Most industries saw a significant drop in venture capital investment at the seed and Series A stages throughout 2020. Cybersecurity appears to be the exception, according to a new report, with dealmaking remaining resilient, despite the coronavirus pandemic and a turbulent economic environment.
While the average number of seed and Series A investments dropped an average of 39.7% and 32% across all industries last year, they remained flat for the cybersecurity industry, according to a review of investment activity during fourth quarter 2020 byDataTribe. Mike Janke, co-founder of DataTribe, a tech and cybersecurity incubator that has backed companies like Dragos, told SC Media that the industry was already boosted by long-term trends toward digital transformation. The pandemic, and the switch to more decentralized operations, acted as an accelerator.
Interestingly, “2020 turned out to be stronger than we thought, even without COVID,” he said.
In particular, Janke said investors are gravitating more to startups that offer security services around cloud and architecture, DevSecOps, application correlation and orchestration, industrial control systems, operational technology and automation. Longer term plays around technologies like artificial intelligence and homomorphic encryption are also popular.
John Brennan, a partner at YL Ventures, echoed some of the findings, telling SC Media that his firm has invested in at least three application security companies over the past two years – Cycode, build.security and Enso Security – to address a number of technology business needs.
“Each of these teams is tackling a different problem in the space, but they share the tailwinds of similar trends,” said Brennan. “Interestingly, we are seeing both security teams and developers demand better security solutions, the former to mitigate risk and the latter to increase productivity.”
Meanwhile, an increasingly complex threat intelligence environment and an avalanche of security alerts have created a desire for more security automation. Janke said CISOs and security teams want a way to sort, contextualize and prioritize the intelligence they’re already getting, they’re “not trying to [find a tool] that’s 10% better than this other one.”
“I need something that just gets rid of the noise and shows me the needle in the haystack,” Janke said.
Another insight gleaned by DataTribe through their own network of 80 private sector chief information security officers: while the conventional wisdom often emphasizes how governments and agencies should be drawing their talent from the private, companies are increasingly looking to government to fill their CISOs ranks. He estimated five years ago that just 10% of CISOs in the network had worked for the federal government. Today it’s around 60%, something Janke attributes partly to the rising threat from advanced persistent threat groups and a need to tap candidates who can bring their national security insights to the job.
“Six years ago when I was a CEO…the CISOs were mostly corporate people that had managed projects – head of IT, good at managing a system,” he said. “And a shift happened to more government experienced: more NSA, more DHS and folks from national security.”
Over the past two years, cybersecurity startups have been receiving larger investments at the earliest investment stage – approximately $3 million for the average seed investment compared to other industries. Often, these larger valuations often come with increased ownership expectations for investors who require a board or C-Suite position in return.
Brennan said he’s seeing more involvement from generalist venture capital firms in the cybersecurity space and “valuations and round sizes – at the seed and later – have certainly increased over the past three years.” That greater overall demand is causing a crunch of investors to bet on and compete the same kinds of technology trends.
“Security has been a very competitive market for some time, and we’re now seeing an increase in competition, both at the seed stage (where we invest) and in follow-on rounds, where later stage investors are feeling pressure to invest earlier (and with less validation),” Brennan wrote.