Why cybersecurity technology is on the rise: Five relevant trends from a VC perspective
Here at signals Venture Capital, we invest in Europe-, US- and Israel-based Enterprise Software — startups that accelerate or disrupt how enterprises do business, manage operations, and engage their workforce. One of our latest areas of interest is cybersecurity. In our deep dive, we have found that European VC funding in this space is lacking behind. Below we share our thoughts on the cybersecurity tech landscape, including our motivations to invest in this space and the five most important trends we see in the sector.
Motivation #1: The uneven rise of cybersecurity - Team US+Israel beats Team Europe
In the past years, we have witnessed an (almost) incredible rise of the cybersecurity industry. Crunchbase reported that global venture funding in cybersecurity in 2021 soared to $21.8b, nearly a 145% YoY increase compared to 2020. This astonishing increase came along with over 1,000 deals in 2021 and a number of mega-rounds, including a $543m Series A for Israel-based Transmit Security.
Going one year back in time, the Cybersecurity Report 2020 shows that 89% of VC dollars went to US- and Israel-based startups. To our dismay, the UK accounted for only 3% of the funding and Europe was not even a category (alarms activated!).
Triggered by curiosity (and a little hurt pride), we dug deeper in Crunchbase data and reached a second finding: the average deal size for Seed and Series A rounds was at least 34% lower in Europe than in the US in 2020 and 2021. Naturally, with less funding, European startups cannot be as competitive as their American counterparts. A little hope: in 2022, so far, the mean size of Series A deals in Europe has been higher than that of the US. We know… With so much of the year left, there is plenty of time for the Americans to catch up. Or will they?
Motivation #2: A new landscape leaves gaps behind
As our investment thesis revolves around helping enterprises in their digital transformation efforts, we wanted to know why enterprise cybersecurity needs weren’t met. And we have discovered three factors that challenged traditional cybersecurity companies, allowing startups to boom in the sector.
Factor #1: new technologies used by hackers
New technologies like AI do not only bring new technological threats to deal with but also an increasing number of attacks due to automation on the hacker side. These two factors push SecOps teams’ boundaries to unexpected grounds. Furthermore, optimized and refined social engineering lowers the effect of anti-phishing measures causing employees (or private individuals) to fall into the trap.
Factor #2: the boom of cloud-services
The boom of cloud services has vastly increased the volume of data and digital assets to protect. This increase has been so sudden and large as to make it impossible for traditional cybersecurity companies to cope with the demand generated from their clients. Much of the newly stored data is highly sensitive (financial data, medical data, etc.) i.e., the perfect prey for ransomware. Besides, the increase of cloud services and cloud-based solutions comes with increased complexity in the IT infrastructure that is difficult to map, leading to more vulnerabilities.
Factor #3: regulation
The long-famous European GDPR, and CCPA and CPRA (their “equivalent” in the US) have not only limited business opportunities regarding data usage and transfer but also heightened the cybersecurity standards of companies that collect, store and analyze customer data. This requires companies operating in the cloud to find better solutions to effectively protect themselves against cyberattacks, including new ways to encrypt data. Now, not only technical processes should adhere to the cybersecurity standards, but business processes too.
The technological and regulatory challenges exposed above have a clear effect on businesses’ Profit & Loss statements as cyber-attacks might halt business operations, end up in ransom payments to recover data or bring fines by authorities if regulation is not followed. Cyber-attacks also negatively influence businesses’ reputation: especially in B2B, recovering from a data breach might be costly.
The five most important cybersecurity trends
Cybersecurity is no exception to other industries: startups are filling the gap explained above. Yet, this time startups might not simply be competing for market share; they offer new solutions to complement current ones, creating a holistic view of cybersecurity.
This way, an effective approach for cybersecurity could include laser-focus solutions of startups combined with other solutions from traditional providers. We could, of course, debate on whether hiring different providers for cybersecurity will be cost-effective for companies, but we will leave this debate for another blog post.
For now, we analyze some of the current trends in cybersecurity that help businesses gain cyber-protection and that we believe are hot in today’s venture funding.
Security Automation
This trend tackles the overwhelming volume of real and potential cyber-attacks that SecOps need to deal with. Each organization has different IT systems and not all attacks are equally threatening. Therefore, security automation helps SecOps teams identify those attacks that are likely to pose a real threat to companies’ infrastructure.
Powered by AI, security automation solutions also learn about new kinds of attacks quickly, shortening the time hacks remain undetected and thus preventing damage.
A good example of a security automation startup is Tines. The enterprise automation platform helps security and ops teams automate manual workloads. Ireland-based Tines has raised $41m to date since its birth in 2018. Other interesting startups in this sector are (1) TORQ, Israel-based startup providing threat intelligence solutions with $78m raised to date, and (2) Tenzir, Hamburg-based analytics solution for cyber-attack detection ($2.83m Seed round).
Attack Surface Management — Hacker Approach
Ever heard of customer-centricity? Once not so popular, being customer-centric is now a must-have in almost every organization. In a similar fashion, the hacker approach to cybersecurity is a way to look at the IT infrastructure from the outside i.e., look at the IT infrastructure from the perspective of the hacker. Solutions following this approach create a map of the “IT surface” that is exposed to the outside. With this knowledge, companies can expand the knowledge of their own IT systems and their vulnerabilities and, then, prevent attacks by eliminating weaknesses.
Of course, AI also helps here, for instance, by eliminating the need for the customer to prepare a list of IPs and other info as the tool identifies the attack surface on its own. Usually, information is laid out in easy-to-use dashboards that help SecOps teams in their daily tasks.
Born in 2015, Dutch Cyberprint is a successful startup following this approach. To date, they have raised $6.7m. Another exciting early-stage startup in this space is Hadrian. This London- and Amsterdam-based startup will be worth following!
Phishing Education
In its 2021 Cybersecurity threat trends report, CISCO says that 90% of data breaches come from phishing attacks. This number might be disheartening for SecOps teams, who might create the perfect cybersecurity IT infrastructure that is yet useless 90% of the time. Therefore, solutions to train employees and implement best practices against falling prey to phishing attacks are extremely necessary to help SecOps teams do their job and protect IT systems.
Startups following this approach have come up with solutions that train employees in identifying potential phish to then report it properly. AI (again) then helps classify those emails as spam or real phish so then SecOps teams can take appropriate actions.
US-based Cofense is a very good example of a company providing this kind of solution, however, it is not a startup anymore! It was founded in 2007 and it raised $58m before its 2018 $400m LBO by BlackRock. Talking about European early-stage, Phished ($1.11m raised in its Seed round) solves phishing issues by increasing employee’s awareness and sosafe ($73m raised to date) brings a solution for cybersecurity and data protection awareness. Tines (mentioned above) also provides solutions in this space.
IoT End-Point Security
Who hasn’t heard of IoT? The upsurge of devices connected to the cloud has brought up many new use cases enabling new business models or business opportunities. This trend is happening in B2C (e.g., sharing scooters) and in B2B (e.g., manufacturing). However, if things are connected to the Internet and are part of critical infrastructure, cybersecurity measures need to be taken to protect the data and processes related to them.
IoT endpoint security platforms recognize devices connected in the network to then monitor their behavior and vulnerability. These solutions also protect the firmware (SW for devices with a very specific task, industrial computers) and the memory of these devices.
Good examples of companies are Red Balloon Security and IOTech. The former was founded in 2011 in New York and has raised $24.53m to date, being a $21.9m Series A round in 2018 the latest investment. The latter is a UK-based startup that provides a full-blown management solution for Edge Management, including its cyber security. It has raised $10m to date.
End-to-end data encryption
This technology prevents unwanted parties to have access to certain information. Of course, the more sensitive, the more valuable the information for both their rightful owners and hackers.
There are different ways to tackle data encryption. One of them includes encrypting and decrypting at every stage the data is used. In this case, a third party will decrypt data to process it, before encrypting again to send it to the next step in the process. Other solutions allow third parties to process data without the need of decrypting it.
Solutions like the above help companies be compliant with GDPR and similar regulations which pose a need to follow very strict guidelines to be regulation compliant.
Lately, we came across Vaultree, a Dublin-based encryption-as-a-service startup that allows data processing without the need of decrypting data. They raised a $3.3m Seed round in 2021 and now looking for a Series A. US-based DataFleets is another early-stage startup providing privacy-preserving solutions. Before its $67m acquisition by LiveRamp Holdings in 2021, it had raised $4.5m.
A callout to cybersecurity startups
In our pursuit of investing in startups that help enterprises in their digital transformation, we at signals Venture Capital are convinced that cybersecurity will play an increasingly important role in the future.
If you are a cybersecurity startup based in Europe, the US, or Israel, and you are looking for funding: give us a shout!
