Crisis-time update from a European VC with 13 investments in Cyber
By Gabriel Lévy with the help of Marc Rougier, Louisa Mesnard & Saish Rane
Is Cyber truly crisis-proof?
The current macroeconomic crisis has hit hard: from public markets to private investments, the fall has come hard on some sectors and through a general slowdown in funding influx (-44% in Europe). After a record 2021, tech startups are faced with layoffs and falling valuations. In this world wide downturn, many analysts have considered Cyber as defying macro-trends, often qualified as resilient, resistant, even antifragile because, like us, they are strong believers in the core mission of Cybersecurity: enable new technologies, new processes, in a secure and durable way.
Turns out Cybersecurity has been hit as well.
After a spectacular growth due to Covid, Cyber companies were at the very sweet spot of the stock market, (x50 EV/ARR for Crowdstrike pre-crisis, >70X for SentinelOne at its prime). Yet, crisis has hit hard, even the once untouchable stars (30% of loss for Crowdstrike & 50% for SentinelOne on public markets), triggering layoffs (like Cybereason despite ransomware surge and Snyk that each reported to let go of 200 employees) in times where attacks are not slowing down, and that is an euphemism.
Even if it is too early to properly distinguish long-term re-evaluation, post-bubble correction, or healthy restructuring from each other, it seems Cyber is back in the rational world.
However, Cybercrime is thriving
As every hero needs a super villain, cybercrime is the true driver of cybersecurity as one is forever fighting the other. Hackers, either for geopolitical, ‘business’, or just evil reasons are not slowing down anytime soon with cybercrime expected to cost $10.5 trillion annually by 2025.
Ransomwares were and still are spreading all over the place, with huge ransoms to unlock the whole infected IT infrastructure. EDR (Endpoint Detection and Response) going way beyond traditional EPP, is an immediate need for all CISOs. In 2022, the average cost of a ransomware attack has grown to $1.4 million (Sophos State of Ransomware 2022).
On top of this, this multi-trillion-dollar ‘market’ has experienced huge growth thanks to the implosion of the Enterprise perimeter : fragmented and dynamic infrastructures on the Cloud, and Future of Work (accelerated by Covid). Cloud drew first blood and Covid tore down the reluctant.
Cloud drew first blood and Covid tore down the reluctant.
Companies had to evolve to a remote-first workplace in a matter of days. Each shortcut was a potential exploit that could yield catastrophic results. On top of protecting their own perimeters, 3rd party software now becomes a huge risk: Solarwinds’ attack, Log4j, Microsoft Exchange exploits are only examples of the shakedowns that the market experienced in the last few years with huge consequences: 18,000 customers of Solarwinds were attacked through a vulnerability in its infrastructure, with customers ranging from the Fortune 1000 to federal and national agencies. Thus leading to the urge to implement SBOMs (Software Bill Of Materials)
With the Cloud revolution, comes new challenges that were not even imaginable before a full-scale implementation: Application, Firewalls, Data Security, Governance, Supply Chain Security, all sub-sectors of Cybersecurity need to follow through, adapt their approach, or for the less agile, make room for the new challengers. As an example, Snyk has completely reshaped the Application Security space within less than 8 years, triumphing over decades-old incumbents.
Beyond the market correction we are witnessing now, we at Elaia believe that we are at a turning point for the next wave of Cybersecurity. Executive Orders from the White House, European regulation, global awareness of the urgent need to protect its infrastructure, are only indicators of a huge trend underneath.
From monolith to Risk-based security for a software-defined perimeter
Cybersecurity is not a monolith that is updating its stack on a fairly regular basis. DevSecOps, Edge Security are only the tip of the Zero-Trust iceberg, a more pervasive vision of Cybersecurity: Cyber is increasingly getting incorporated into the underlying stack and less considered as a separate entity perfectly embodied with the ‘Single Pass’ vision in Cloud/Telecom Security.
Cybersecurity is therefore yielding a diversified, high-paced, high-reward opportunity for investors. Europe represents both a talent pool and a formidable playground for Cyber startups thanks to European awareness (finally).
We therefore see a strong increase in advanced defense tools such as EDR (Endpoint Detection and Response), Software Supply Chain Security, SOC platforms, Network Observability… since the war on numbers with this huge talent need in Cyber is not worth fighting.
No wonder then, that a cloud security Israeli startup, Wiz, holds the record for being the fastest company to go from $1m to $100m ARR (18 months), beating Slack, UiPath and even Deel to the punch.
This is exactly why, at Elaia, we have invested in 20 companies in Cloud Infrastructure & Cybersecurity among which 13 in Cybersecurity throughout Europe and Israel. Beyond our passion for this sector and our strong commitment to the values it embodies, we are confident in the transformative need of more cybersecurity in our corporates, SMBs, governments and hospitals. With two high-quality exits to date (one to F5 Networks, one to SandboxAQ), Elaia has demonstrated not only its interest but also the potential of Cyber in Europe.
As this is a fast and highly complex market, we have developed our own simplified segmentation of cyber sub-sectors and how our investments reflect it so far. Cyber is undergoing a high-stakes evolution in a time of global crisis, we are adamant on this opportunity and will continue to be proactive on this very promising market.
Recent events have been hammering down the old fantasy of static perimeter. As Cyber is closely following Infrastructure, it is now faced with an ‘adapt or die’ dilemma. In other words,
Cyber is dead, long live Cyber.