Attacks/Breaches
10/17/2016
12:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How To Become A Cybersecurity Entrepreneur In A Crowded Market

If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.

Declines in venture funding often paralyze the technology community. Talk of bubbles, dying unicorns, and austerity can surge for weeks following a negative report. In response, many entrepreneurs hit pause on their dreams, believing they should wait for more favorable conditions. That approach is often misguided. 

In our work as venture capital investors, we see this dynamic in the cybersecurity market today. In July, tech market analysts at CB Insights predicted that 2016 will see $3B in cybersecurity funding with over 300 deals. A year earlier, in 2015, analysts saw $3.75B invested in 336 cybersecurity deals. Barring some miracle, investments will continue to decline year over year.

When we drilled into the CB Insights data, we found an important discrepancy. The relative volumes of Series A, B, C, D, and E+ rounds have not changed significantly in 2016. In fact, the deal share of Series A rounds increased three percent. Conversely, ‘Seed’ and ‘Angel’ deals declined from 37 percent to 31 percent, a five-year low. This trend suggests that incumbents have doubled down in crowded niches, and would-be founders have hesitated.

Counterintuitively, the downturn in funding could offer ideal conditions for entrepreneurs. To find out, let’s begin with a question: What’s behind this decrease in early-stage investments? There are several factors:

Known Areas of Security Became Crowded with Strong Players
Established verticals like endpoint protection and network security are oversaturated. Even newer markets like SCADA security and cyber deception have at least 10 to 20 vendors each. VCs prefer not to support new startups in red oceans. Thus, funding in these areas has and will continue to decline.

CISOs Are Overwhelmed by the Variety of Solutions
Thanks to the dense competition, chief information security officers (CISOs) are overwhelmed with options, and that affects funding. Every day, cybersecurity startups bombard CISOs with dozens of similar products. That creates an undue burden on CISOs who don’t have the time to evaluate, purchase, and maintain a basket of point solutions. They’d rather choose broad platforms from established vendors. Frankly, a brand-name cybersecurity platform is easier to justify to shareholders, board members, and fellow executives. With CISOs hesitant to choose early-stage startups, VCs have scaled back funding.  

Non-specialized investors wanted in
Perhaps most tellingly, investors without cybersecurity experience entered the market when it was bullish. Lacking the expertise to evaluate cybersecurity technologies, they financed startups with minimal differentiation and questionable leadership. The consequent bloating of valuations and over-saturation raised the costs of marketing, sales, and talent acquisition for everyone. Funding has slowed, in part, because it peaked unnaturally. Experienced cybersecurity investors want to let crowded cybersecurity markets fizzle.

So, if you’re a wannabe entrepreneur on the fence of launching a cybersecurity startup, is now really the time to do it? Absolutely yes.

Remember, funding conditions don’t change cybersecurity’s raison d'être. Breaches happen daily, and cybercrime will cost businesses over $2 trillion annually by 2019, according to Juniper Research. Think about what we expressed above: your would-be competitors are likely stuck in red oceans and might lack access to additional funding. Right now, you can choose a blue ocean and face less competition than you would in bullish conditions.

Consider, too, that enterprises face a global shortage of cybersecurity talent. According to Cisco, the world has 1 million unfilled cybersecurity jobs, and that number could reach 1.5 million by 2019. Peninsula Press estimates that the U.S. alone has 209,000 vacant roles. When we consult our network of high-caliber CISOs, they consistently voice demand for solutions that manage, orchestrate, and automate cybersecurity. Enterprises can’t adopt new technologies and compensate for the talent deficit – not without advances in cybersecurity. 

Takeaways and Opportunities for the Security Pro
That dilemma raises an interesting challenge for enterprise security professionals as new technologies spur the need for new and innovative security solutions.  

Cybersecurity almost always finds a new market two to three years after a disruptive technology emerges. Virtual containers, autonomous vehicles, and drones, for instance, have created some of the latest and greatest opportunities in cybersecurity. Right now, someone is inventing a technology that will spawn massive security issues. Who better to spot it than you? Why not make your move while capital is tied down in yesterday’s cybersecurity solutions? Why not approach CISOs with technologies they haven’t seen?  

If you want to build the next great cybersecurity startup, we offer several suggestions:

First, recognize that brilliant technology doesn’t equate to a great product or viable business model. Perform due diligence on the markets in which you see opportunities. Build to sell, otherwise VCs will pass.

Second, understand the thin line between an emerging space and a non-existent one. The examples we mentioned – autonomous vehicles, virtual containers, and drones – they were nonexistent only a couple of years ago. Their security was an afterthought, and afterthoughts can make billion-dollar businesses.

However, if you create a technology before the market is ripe, you’ll spend precious capital educating the world on a problem that doesn’t exist. And then, if that problem does come to fruition, the second wave of startups will reap the benefits of your spending and hard work.   

Third, build platforms, not features. As mentioned, CISOs have had enough with point solutions, which are what startups initially make. Even when you’re small, think big. Initially, design your solution to integrate with common security portfolios. In the long term, solve a set of interrelated problems. Among CISOs, you want a reputation for handling all security dimensions of an indispensable technology.  

With the right team and point of view, entrepreneurs can thrive in cybersecurity, and tight funding can even provide a competitive edge because cybersecurity is not a fad, it’s a central problem of digital society. If you’re on the fence, that notion should give you comfort. Let tough funding conditions be a source of opportunity, not paralysis.

Iren Reznikov  of YL Ventures also contributed to this article.

Related Content:

 

Yoav Leitersdorf and Ofer Schreiber are Managing Partner and Partner, respectively, at YL Ventures, which invests early in cybersecurity, cloud computing, big data, and software-as-a-service software companies, and accelerates their evolution via strategic advice and Silicon ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lucysecurity
50%
50%
lucysecurity,
User Rank: Apprentice
10/23/2016 | 2:54:26 PM
Is the Cybersecurity Market really crowded?
Thank you for this interesting article! We're sad to hear that there is a decreasing amount of early-stage investements. But we're not shure if it is due the factors you mentioned
  • Known Areas of Security Became Crowded with Strong Players: We absolutely agree that there is a kind of saturation. But when you look at the products and services from a closer view, then you'll recognize that the offerings often base on old fashioned concepts (acronym 1.0) and most of the stuff is absolutely overpriced. There's an huge space for innovation, the market is not ready for consolidation and amazonification yet.
  • CISOs are Overwhelmed by Variety: This is not in line with our perception. As a Software product company for IT-Security Awareness Products the CISO is one of our main buyer personas or at least an important influencer. Those CSOs we're in contact do not look like that they are overrun with products or services.
  • Non-specialized investors in the security market: The only thing we can say is that we've been approached by non-specialized investors only! And we are definitively a cybersecurity startup (okay, we're Swiss...)


We absolutely agree on the opportunities you mentioned. Of course you should build cybersecurity platforms and you are right that great technology only is not a sellable product or a viable business model. And of course, timing is elementary, don't be to early and not to late. We're convinced, that the time is right for real products, which can be bought and used out of the box with no or low consulting services on top - and which VCs will love!

Best regards, Palo from LUCY
Game Change: Meet the Mach37 Fall Startups
Ericka Chickowski, Contributing Writer, Dark Reading,  10/18/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.