5 Macro Trends in Cybersecurity

*These opinions are solely my own and don’t represent those of anyone else including my employer*

The following are 5 macro trends I’ve noticed in cybersecurity and a rationale for why investors should be looking out for these trends. I’ve also included a set of top cybersecurity companies (growth and early stage) I’m excited about that are taking advantage of these trends.

5 Cybersecurity Macro Trends:

1. Breach investigation companies will benefit from GDPR
2. Zero-trust architecture companies (like Palo Alto Networks) are changing buying patterns
3. Customer-managed keys (bring your own encryption) will become a must
4. Industry-wide shortage of qualified security professionals
5. Breach insurance companies will take off in 2020

Why are these Cybersecurity Macro Trends?

1) Breach investigation companies will benefit from GDPR. Breach disclosure laws have caused a soaring number of breaches over the past 10 years in the US. Every state in the US now has breach disclosure laws (as of this year). Public disclosures increase public awareness which leads to increases in companies’ budgets for security. Pre-GDPR in Europe, the laws rarely required breach disclosures. Now GDPR forces immediate disclosure of breaches of PII. Over the next few years, the number of disclosed breaches in Europe is going to soar. Breach investigation companies and supporting software stand to benefit.

2) Zero-trust architecture companies (like Palo Alto Networks) are changing buying patterns. Instead of segregating networks into trusted and untrusted networks, the industry today is moving towards treating all networks as untrusted. Without trust relationships, you force better security of everything on the network. While Palo Alto Networks is the leader today, end-point security is where the industry is headed — offering heightened awareness of patching and intrusion detection. Carbon Black is cited as a good example of a company positioned to win this vertical.

3) Customer-managed keys (bring your own encryption) will become a must. Enterprise customers want to be able to use their own encryption systems while working with a cloud vendor. Box started this trend a few years ago. Now all the major software vendors have customer-managed keys. Slack is the latest to announce support. This is becoming a hard requirement for large enterprises.

4) Industry-wide shortage of qualified security professionals. Automation will be key to solving the crunch in security jobs, an industry with significantly more openings than qualified people. Many tasks are repetitive and ripe for automation (ex. investigating alerts). Respond Software is cited as a good example of a company positioned to win this vertical.

5) Breach insurance companies will take off in 2020. Enterprise customers and cloud vendors have been increasingly requiring breach insurance. At the moment however, the risk models are unsophisticated relative to other insurance offerings. They gauge risk based on number of computers in an organization and other simplistic measures. Look out for companies in this vertical in 2019 that could take off in 2020.

Companies taking advantage of these Macro Trends:

Growth Stage:

1. Dragos (Crunchbase) — The Dragos Platform does threat behavior analytics and incident response and offers significantly easier integration than competitors. [fits Macro Trend 1, 2]
2. Biocatch (Crunchbase) — a B2B behavioral biometrics cyber security platform that analyzes signals (i.e. mouse movement) to generate unique user profiles and protect end customers from fraud. [fits Macro Trend 2, 4]
3. Respond Software (Crunchbase) — automates the response to security alerts so security professionals can focus on less repetitive work while organizations can automate jobs that are already very hard to fill. [fits Macro Trend 4]
4. Other large corporations include Hashicorp, BetterCloud, and Druva

Early Stage:

1. IronCore Labs: a data privacy platform for controlling data in the cloud. Poised to take advantage of increased demand for customer-managed keys and mushrooming privacy laws. [fits Macro Trend 1,3]
2. Automox: Patch management company which improves the time to patch security flaws by 90%. [fits Macro Trend 4]
3. Intellici — identifies and disables malware at the network/ISP level before it proliferates and attacks. (Stealth — reach out for details)
4. QuantLR — uses cutting-edge quantum communications to secure point-to-point enterprise data transfer. (Stealth — reach out for details)

Max majored in Computer Science and Public Policy major at Princeton and worked in data security for the Federal Trade Commission.