Last week's stunning collapse of Silicon Valley Bank (SVB) could put a damper on the ability of venture-backed cybersecurity startups to secure vital capital for operations and strategic investments.

Security experts perceive that even the US government's swift move over the weekend to protect SVB customer deposits will likely do little to tamp down the uncertainty that the bank's sudden exit has caused.

Younger Startups Will Feel the Brunt

"Financial support in the form of lines of credit and venture debt is going to become much more difficult [for startups] to come by," says Rob Ackerman, founder and managing director of AllegisCyber Capital. "SVB was the leading source of that financing and with them gone, the slope of the hill for young startups just became that much more difficult."

SVB was, until the middle of last week, the 16th largest bank in the US with assets of more than $200 billion and total deposits of some $175 billion. Its troubles began March 8 when the bank, in a midquarter update, announced that it had lost $1.8 billion from the sale of US treasuries and mortgage-backed securities that it had purchased heavily in recent years. On the same day, SVB announced plans to raise $2.25 billion via public offering to pay customers seeking to withdraw their deposits from the bank.

The news triggered a near immediate run on the institution, as spooked investors and customers withdrew a staggering $42 billion from the bank in a 24-hour period — leaving SVB with a negative balance of $958 million by close of business March 9. A day later, on Friday, March 10, federal regulators declared the bank insolvent and seized its deposits, signaling the biggest banking failure since the collapse of Lehman Brothers in 2008.

Containing the Damage

Over the weekend, the Federal Deposit Insurance Corporation (FDIC) as receiver created a new entity called the Deposit Insurance National Bank of Santa Clara (DINB) and transferred all of SVB's deposits to it. On March 12, a US government scrambling to prevent a broad meltdown across the banking sector quickly announced that depositors would have full access to all of their money at SVB starting Monday, March 13. In a statement, Secretary of the Treasury Janet Yellen said the government would extend the same exception for customers of Signature Bank of New York, which also went insolvent over the weekend.

Analysts see SVB's failure as taking an especially heavy toll on the technology sector. "SVB was a foundational cornerstone of the financing ecosystem for the innovation ecosystem, and the cybersecurity industry is no exception," Ackerman says. "They were arguably more influential than any other single player to the growth and success of tech startups."

Virtually every venture firm was engaged with SVB at some level — be it the venture firms themselves or their portfolio companies banking at SVB. And within the security community, they were vital to the banking and financing needs of the sector in the US, Israel, and the UK, Ackerman says.

A Revaluation of Investment Practices?

Richard Stiennon, chief research analyst at IT-Harvest, says public reports show that some 500 cybersecurity vendors banked with SVB — a not-surprising number considering there are 640 cybersecurity firms just in California alone. The move by federal regulators to ensure that SVB customer deposits remained untouched has relieved some of the early anxiety over the failure when many cybersecurity firms faced the real prospect of being unable to make payroll.

"The VCs that were locked out of their accounts on Friday spent a long weekend trying to save their portfolio companies, while their own funds were unavailable," Stiennon says.

That experience will likely leave them reevaluating their practices. "I fully expect a dearth in new investments in cybersecurity," Stiennon says. Cybersecurity investment activity in the first two months of 2023 has already been low; at just $1.7 billion so far, it's back at 2020 levels. 

"Companies, which were raising to extend runways, will either have dramatic down rounds or actually have to shut down," he says. Limited partners, or the investors who back VC initiatives, are going to be reluctant to put more money into funds. And with the generous venture funding that was available only through SVB now gone, startups have three options, he says. They have to either find a way to become profitable, significantly cut costs, or find a new funding source.

"Companies with good technology and good teams may be snapped up by strategic investors at rock-bottom valuations," Stiennon notes. "Private equity firms will have a unique opportunity to snap up some good companies."

Spreading the Financial Risk

Expect to see VC firms and their portfolio companies diversify where they hold their deposits, Ackerman adds. Increasingly, they are going to be looking for the security offered by much larger financial institutions — which, however, are unlikely going to be as supportive or as understanding of the requirements of innovative cybersecurity firms, he notes.

Analysts also expect that the SVB debacle will have an impact on how and from where enterprise organizations source their cybersecurity requirements, at least in the short term. SVB's failure has drawn attention to the risks associated with buying from startups, and many companies are going to be looking for the security that more established, mature organizations offer.

"I'd expect procurement teams to introduce more hurdles in the due diligence process of earlier-stage vendors to understand the underlying resilience of the cybersecurity vendors' financial ecosystem," Forrester analyst Jeff Pollard tells Dark Reading. Enterprise procurement staff are going to want to know more about the concentration risk and resilience of their vendor's banking processes, he adds. And they will likely need reassurances that if a similar scenario plays out again, their early vendor can continue to make payroll or pay critical suppliers for a specific period of time.

Also, cybersecurity startups will increasingly look to bank with more than one entity to spread risk. "The problem with that is many startups worked with SVB because SVB made it easy for startups to work with them," Pollard says. 

Now startups are going to have a hard time working with other banks, because cyber startups tend to have more volatility in their cash flows, he notes. "In addition, many founders may not be US citizens, which can create its own set of issues when trying to establish accounts."