Updated: Nov 14, 2019
Cybersecurity is no longer an afterthought. In the past it was considered a vertical market, but today it's needed across all business sectors, not just the technology industry. It has become a fundamental component of a company's infrastructure and therefore a mandatory investment for corporate enterprises, small and midsize businesses, as well as consumers.
There are really two drivers behind this growth: hackers with financial motivations and state-sponsored attackers. Couple that with the fact that every release of technology introduces vulnerabilities, whether it's a new application, or different modalities such as cloud security or bitcoin. There's no silver bullet; these security issues are not going to be solved easily and, consequently, we are having no issues finding good investments.
That said, there is a high volume of security companies out there. There's substantial duplication and a lot of private equity and institutional money funding these companies. In the last three years, we have seen an increase in private equity firms investing in later stages because they needed that shiny object in their portfolio to show limited partners before raising their next fund. This has created an environment that companies are raising larger rounds at higher valuations. If you look at the statistics, about 70 percent of all security exits are less than US$150 million. One of the biggest mistakes made by investors in cybersecurity is failing to understand the endgame of a company. It really is a specialist investment segment.
An area that we find interesting is the DevOps/SecurityOps space. De Angelis & Associates invested in a RASP (runtime application self-protection); Its software product enables developers to reduce time to market. The problem for many corporations is that they have hundreds of outward-facing applications that are ripe for hacking. When DevOps teams release or update an application, there are often unidentified bugs and security holes that are found after the application is pushed out live. Prevoty injects code into the DevOps cycle that looks for any potential vulnerabilities, allowing businesses to release their product faster because the security operations folks are comfortable that the threat will automatically be neutralized in case of an attack in production.
Artificial intelligence (AI) is also seeing growing interest in the cybersecurity space. This is a fundamental technology that we see underlying many security products, such as malware inspections. Companies like Reversing Labs, uses AI to understand not just if a piece of code is good or bad but to proactively determine how hackers are developing the malware. When they see the remnants of a previous hack, they understand the methodology hackers are using, which helps identify incoming attacks, as opposed to anti-virus companies, which just look at specific malware signatures. The automation of security—the proactive analysis—is going to make AI critically important.
Cybersecurity is now an extremely hot sector, so it's critical to understand the trajectory of technology.
The consumerization of security is another area of opportunity for investors. If you look at the legacy-dominant security companies, the amount of their revenue coming from the consumer sector is phenomenal, with little innovation. Consumers are purchasing more sophisticated security software. Standard anti-virus packages are now commodity products.
There is an opportunity to fund companies that build products that have traditionally been targeted at enterprises, now slimming them down for the consumer market. Physical security (home security systems), digital content protection, mobile security and Internet of Things (IoT) systems are in the market. The average home in the United States now has more than 25 devices with connectivity features, and it's very difficult to manage security on a case- by-case basis because these devices often don't talk to one another. The challenge is tying together all of these IoT technologies, as opposed to each device having its own security solution.
We continue to see huge potential in cybersecurity. However, it's now an extremely hot sector, so it's critical to understand the trajectory of technology and the security required to protect it, as well as how startups are implementing for these issues and what their endgame is. This will be the key to making successful returns.
Credit: BusinessInsider, The Wall Street Journal, Financial Times
© De Angelis & Associates 2019. All Rights Reserved.