Innovation in cyber security created many success stories over the last decade with a total value of dozens of billions of dollars created in the public and private markets. The total market cap of the companies that went public in the last 5 years is about $9B and the total M&A transaction value reached $44B. The surging sums of funding (14% increase from 2016 to 2017 to about $5B) and the 300 cyber security startups that were funded in 2017 (including about 80 seed rounds) create a vibrant hyper-competitive arena. The evident gap between the capabilities and resources of the attackers and the ones of the defenders is not showing any signs of narrowing and continues to lure investors. Furthermore, the growing sophistication and ‘automation’ of the cyber perpetrators led to increasing enterprise awareness to cyber-attacks, as well as management’s increasing accountability.
Until a few years ago, cyber security products mostly ‘defended’ against cyber-attacks (e.g. firewalls, endpoint detection, etc.), but as enterprises acknowledged that their defenses could be penetrated, ‘Detection’ and ‘Remediation’ became new and required classes of products. Additionally, most enterprises began to use the public cloud, creating the need for cyber defenses to extend from on-premises data centers to applications and data running on IaaS. Enterprises also recognized the fact that insider threats need to be monitored, further expanding the defense landscape.
The cyber security market faced a peculiar dichotomy in 2017: while cyber-attacks and cybercrimes continued to escalate, with rising financial damages and increased funding from private companies, we also witnessed a decline in the value of M&A transactions compared to 2016 and only one IPO of a cyber security company during this year. Many of the companies that have been funded for 2-4 years and are growing moderately, continue to operate in a dense category or have a technology that does not substantially assist the IT security team anymore.
The slow down/decline in valuations is driven by the challenges in cyber defense adoption. Most enterprises now have over 40 cyber products (ranging from defense to detection and remediation). Companies and cyber analysts cannot effectively monitor and manage all these cyber products due to poor integration and an unmanageable number of alerts, driven mostly by false positives. Thus, spending levels are muted because of the company’s inability to properly integrate and leverage all of the new technologies.
Looking at the hundreds of venture-backed companies, what are the unique indicators that can predict an increased likelihood of success for an early stage cyber security start-up in the next few years?
“Green Light” Signs
Securing uncharted territories: fast growing technology domains (e.g. IoT and autonomous vehicles) create new security challenges. Companies that will be able to dominate these new markets will enjoy fast growth, while facing less intense competition.
Promoting simplicity: overworked and understaffed security teams are too often overwhelmed by complex products. Effective and simple-to-use products and technologies will have a significant advantage. Products that can demonstrate relieving the burden from the technical teams, as well as assisting with decision-making on the management and even board levels, will gain a competitive edge.
Performance improvement by x10 (compared to existing solutions): many new companies claim that they use advanced AI technologies to better prevent, detect, remediate, and stop attacks. But using AI by itself does not necessarily guarantee a major advantage over incumbent solutions. In this dense market, only a significant performance improvement can motivate a potential customer to consider adding a new product to their current stack, let alone replacing one.
Workforce efficiency: the growing shortage of skilled cyber security professionals will benefit products that semi or fully automate work processes, as well as decision making and intervention activities, especially if they are easy to deploy, train for use, and maintain.
Efficient and smart Go-to-Market: sales and marketing expenses that do not scale will not be accepted favorably by investors in the coming years. Products that are easy to demonstrate, are channel-ready early on, and that can leverage partnerships, will accelerate sales and grab market share faster.
Smart pricing and business models: pricing models that adapt to the fast rate of changes in technology, offer value-added upsell, as well as reduce the fear of prospective customers from long-term lock up, will thrive faster.
Outward and inward facing: solutions that can handle both external and internal threats, offering comprehensive protection, will be more competitive and appealing to prospective clients.
Replacing multiple vendors: CISOs want to work with the least number of products as possible.
Helping security analysts: solutions that increase efficiency and effectiveness, for example by using visualization, will attract more positive attention.
Providing comprehensive risk assessment: solutions that assist technical teams, management, board and cyber insurers in this aspect will fill a much-needed space.
“Red Light” Signs
Lagging in dense categories: companies that are placed in the 4th place and below in a 10+ players’ category face a major challenge because the number of potential acquirers in most cyber security categories is small. Moreover, their potential to grab significant market share in a market where CISOs are hesitant to engage with new vendors is small as well.
Not using AI/ML/Big Data Analytics: to fight advanced cyber-attacks requires using advanced technologies that learn and adapt rapidly to a constantly changing threat environment.
Stand alone: products that do not integrate with popular platforms or lack interfaces that can connect to the existing stack cannot effectively contribute to the critical need of businesses to detect and respond quickly to looming cyber-attacks.
Ignoring regulatory risks: solutions that collect data on their cyber security platform without meeting new regulatory requirements, such as GDPR, will not only deter CISOs but will end up failing because of the repercussions of their non-compliant features or operations.
Alerts, Alerts, Alerts: a typical SOC is already flooded with untreated alerts. Solutions that will not be able to help lower the burden of tasks, separating the false or minor alarms from the major and critical ones, will not generate the right effect, offering very little value, if any.
Solving small problems: when dealing with big and small cyber challenges, companies prefer to focus only on products that tackle the big ones.
The cyber security arena will continue to produce interesting news throughout 2018. On the positive side, we expect to see more IPOs and acquisitions than in recent years. Unfortunately, we also expect to see more negative news with companies shutting down due to losing the faith of their investors.