Blog

Cybersecurity Investors Reset, Look at Changing 2017 Landscape

  |   Allegis News, The Latest

Consolidation of startups is set to repeat as venture firms take on cautious stance

In 2016 venture capitalists invested $1.6 billion in cybersecurity startups, as of mid-December, according to the most recent data available from Dow Jones VentureSource. That falls well short of the $3.4 billion take for all of 2015.
That deal-making highlighted investors’ “wait and see” approach as concerns grew about the lofty valuations companies drew in 2014 and early 2015. Cybersecurity enjoyed a boom following a series of high-profile breaches, with enterprises beefing up spending on security products as legacy security providers struggled to provide innovative services.
Publicly traded security companies had a shake-up of their own. One of the leaders, Symantec Corp., acquired Blue Coat Systems in a $4.65 million deal. Intel Corp. sold the majority stake in its security business to private-equity firm TPG.
“In 2016, you had the attempted rise of the establishment to reassert itself,” said Kleiner Perkins General Partner Ted Schlein. “You saw the old guys trying to be relevant.”
Additionally customers faced a dizzying number of startups releasing cybersecurity products. Don Dixon, a managing partner at Trident Capital, said chief security officers he speaks to want “fewer throats to choke” instead of spreading their expenses around a multitude of vendors.
“They would like to see products more integrated rather than spend a lot on systems integration,” Mr. Dixon said.
Several venture capitalists said the consolidation the industry saw in 2016 will continue into 2017, in part because of a higher number of potential acquirers.
Mature IT companies like Oracle Corp. have been active in cybersecurity for some time, but now financial acquirers like Vista Equity increasingly are raising their profile as buyers, according to Mr. Dixon. Moreover, he said industrial companies like General Electric Co. and Emerson Electric Co. are increasingly investing in “Internet of Things” software, and they could potentially become active in acquiring security startups.
Bob Ackerman, managing partner at Allegis Capital, said venture firms have grown more cautious as they learn that not all the capital has been smartly deployed.

“This stuff is really hard, and unless you know the difference, it’s easy to invest in things that are not well-differentiated,” Mr. Ackerman said.

How the industry’s later-stage companies perform in the public markets could also affect private fundraising. This year saw a dearth of cybersecurity IPOs, and investors are closely watching the likes of Okta, ForeScout and Carbon Black, all of whom have signaled they are considering public offerings in 2017.

Also looming large is how the Trump administration, as well as unforeseeable world events, may affect security trends. Venture investors said the president-elect’s muscular talk on security could translate into a boon for the industry.

“I think that you’re going to see an increase in government security spending,” said Enrique Salem, a managing director at Bain Capital Ventures. “It’s hard to imagine any way you wouldn’t, given the amount of attention it’s getting.”

But there’s a question as to how easily startups could take advantage of such government spending. Startups often have struggled to bring on federal agencies as customers because the lengthy process puts a strain on small sales teams. The Obama administration used programs such as the Pentagon’s DIUx initiative to help bridge the divide. It is unclear how the new administration will treat that issue.

Apart from federal spending on cybersecurity, investors say there are many new security concerns that startups are uniquely poised to take on. Several say they are closely watching platforms addressing new attack vectors, such as those that might affect the Internet of Things.

Others predict 2017 will be the year that automation makes significant strides in cybersecurity. Investors say they’re looking to make bets on software that could augment the limited number security professionals, who are in high demand and command high salaries.

Mr. Ackerman said that certain companies with very differentiated approaches will succeed in 2017 as cyberthreats grow and enterprises continue to increase spending on products. However he noted that beyond high-end financial service providers, many IT managers want security programs that are more integrated, and some companies may struggle in that new reality.

“It will be a tale of two markets,” he said.

Write to Cat Zakrzewski at cat.zakrzewski@wsj.com