Keep up to date with the latest research
Every now and then we keep hearing about instances of cyber threats and attacks wiping out millions of dollars from various organizations. The cases have risen as several companies went completely digital, especially post-pandemic. 2021 saw a record rise in cybercrime with ransomware attacks rising by 151%. As businesses realize the importance of digital security, they are taking steps to keep their digital stack secured, making cyber resilience a top business priority. As per a survey by WEF, nearly two-thirds of businesses find it difficult to deal with cybersecurity incidents due to a lack of skills. Hence, they need to rely on partnerships with security firms to secure their business from such threats. Cybersecurity is a massive market with over $150 Bn in annual spending. It has led to a positive outlook toward cybersecurity startups. As a result, VCs are betting their money on security startups. 2021 is considered a record-breaking year for the sector as cybersecurity startups raised over $29 Bn in venture capital, outpacing the previous two years combined.
VC activity and trends
VC investments in cybersecurity have grown gradually over the years. In 2021, VC firms had a really big appetite for cybersecurity as the deal volume crossed $29 Bn, seeing a YoY growth of over 136%. With this, the size of the funding rounds has also increased for security startups, as 82 financing rounds grabbed a deal of more than $100 Mn.
As the startups in the sector are attracting VC money, there has been significant growth in the number of unicorns. About 30 cybersecurity startups achieved the unicorn status last year, with a few of them achieving the mark in just a few years of their inception. For instance, Orca Security, which was founded in 2019, raised $550 Mn in October at a valuation of $1.8 Bn. Wiz, a cloud security provider which was founded in 2020, is now valued at $6 Bn!
According to Momentum Cyber, cloud security has been the favourite segment to receive financing with a total of $4.3 Bn, followed by identity and access management receiving $3.4 Bn in funding, and endpoint security with $2.8 Bn. Geographically, the majority of the cybersecurity startups that received funding, securing over $17.4 Bn, belong to the U.S. followed by Israel (as per Crunchbase data).
Cybersecurity investment trend forecast
Based on the current momentum and growing threat landscape, the cybersecurity sector could see an even bigger year in 2022. This year, cybersecurity startups could see a market opportunity in the following areas, thereby drawing investors’ interest.
The crypto market is booming across the world. However, the area is also prone to growing amounts of cyberattacks. Most recently, Axie Infinity was a victim of one of the biggest crypto heists worth over $600 Mn. There are multiple cases like these, hence crypto security platforms (like Fireblocks) are expected to see investors’ focus. According to the Managing Director at Insight Partners, areas within crypto security, such as coin monitoring will see a critical focus. It is expected that large payment companies and even traditional market exchanges will carefully look at the space around security.
● Compliance and Auditing
2022 is likely to see a move towards “shifting left of compliance”, which intends to find errors early in software delivery for compliance and third-party audits. This also includes smart contract security audits. Some startups already working in this space include CertiK, Certora, and OpenZeppelin.
● Web3 and Metaverse
A large number of startups are exploring the web3 and metaverse space. This means startups involved in securing user identity and ownership could attract VC money. Identity management and authentication have already been popular in 2021, however, startups looking beyond and into the future of the internet could win big.
How to spot promising early-stage cybersecurity startups?
The number of cybersecurity unicorns and new startups in the sector is multiplying. As many startups are attracting VCs and raising funds at higher valuations, it is important to spot promising startups early-on to get higher returns.
YL Ventures, an America-Israeli VC firm specializing in early-stage cybersecurity investments, suggests some benchmarks that you can look out for. Some of the early-stage startups backed by YL Ventures include Orca Security, Enso Security, Grip Security, Piiano, Valence, and Eureka.
● Initial Revenue:
Series A companies with $500k in ARR attract strong investors. Best startups in the sector manage to reach the $500k benchmark in less than 18 months of operation. From this level, top-performing startups can reach $1 Mn in 18–24 months, which largely depends on the company’s ability to get relevant customers.
● Average Contract Value:
Contrary to founders’ concern, Average Contract Value (ACV) is rather a misleading point of comparison as cybersecurity goods and services, along with their business models, sales motions, and customer profiles, are far too divergent when compared across the industry. However, despite the divergence, it is expected that growth-oriented companies can improve their ACV over time as the company develops additional features and improves their ability to secure large enterprise customers.
● Initial Paying Customers:
On average, successful US-based cybersecurity startups will have closed their first payment within 12 months of their seed round. A company should aim to secure at least one paying customer one full year from initial funding. As per YL Ventures, at around the 18-month mark, a startup should aim for at least 10 paying customers. However, security startups in traditional and heavily regulated sectors may have a smaller number of contracts. They should instead focus on the size of the contract.
On average, successful startups will have a go-to-market (GTM) executive within the first year of securing seed funding. Apart from this, successful startups tend to have about 25 full-time employees by the 18-month mark, and the number doubles at around two years.
Cybersecurity’s demand on rise
The number of cyber threats is growing in current times, and they are not expected to decline in the near future. It is expected that over the next five years, global cybercrime costs will be rising by 15% per annum, and is estimated to reach $10.5 Tn by 2025. As businesses have made a shift towards a digitized economy, they need to protect themselves from such malicious attacks. Security companies are building themselves continuously with the necessity to deal with the present and possible threats. Contrary to the horizontal approach which focuses on enterprise applications, cybersecurity has now been focusing on the vertical approach so that specific pain points of each industry can be addressed.
The global spending on cybersecurity products and services is estimated to reach $1.75 Tn between 2021 and 2025. This number suggests the huge TAM potential that the industry holds in ensuring cyber safety. As the security concern comes to the forefront in business discussions, the cybersecurity bubble is going to rise and is not expected to burst any time soon.
– – – – –
This article has been co-authored by Tamanna Kapur, who is in the Research and Insights team of Torre Capital.