Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/17/2016
12:30 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How To Become A Cybersecurity Entrepreneur In A Crowded Market

If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.

Declines in venture funding often paralyze the technology community. Talk of bubbles, dying unicorns, and austerity can surge for weeks following a negative report. In response, many entrepreneurs hit pause on their dreams, believing they should wait for more favorable conditions. That approach is often misguided. 

In our work as venture capital investors, we see this dynamic in the cybersecurity market today. In July, tech market analysts at CB Insights predicted that 2016 will see $3B in cybersecurity funding with over 300 deals. A year earlier, in 2015, analysts saw $3.75B invested in 336 cybersecurity deals. Barring some miracle, investments will continue to decline year over year.

When we drilled into the CB Insights data, we found an important discrepancy. The relative volumes of Series A, B, C, D, and E+ rounds have not changed significantly in 2016. In fact, the deal share of Series A rounds increased three percent. Conversely, ‘Seed’ and ‘Angel’ deals declined from 37 percent to 31 percent, a five-year low. This trend suggests that incumbents have doubled down in crowded niches, and would-be founders have hesitated.

Counterintuitively, the downturn in funding could offer ideal conditions for entrepreneurs. To find out, let’s begin with a question: What’s behind this decrease in early-stage investments? There are several factors:

Known Areas of Security Became Crowded with Strong Players
Established verticals like endpoint protection and network security are oversaturated. Even newer markets like SCADA security and cyber deception have at least 10 to 20 vendors each. VCs prefer not to support new startups in red oceans. Thus, funding in these areas has and will continue to decline.

CISOs Are Overwhelmed by the Variety of Solutions
Thanks to the dense competition, chief information security officers (CISOs) are overwhelmed with options, and that affects funding. Every day, cybersecurity startups bombard CISOs with dozens of similar products. That creates an undue burden on CISOs who don’t have the time to evaluate, purchase, and maintain a basket of point solutions. They’d rather choose broad platforms from established vendors. Frankly, a brand-name cybersecurity platform is easier to justify to shareholders, board members, and fellow executives. With CISOs hesitant to choose early-stage startups, VCs have scaled back funding.  

Non-specialized investors wanted in
Perhaps most tellingly, investors without cybersecurity experience entered the market when it was bullish. Lacking the expertise to evaluate cybersecurity technologies, they financed startups with minimal differentiation and questionable leadership. The consequent bloating of valuations and over-saturation raised the costs of marketing, sales, and talent acquisition for everyone. Funding has slowed, in part, because it peaked unnaturally. Experienced cybersecurity investors want to let crowded cybersecurity markets fizzle.

So, if you’re a wannabe entrepreneur on the fence of launching a cybersecurity startup, is now really the time to do it? Absolutely yes.

Remember, funding conditions don’t change cybersecurity’s raison d'être. Breaches happen daily, and cybercrime will cost businesses over $2 trillion annually by 2019, according to Juniper Research. Think about what we expressed above: your would-be competitors are likely stuck in red oceans and might lack access to additional funding. Right now, you can choose a blue ocean and face less competition than you would in bullish conditions.

Consider, too, that enterprises face a global shortage of cybersecurity talent. According to Cisco, the world has 1 million unfilled cybersecurity jobs, and that number could reach 1.5 million by 2019. Peninsula Press estimates that the U.S. alone has 209,000 vacant roles. When we consult our network of high-caliber CISOs, they consistently voice demand for solutions that manage, orchestrate, and automate cybersecurity. Enterprises can’t adopt new technologies and compensate for the talent deficit – not without advances in cybersecurity. 

Takeaways and Opportunities for the Security Pro
That dilemma raises an interesting challenge for enterprise security professionals as new technologies spur the need for new and innovative security solutions.  

Cybersecurity almost always finds a new market two to three years after a disruptive technology emerges. Virtual containers, autonomous vehicles, and drones, for instance, have created some of the latest and greatest opportunities in cybersecurity. Right now, someone is inventing a technology that will spawn massive security issues. Who better to spot it than you? Why not make your move while capital is tied down in yesterday’s cybersecurity solutions? Why not approach CISOs with technologies they haven’t seen?  

If you want to build the next great cybersecurity startup, we offer several suggestions:

First, recognize that brilliant technology doesn’t equate to a great product or viable business model. Perform due diligence on the markets in which you see opportunities. Build to sell, otherwise VCs will pass.

Second, understand the thin line between an emerging space and a non-existent one. The examples we mentioned – autonomous vehicles, virtual containers, and drones – they were nonexistent only a couple of years ago. Their security was an afterthought, and afterthoughts can make billion-dollar businesses.

However, if you create a technology before the market is ripe, you’ll spend precious capital educating the world on a problem that doesn’t exist. And then, if that problem does come to fruition, the second wave of startups will reap the benefits of your spending and hard work.   

Third, build platforms, not features. As mentioned, CISOs have had enough with point solutions, which are what startups initially make. Even when you’re small, think big. Initially, design your solution to integrate with common security portfolios. In the long term, solve a set of interrelated problems. Among CISOs, you want a reputation for handling all security dimensions of an indispensable technology.  

With the right team and point of view, entrepreneurs can thrive in cybersecurity, and tight funding can even provide a competitive edge because cybersecurity is not a fad, it’s a central problem of digital society. If you’re on the fence, that notion should give you comfort. Let tough funding conditions be a source of opportunity, not paralysis.

Iren Reznikov  of YL Ventures also contributed to this article.

Related Content:

 

Yoav Leitersdorf and Ofer Schreiber are Managing Partner and Partner, respectively, at YL Ventures, which invests early in cybersecurity, cloud computing, big data, and software-as-a-service software companies, and accelerates their evolution via strategic advice and Silicon ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lucysecurity
50%
50%
lucysecurity,
User Rank: Apprentice
10/23/2016 | 2:54:26 PM
Is the Cybersecurity Market really crowded?
Thank you for this interesting article! We're sad to hear that there is a decreasing amount of early-stage investements. But we're not shure if it is due the factors you mentioned
  • Known Areas of Security Became Crowded with Strong Players: We absolutely agree that there is a kind of saturation. But when you look at the products and services from a closer view, then you'll recognize that the offerings often base on old fashioned concepts (acronym 1.0) and most of the stuff is absolutely overpriced. There's an huge space for innovation, the market is not ready for consolidation and amazonification yet.
  • CISOs are Overwhelmed by Variety: This is not in line with our perception. As a Software product company for IT-Security Awareness Products the CISO is one of our main buyer personas or at least an important influencer. Those CSOs we're in contact do not look like that they are overrun with products or services.
  • Non-specialized investors in the security market: The only thing we can say is that we've been approached by non-specialized investors only! And we are definitively a cybersecurity startup (okay, we're Swiss...)


We absolutely agree on the opportunities you mentioned. Of course you should build cybersecurity platforms and you are right that great technology only is not a sellable product or a viable business model. And of course, timing is elementary, don't be to early and not to late. We're convinced, that the time is right for real products, which can be bought and used out of the box with no or low consulting services on top - and which VCs will love!

Best regards, Palo from LUCY
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.
CVE-2019-12400
PUBLISHED: 2019-08-23
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this im...
CVE-2019-15092
PUBLISHED: 2019-08-23
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the user_url, display_name, first_name, and last_name columns in an exported CSV file created by the WF_CustomerImpExpCsv_Exporter class.