Cybersecurity: Industry Overview, Market Map, Global Investments
Cybercrime: Here to Stay
Cybercrime is here to stay. In fact, it is becoming more prolific and costlier than ever before, following the ubiquity of technology that now permeates almost every aspect of our lives. It is estimated that nearly one billion people were affected by cybercrime in 2017, a truly staggering statistic. The Annual Cybercrime Report estimates that cybercrime will cost USD $6 trillion by 2021, more than double the estimated USD $3 trillion in 2015, making it one of the greatest and fastest growing threats to organizations around the world.
In the last decade, an increasing number of high-profile data breaches and cybercrimes were reported in a wide range of industries, including even technologically savvy names such as Uber, Equifax, Facebook, Yahoo, British Airways and Marriot. The high-profile nature of many of these crimes has led to heightened consumer awareness, persuading businesses and governments to increase spending on cybersecurity solutions. Canada and its governmental bodies are no exception to this trend. In 2018, the Canadian federal government committed to strengthening the country’s position against online crimes through CAD $500 million in new funding to be distributed among businesses over the next five years. In aggregate, the result is a global cybersecurity industry that is expected to grow to USD $177 billion by 2025.
Cybercrime and related cybersecurity solutions can be as complex and varied as the underlying technologies enabling them. So where do we begin? This post is the first of a series where we will segment the cybersecurity market into its relevant components, highlight a number of players in the Canadian market, and articulate the OMERS investment thesis. In future posts, we will take a closer look at the US and global cybersecurity industries and expand our scope to include data privacy.
Cybersecurity Industry Overview
The cybersecurity industry covers a wide array of preventative and corrective operational functions (i.e. identify, protect, detect, respond, and recover) across virtually every medium (e.g. devices, applications, network, data, and users). There are many players in each segment, ranging from those tackling “traditional” forms of cyberattacks such as ransomware, phishing scams, and Distributed Denial of Services (DDoS), to those creating solutions for nascent or recently emerged technology infrastructures such as the cloud or the Internet of Things (IoT). Regardless of their place in the industry, cybersecurity solutions providers must evolve to address the ever-growing sophistication of cybercrime.
In our Investment Thesis section, we will outline some of the emerging trends in these segments that are poised to drive industry growth.
Canadian Market Map
Closer to home, the Canadian cybersecurity market features several players in each of the previously identified segments.
It should be noted that certain companies, in particular those with a services business model offer solutions in more than one segment (e.g. network security company using threat intelligence as a method to protect the enterprise network). In the chart below, we have placed them in segments where they exhibit a stronger presence or offering.
Global Venture Capital Investments in Cybersecurity
2018 has been a record year for investments in cybersecurity, as private capital has sought to invest behind secular growth trends in the space.
According to PitchBook, 2018 saw more than USD $5.6 billion was deployed over 437 deals, a 27 percent year-over-year increase by value.
Cybersecurity, along with the broader VC investment space, is seeing increasing investor appetite for growth stage rounds. This has resulted in fewer but larger financing rounds at more mature stages in company lifecycles. According to PitchBook, there were nine mega-rounds (deals over USD $100 million) in 2018, amassing a total of USD $1.7 billion and accounting for 28 percent of total funding.
Investors have sought unique expertise and talent to put capital behind. This talent has mostly been found in technologically advanced nations where governmental and military bodies have focused on cyberwarfare and cybercrime prevention for quite some time. As a result, North America leads the pack with USD $4.2 billion in VC funding in 2018, followed by Europe and Asia which attracted USD $550 million and USD $360 million in funding, respectively.
In particular, California and Israel have been the two most active hubs, attracting 100 and 45 deals in 2018, respectively. Maryland, Virginia, and Washington, DC, regions with a notable government presence, were the runner ups with a total of 30 deals between them.
M&A activity was strong in 2018 with a total USD $14 billion spent on acquisitions. The largest of those acquisitions have been listed below:
· Duo Security acquired by Cisco for USD $2.4 billion
· Imperva acquired by private equity firm Thoma Bravo for USD $2.1 billion
· Barracuda Networks acquired by Thoma Bravo for USD $1.6 billion
· AlienVault acquired by AT&T for USD $1.6 billion
Over the past few years, private equity firms such as Thoma Bravo have been at the forefront of industry consolidation. Major strategic and private equity acquirers since 2013 can be seen in the table below:
The IPO market was similarly robust in 2018 with 10 IPOs completed globally. Avast Software, Tenable, Zscalar, and Carbon Black raised over USD $150 million with a valuation of USD $1 billion or higher. Combined, these four companies raised $1.4 billion — nearly double the amount raised by the top four cybersecurity IPOs in 2017.
Looking ahead, CrowdStrike, Tanium, DarkTrace, Pindrop, and Illumio are all anticipated to IPO in the near future.
Check out Part Two for OMERS Ventures investment thesis in cybersecurity, including possible business models, market segments, impact of artificial intelligence.
To chat all things cybersecurity, connect with Jim Orlando and Soha Yasrebi on Twitter.
 While cybersecurity and data privacy often go hand in hand, cybersecurity primarily relates to protection of data from unwanted access while privacy relates to the administration and use of data.