Connect with us

Hi, what are you looking for?


Cybersecurity Funding

Rate of Cybersecurity Venture Funding Not Sustainable, Investors Say

Venture capital firm Strategic Cyber Ventures (SCV) considers itself a part of the overall security industry. “First and foremost we are cyber operators,” it states on its website. “We advance cybersecurity through expert investment in synergistic teams and technology solving the world’s security problems.”

Venture capital firm Strategic Cyber Ventures (SCV) considers itself a part of the overall security industry. “First and foremost we are cyber operators,” it states on its website. “We advance cybersecurity through expert investment in synergistic teams and technology solving the world’s security problems.”

This week it published a report titled ‘The State of 2018 Cybersecurity Investing‘; being an analysis of venture capital funding in the security industry over the last 12 months. The first and most obvious point is that venture funding has continued to grow. In 2018 it exceeded $5 billion compared to under $3 billion in 2016. This, says the report, is simply unsustainable.

To make it worse, it is not unsustainable in terms of available financing, it is unsustainable in terms of the security industry generating enough profit to give the venture firms a return on their investment. Put another way, says the report, “there are likely many zombies out there.” In the finance industry, a zombie company is one that earns just enough money to continue operating and service debt, but is unable to pay off debt. Such companies cannot afford to invest for growth, and are perhaps just one problem issue away from insolvency.

Source: Strategic Cyber Ventures

(Image Credit: Strategic Cyber Ventures)

“Essentially,” SCV’s Chris Ahern told SecurityWeek, “they are there, not growing at particularly attractive rates that would command additional external investment. And their investors are tired of keeping them alive with additional internal rounds of capital.” More graphically accurate, SCV is suggesting that there are several cybersecurity companies that are just dead men walking.

Although the amount of financing grew last year, the number of deals was similar or less to those of 2017. There were three investment deals in 2018 each totaling more than $200 million (Tanium and CrowdStrike) or more (Anchorfree with $295 million). The largest individual deal in 2017 was the £180 million raised by Rubrik.

Noticeably, non-U.S. investment is growing, with $1 billion going to Asian and European firms, split evenly between the two regions. But this needs to be seen in context. California alone attracted around twice this investment; while the U.S. overall attracted four times the amount (just over $4 billion).

The DMV (D.C., Maryland, Virginia) region of the U.S. attracted just $1 billion in cybersecurity investments over the last four years — which is a bit surprising since the area is considered one of the best educated and most affluent areas in the U.S. (Wikipedia) — but of this amount, a paltry $80 million went to DC venture-backed start-ups. “As DC residents,” comments SCV, “we have to think there is more the city could do to entice cybersecurity companies to establish their headquarters in the city.”

Advertisement. Scroll to continue reading.

Mergers and acquisitions (M&A) grew to about $12 billion from around $9 billion in 2017 — but still well short of the $15+ billion of 2015. As usual, the greatest part of the M&A activity occurred in the U.S., accounting for around $11 billion of the total $12 billion.

The most significant acquisitions were Duo Security by Cisco ($2.4 billion), AlienVault by AT&T ($1.6 billion), and Cylance by Blackberry ($1.4 billion). Private equity got involved. Here the most significant acquisitions were Barracuda by Thoma Bravo ($1.6 billion), Bomgar by Francisco Partners ($739 million), and Centrify by Thoma Bravo ($400 million). IPOs were also strong in 2018. The most significant were Avast ($811 million), Tenable ($251 million), Zscalar ($192 million), and Carbon Black ($152 million).

“This is the second consecutive year of 4 cybersecurity IPOs. On deck for 2019 are rumored to be: CrowdStrike, DarkTrace, Pindrop, Tanium, and Illumio. Looking forward, we expect significant investment (both equity financings and M&A) in cybersecurity companies to continue in 2019, but at or just below the levels we saw in 2018.”

In fact, SCV believes the cybersecurity market — with all those zombies staggering around — will need both IPOs and M&As. “I think too much money is going into cybersecurity companies in general,” Ahern told SecurityWeek. “M&A and IPOs will have to keep up to see this money be returned to its investors. I think the M&A and IPO market will be strong, but perhaps not at the rates we’re seeing and the rates that are necessary to return this massive amount of capital that’s been put to work in 2018.”

Related: Industry Veterans Form Cybersecurity Investment Fund 

Related: Cybersecurity’s Venture Capital and Private Equity Money-go-Round 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights