Since my first role at Apple in the 1980s, I have seen the cybersecurity industry's many highs and lows. We overcame the economic challenges brought on by the 2000 dot-com crash and the 2008 recession. Despite the hardships caused by these market realignments, we also saw great innovation and the emergence of major players including Mandiant, Palo Alto Networks, and Zscaler. The endpoint security market was born soon after, as other leaders like CrowdStrike, Cylance, and SentinelOne entered the market.
The challenges posed by the COVID-19 pandemic and the move to working from home in 2020 meant we had to build out cloud network infrastructure capable of supporting this major societal shift. It also introduced a new class of startups looking to secure identities. Once again, the cybersecurity industry came together to prove its resiliency and innovative spirit during that time of digital transformation – especially as threat actors looked to take advantage of struggling organizations.
Each period of correction has had its own unique challenges. While difficult, these time periods are a return to the reality of where the market truly is or should be. Taking a longer-term view, the cybersecurity industry has actually survived and thrived during these periods of economic realignment.
The State of Funding and Growth
Look at what is being created now in 2023. Massively impactful innovations are being developed in all sectors – from cybersecurity to artificial intelligence (AI) and quantum computing, to IT management and information security – and all of the ways they intersect.
While the market will inevitably change, it is a natural life cycle where new things must be created as others phase out. Each day, I see the innovation economy still booming as cyber startups solve emerging problems. Customers across industries still need these solutions, and cyber investors stand ready to support them because we all recognize the importance of agile, front-line innovation and entrepreneurship in powering enterprise success and economic growth.
While it may take longer for startups to secure funding because of the additional due diligence now required, this will ultimately enhance the quality of each investment itself. As valuations normalize, we’ll see a “leaning out” of oversaturated markets. While painful, this is ultimately a good thing, ensuring only the most effective solutions will make it. The market simply cannot sustain dozens of duplicate companies competing in the same markets. With fewer companies fighting over the same space, we’re confident that new frontiers of innovation will open and new investment will flourish. The companies that are building on the right ideas with the right entrepreneurial teams will receive funding – even in the face of new challenges.
We Are in the Early Innings of a Critical Global Market
Despite all of the challenges a market normalization can bring, the biggest existential risk for any organization is still a data breach or a cyberattack. These threats have global implications too, as we’re witnessing an increasing number of sophisticated supply chain attacks worldwide.
We are entering a new wave of innovation, with the responsible use of AI to further drive efficiencies and new capabilities in every business and aspect of our lives. The entire infrastructure to safeguard the use of AI will be a great area of opportunity for investment. Interestingly, the bad guys have already been using it to automate phishing and business email compromise (BEC) attacks and to create ransomware-as-a-service for financial gains.
With the understanding of the financial and reputational fallouts that accompany a data breach or cyberattack, today’s economic climate has taught us how important cybersecurity is for the success of an organization. Markets will always continue to fluctuate, but strong cybersecurity must remain a constant.
In this sense, the role of the CISO has never been more critical, specifically in elevating cybersecurity and deliberately building it into business initiatives from the onset. As we saw with the enactment of the Sarbanes-Oxley Act of 2002, the need for more oversight led to the evolution of the CFO in influence and impact.
Right now, the combination of regulatory requirements and market reaction to cyber events is similarly elevating the role of the CISO to be more strategic in enhancing business productivity and success. CISOs and security experts must not only coexist, but they must also collaborate with the rest of the C-suite and board. The direct result is increased innovation, accelerated adoption of critical technology, cost reductions, improved reputation and customer satisfaction, and greater stakeholder trust.
Better Together and Always Resilient
I’ve seen a lot in the past few decades, and one thing is for certain: Our industry is resilient. The nature of our business is to never give up against the ever-evolving threat actors who continuously try to evade our cybersecurity innovations. So, too, must organizations and their leaders never give up during times of economic challenges.