction Of An Evolving Sector

Plus, there is the fact that the sector is constantly evolving, one of its most fascinating aspects and one that makes it extremely attractive to investors. Even as companies acquire new tools, vendors are having to come up with updates, devise new solutions for emerging issues, and try to stay ahead of the latest threats. Granted, there are some areas, such as managed services, end-point security, and messaging security that are crowded and dominated by established players, but newer segments offer more to investors focusing on cyber. These include External Attack Surface Management (EASM), Secure Access Service Edge (SASE), Digital Risk Protection (DRP), Network Detection and Response (NDR), and Continuous Controls Monitoring (CCM). 

Of course, that doesn’t mean a SASE start-up, for instance, should expect the funding to just roll in. The basic principles of being investable still apply. Having differentiated intellectual property and a solid growth profile, coupled with a management team with the right mix of experience, energy, and vision, are all critical. 

Financing is going to be more subdued for some time. There is significant volatility in capital markets, which puts pressure on both private and public valuations, shackles initial public offerings and makes funding rounds harder and more drawn out. 

A Fragmented Market

At the same time, the market remains fragmented. As such, there are a number of mergers and acquisitions taking place involving both strategic buyers and financial sponsors, with further consolidation expected.  

YTD Q3-2022, $16.5 bn has been invested across 799 cyber security financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth . This included eight worth more than $1 billion, with Google’s $5.3 billion acquisition of Mandiant, Broadcom’s $69.2 billion purchase of VMware, and Thoma Bravo’s $6.9 billion deal for SailPoint among the most notable. More recently, Thoma Bravo’s  $2.3 billion move for ForgeRock and Vista Equity spending $4.6 billion on KnowBe4 (less than two years after the latter’s initial public officering) illustrate the continued strength of M&A in the sector. 

The Implications For Founders & Investors

This all has implications for both start-ups and their investors.  For the former, there is an opportunity to adjust business plans and focus on sustainable growth while exploring ways to extend their runway to preserve cash until market conditions improve. At the same time, they need to maintain the strength of their IP and continue to invest in research and development. This means they need to strike a balance between maintaining cash levels and enhancing their proprietary offerings. 

Investors need to readjust their expectations and look at how they can support their portfolios to maintain that balance between protecting cash and continuing R&D.

Depending on the start-up’s management team, this may be the first economic downturn they’ve experienced whether professionally or as founders. As such, investors should bring to bear their own experiences to advise and support their portfolio teams. In doing so, they can not only ensure that start-ups are well placed to capitalise on economic improvements but will help boost valuations when funding and IPO markets start to reopen. 

Strong IP & Clear Growth Lead To Opportunities

Companies are going to continue to need cyber security. In certain areas, competition is tough, but in emerging segments, there are still opportunities for both start-ups and investors to identify opportunities.

The dip in financing is to be expected in the current macroeconomic environment, but with strong IP, clear sustainable growth potential, and a large defined addressable market, start-ups can and will continue to prosper. As they do, we as investors need to fulfill our roles as advisors to founders and ensure our portfolio companies are approaching the slowdown in the right manner. 

Damien Henault is Partner at TempoCap 

You Might Also Read:

The Cyber Security Investment Boom Continues:

 

« The Role Of Policies In Driving ‘Secured Productivity’
Chinese Hackers Steal $20m US Covid Relief Benefits »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jones Day

Jones Day

Jones Day is an international law firm based in the United States. Practice areas include Cybersecurity, Privacy & Data Protection.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

TechDefence Labs

TechDefence Labs

TechDefence Labs provide pentesting and security assessment services for networks, web apps, mobile apps and source code reviews.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

Hub One

Hub One

Hub one is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

BotGuard

BotGuard

BotGuard provides a service to protect your website from malicious bots, crawlers, scrapers, and hacker attacks.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Kivera

Kivera

Kivera enforces your organisation governance and security policies across cloud deployments preventing misconfigurations turning into attack vectors.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.