There's a huge need for cybersecurity, but many start-ups firms aren't finding the promised land they were looking for. What's happening here?
With no end in sight for the cyberattacks being perpetuated, big corporations are leaving no stone unturned in how they protect their networks, with cyber spending levels rising to record levels year after year. Venture capital funding has also poured into the space—nearly US$5 billion last year—making cybersecurity one of the most well-funded sectors of technology.
Yet exits have not kept up with this heightened investment. Cybersecurity companies are trying and failing to go public or to sell themselves, as tomorrow’s promising technology can suddenly become yesterday’s news and company founders set unrealistic expectations for valuations.
Only one cybersecurity company went public last year, compared to three the year before and four the year before that. There have been very few cybersecurity multi-billion deals either as traditional technology acquirers Cisco, HPE, Microsoft and IBM also continue to do either much smaller acquisitions or build their own products instead of spending the cash on larger companies.
A crowded playing field
There are an estimated 2,500 cybersecurity firms in existence today, with 300 new ones entering the market each year. To stand out, companies need to show they can do more than just specialize in one feature.
Plus, large corporations – the ones that need cybersecurity protection and have the resources to pay for it – seem to be trying to consolidate the number of firms with which they’re working.
So, even if a smaller cutting-edge company has a better product, some companies may save themselves the trouble of having to check out yet another vendor and having to integrate the wares of a startup.
What does the future hold? Fire sales?
In the meantime, the cybersecurity firms that have been well-funded by venture capital are in a purgatory of sorts. They aren’t confident they’re big enough or diverse enough to go public, but aren’t appealing acquisition targets, either. If they can’t merge or consolidate, they’re in something of a holding pattern.
This is where private equity could play a role. The woes of many cybersecurity firms may be precursor to a major wave of consolidation in the sector led by private equity firms whose strategy is to pick out promising technology at cheap valuations. But that could mean a much smaller payoff and return for cyber security investors and entrepreneurs.
Keep up with all that’s happening with what’s happening at the World Economic Forum by checking in with Davos updates from our on-the-ground teams.
For more up-to-the-minute information, visit Reuters.