How To Become A Cybersecurity Entrepreneur In A Crowded Market
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
Yoav Leitersdorf and Ofer Schreiber
October 17, 2016
5 Min Read
Declines in venture funding often paralyze the technology community. Talk of bubbles, dying unicorns, and austerity can surge for weeks following a negative report. In response, many entrepreneurs hit pause on their dreams, believing they should wait for more favorable conditions. That approach is often misguided.
In our work as venture capital investors, we see this dynamic in the cybersecurity market today. In July, tech market analysts at CB Insights predicted that 2016 will see $3B in cybersecurity funding with over 300 deals. A year earlier, in 2015, analysts saw $3.75B invested in 336 cybersecurity deals. Barring some miracle, investments will continue to decline year over year.
When we drilled into the CB Insights data, we found an important discrepancy. The relative volumes of Series A, B, C, D, and E+ rounds have not changed significantly in 2016. In fact, the deal share of Series A rounds increased three percent. Conversely, ‘Seed’ and ‘Angel’ deals declined from 37 percent to 31 percent, a five-year low. This trend suggests that incumbents have doubled down in crowded niches, and would-be founders have hesitated.
Counterintuitively, the downturn in funding could offer ideal conditions for entrepreneurs. To find out, let’s begin with a question: What’s behind this decrease in early-stage investments? There are several factors:
Known Areas of Security Became Crowded with Strong Players
Established verticals like endpoint protection and network security are oversaturated. Even newer markets like SCADA security and cyber deception have at least 10 to 20 vendors each. VCs prefer not to support new startups in red oceans. Thus, funding in these areas has and will continue to decline.
CISOs Are Overwhelmed by the Variety of Solutions
Thanks to the dense competition, chief information security officers (CISOs) are overwhelmed with options, and that affects funding. Every day, cybersecurity startups bombard CISOs with dozens of similar products. That creates an undue burden on CISOs who don’t have the time to evaluate, purchase, and maintain a basket of point solutions. They’d rather choose broad platforms from established vendors. Frankly, a brand-name cybersecurity platform is easier to justify to shareholders, board members, and fellow executives. With CISOs hesitant to choose early-stage startups, VCs have scaled back funding.
Non-specialized investors wanted in
Perhaps most tellingly, investors without cybersecurity experience entered the market when it was bullish. Lacking the expertise to evaluate cybersecurity technologies, they financed startups with minimal differentiation and questionable leadership. The consequent bloating of valuations and over-saturation raised the costs of marketing, sales, and talent acquisition for everyone. Funding has slowed, in part, because it peaked unnaturally. Experienced cybersecurity investors want to let crowded cybersecurity markets fizzle.
So, if you’re a wannabe entrepreneur on the fence of launching a cybersecurity startup, is now really the time to do it? Absolutely yes.
Remember, funding conditions don’t change cybersecurity’s raison d'être. Breaches happen daily, and cybercrime will cost businesses over $2 trillion annually by 2019, according to Juniper Research. Think about what we expressed above: your would-be competitors are likely stuck in red oceans and might lack access to additional funding. Right now, you can choose a blue ocean and face less competition than you would in bullish conditions.
Consider, too, that enterprises face a global shortage of cybersecurity talent. According to Cisco, the world has 1 million unfilled cybersecurity jobs, and that number could reach 1.5 million by 2019. Peninsula Press estimates that the U.S. alone has 209,000 vacant roles. When we consult our network of high-caliber CISOs, they consistently voice demand for solutions that manage, orchestrate, and automate cybersecurity. Enterprises can’t adopt new technologies and compensate for the talent deficit – not without advances in cybersecurity.
Takeaways and Opportunities for the Security Pro
That dilemma raises an interesting challenge for enterprise security professionals as new technologies spur the need for new and innovative security solutions.
Cybersecurity almost always finds a new market two to three years after a disruptive technology emerges. Virtual containers, autonomous vehicles, and drones, for instance, have created some of the latest and greatest opportunities in cybersecurity. Right now, someone is inventing a technology that will spawn massive security issues. Who better to spot it than you? Why not make your move while capital is tied down in yesterday’s cybersecurity solutions? Why not approach CISOs with technologies they haven’t seen?
If you want to build the next great cybersecurity startup, we offer several suggestions:
First, recognize that brilliant technology doesn’t equate to a great product or viable business model. Perform due diligence on the markets in which you see opportunities. Build to sell, otherwise VCs will pass.
Second, understand the thin line between an emerging space and a non-existent one. The examples we mentioned – autonomous vehicles, virtual containers, and drones – they were nonexistent only a couple of years ago. Their security was an afterthought, and afterthoughts can make billion-dollar businesses.
However, if you create a technology before the market is ripe, you’ll spend precious capital educating the world on a problem that doesn’t exist. And then, if that problem does come to fruition, the second wave of startups will reap the benefits of your spending and hard work.
Third, build platforms, not features. As mentioned, CISOs have had enough with point solutions, which are what startups initially make. Even when you’re small, think big. Initially, design your solution to integrate with common security portfolios. In the long term, solve a set of interrelated problems. Among CISOs, you want a reputation for handling all security dimensions of an indispensable technology.
With the right team and point of view, entrepreneurs can thrive in cybersecurity, and tight funding can even provide a competitive edge because cybersecurity is not a fad, it’s a central problem of digital society. If you’re on the fence, that notion should give you comfort. Let tough funding conditions be a source of opportunity, not paralysis.
About the Author(s)
Managing Partner & Partner, YL Ventures
Yoav Leitersdorf and Ofer Schreiber are Managing Partner and Partner, respectively, at YL Ventures, which invests early in cybersecurity, cloud computing, big data, and software-as-a-service software companies, and accelerates their evolution via strategic advice and Silicon Valley-based operational execution.
Yoav Andrew Leitersdorf has been a successful tech entrepreneur and investor for the past two decades. YL Ventures, which he founded, invests early in core-technology software companies in and around the Internet, and accelerates their evolution via value-added involvement and Silicon Valley-based business development. He currently serves on the boards of six YL Ventures portfolio companies: Karamba Security, Twistlock, Hexadite, Seculert, Upstream Commerce, and FireLayers. He served on the boards of BlazeMeter until it was exited to CA Technologies, ClickTale until it was exited to Amadeus Capital, and AcceloWeb until it was exited to Limelight Networks.
Ofer Schreiber has broad responsibilities across deal sourcing, investment due diligence, and portfolio company value-add, and currently serves as a board observer of Karamba Security, Twistlock, FireLayers and Hexadite. Ofer joined YL Ventures from IVC Research Center where he spent nearly three years researching and analyzing the Israeli technology and venture capital industry. While at IVC, he specialized in the telecommunications, Internet, and mobile sectors and conducted research related to investment firms.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024
Laptop with ransomware, and bitcoin in the palm of a man's hand to illustrate ransomwareCyberattacks & Data Breaches