{"id":16888,"date":"2023-02-03T18:32:03","date_gmt":"2023-02-03T17:32:03","guid":{"rendered":"https:\/\/www.show.it\/cyber-insights-2023-venture-capital\/"},"modified":"2023-02-03T18:32:03","modified_gmt":"2023-02-03T17:32:03","slug":"cyber-insights-2023-venture-capital","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/cyber-insights-2023-venture-capital\/","title":{"rendered":"Cyber Insights 2023: Venture Capital"},"content":{"rendered":"
\n
\n
\n

About SecurityWeek Cyber Insights |<\/strong> At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs.<\/em><\/p>\n<\/div>\n<\/div>\n

\"Cyber<\/figure>\n<\/div>\n

SecurityWeek Cyber Insights 2023 | Venture Capital \u2013<\/strong> We are in a period of huge turmoil. Cybercrime is increasing and becoming more destructive, driven by better organized criminals<\/a> and geopolitically active nation states<\/a>. And many commentators believe there is a strong likelihood of a global recession before the end of 2023.<\/p>\n

Here we have one simple question: how will these political\/economic conditions affect venture funding for cybersecurity firms during 2023?<\/p>\n

Background<\/strong><\/h2>\n

The bad news in any economic downturn is that business suffers, profits dip, staff are laid off, and budgets are cut. The better news for cybersecurity vendors is that they are somewhat insulated from these effects. Cybercrime is more likely to increase than decrease during a recession, and business must retain a strong cybersecurity posture if they wish to survive. The demand for strong and proven security controls will continue.<\/p>\n

At the same time, the availability of capital for investment in new and growing cybersecurity firms remains constant and high, and is largely unaffected by short term economic downturns. This available capital is known in the venture capital industry as \u2018dry powder\u2019 (capital that is available and ready for use).<\/p>\n

None of this means that all cybersecurity vendors will survive the downturn, nor that all will remain profitable. At the very least, profits are likely to dip as business is forced to do more with less resources. Dry powder isn\u2019t money to burn, and the venture capital industry will adapt its priorities for new and further investment to the current realities.<\/p>\n

One area that will stand proud despite economic headwinds is the cloud. \u201cCloud software is the deflationary force enabling productivity in a high inflation environment. Cloud-native is not an option, it\u2019s a necessity,\u201d wrote Battery Ventures in its State of the OpenCloud 2022<\/em> report published in November 2022.<\/p>\n

Dry powder<\/strong><\/h3>\n

Dry powder is raised from the VC industries\u2019 limited partners (LPs). These might be pension funds, endowments, family offices, sovereign wealth funds, and corporations. \u201cMost funds operate on a ten-year lifecycle, with funds typically being deployed over the first four or five years of a fund\u2019s life,\u201d explains Sidra Ahmed, investment principal at Munich Re Ventures \u2013 explaining the continued availability of investment funds despite current economic conditions.<\/p>\n

According to Pitchbook data, there was approximately $290 billion of cumulative dry powder committed to venture capital as of the first half of 2022. It is these funds that are called on when venture capitalists invest in companies. It must be said, of course, that VC\u2019s dry powder isn\u2019t committed solely to cybersecurity firms although cybersecurity remains a favored investment area.<\/p>\n

Different VC organizations tend to specialize in different areas. For example, \u201cYL Ventures raised its $400 million fifth fund at the beginning of 2022, dedicated exclusively to investing in Israeli cybersecurity startups,\u201d explains Yoav Leitersdorf, managing partner at YL Ventures. \u201cThis fund has been used to invest in only a small number of companies to date, all of which are still in stealth, in line with our very disciplined strategy of investing strategically in a select number of exceptional startups.\u201d<\/p>\n

VC organizations try to use all the funds they get from their LPs \u2013 but not at any cost. They still need to demonstrate value to the LPs. Bad investments will lead to difficulties in raising new funds, while not using the funds raised is like a business unit not using its whole annual budget \u2013 it might lead to a lower budget next year.<\/p>\n

The difficulty for cybersecurity firms in raising investment funds in 2023 will not be because the funds don\u2019t exist, but because the VC firms will be taking more concern over where the funds are invested.<\/p>\n

Effect of an economic downturn<\/strong><\/h3>\n

\u201cThe pace of investing is certainly going to change,\u201d comments Ahmed. \u201cWith more uncertainty around budgets and sales cycles, investors will spend more time assessing deals that are able to withstand a time of austerity \u2013 companies with critical productions and solutions will be prioritized. There will be a lot more scrutiny of deals, valuations, and co-investors. Investors will also be focused on supporting their own portfolios.\u201d<\/p>\n

\n
\"\"
Jake Heller, Partner & Head of Tech Growth, Americas at KKR<\/figcaption><\/figure>\n<\/div>\n

Jake Heller, partner at KKR and head of tech growth equity Americas, believes the impact is unlikely to be felt evenly. \u201cWe have already seen the pullback in public markets affecting fundraising for some growth and early-stage companies,\u201d he said. \u201cIn general, we expect the tightening of funding conditions to continue into 2023; however, we believe that capital will continue to be available to entrepreneurs and management teams who are able to effectively manage costs and allocate capital to growth opportunities with high potential for returns.\u201d<\/p>\n

Translated to the market, this all implies that startups don\u2019t necessarily have sales targets that they can miss and can possibly ride out a recession before they need to show sustained profits; mid-growth companies seeking growth funding are likely to suffer with lower-than-expected profits and be less attractive to VCs; while established firms preparing for an IPO will likely need to survive the recession before proceeding.\u00a0<\/p>\n

\u201cMarket conditions had a dramatic impact on 2022 funding rounds, and we aren\u2019t out of the woods yet,\u201d says Leitersdorf. \u201cThe fallout is trickling from the top down. IPOs dropped this year from thousands to just over 100, the lowest number since 2016. There was a near stall in growth stages and a significant slowdown in Series C and D rounds, a steep decline in Series B rounds and a struggle to raise significant Series A rounds.\u201d<\/p>\n

In short, money is still available for attractive startups (seed and possibly A rounds), will require deeper consideration for growth equity (B, C and D rounds), and is much more difficult for pre-IPO companies (E rounds and above). In the last case, venture firms are looking closely at M&As to consolidate and strengthen their existing investments \u2013 but in all cases (apart from startups) venture firms will concentrate on further investments in their existing portfolios.\u00a0<\/p>\n

Outlook for startups<\/strong><\/h3>\n

Leitersdorf remains upbeat on the prospects for investment in cybersecurity startups in 2023. \u201cIn today\u2019s threat landscape, cybersecurity risks have become business risks. Organizations cannot afford to be lenient with threats to their assets, and executives now understand that security has a direct impact on their company\u2019s reputation, business continuity and revenue,\u201d he explains.\u00a0<\/p>\n

\u201cTherefore, security will continue to be top-of-mind, as long as attacks continue to grow and evolve, demanding new and equally sophisticated security solutions. We see that investors are still eager to invest in the most promising startups in our industry with the greatest potential to lead their categories in the future. Capital will continue to flow to this necessary sector, as new and more challenging problem spaces continue to emerge.\u201d<\/p>\n

DataTribe, which describes itself as a cyber startup foundry (both an incubator and VC firm), is more circumspect. Funding will be harder, but potentially higher. John Funge, MD, explains, \u201cLooking ahead, 2023 will be a slog for startups raising money. It will take longer for startups to complete next rounds as venture firms are both focusing more attention on their current portfolio as well as being more selective in new investments.\u201d<\/p>\n

He believes there will be fewer deals. \u201cThere will be a \u2018flight to quality\u2019 and the bar for attracting funding will be higher. Top startups that are hitting performance metrics will get funded at valuations not too far off historical. However, startups with a few words that previously would have gotten funded may find it hard to get funded at all \u2014 versus getting funded on less attractive terms.\u201d<\/p>\n

But he adds, \u201cHistorically, some of the most successful technology companies started during downturns. We don\u2019t see it being any different this time around. It will be a tricky period to be a pre-IPO company, but likely an excellent time to be starting a new venture.\u201d<\/p>\n

Outlook for growth funding<\/strong><\/h3>\n

Growth funding will become more difficult in 2023, and potentially more necessary. \u201cWe\u2019ve already seen growth rounds plummeting in 2022, and this trend will most likely continue into 2023,\u201d explains Leitersdorf. \u201cCapital is available, but it will become increasingly expensive, and investors will prefer to use it in order to fuel innovative, early-stage startups that will require less capital at lower valuations.\u201d\u00a0<\/p>\n

A particular problem for growth companies is in part historical. \u201cThe valuations of many growth-stage startups were significantly inflated in 2021 and were not based on sustainable growth metrics, revenue, or performance,\u201d he continued. \u201cMany of these growth-stage startups will be forced to raise funding in 2023 after scaling rapidly and burning through their capital in 2022. We, therefore, foresee an increase in growth rounds next year, most probably with unfavorable terms for founders, employees, and existing investors.\u201d<\/p>\n

But, adds Ahmed. \u201cThere is still a lot of capital available. Investors will be holding companies to their performance so we might see more down rounds into 2023.\u201d<\/p>\n

\n
\"Bob
Bob Ackerman, founder of AllegisCyber<\/figcaption><\/figure>\n<\/div>\n

Bob Ackerman, founder of AllegisCyber and member of the board at DataTribe, agrees with this sentiment. \u201cUndifferentiated and sub-critical mass cyber companies without truly compelling solutions are likely to be challenged as they go to the VC community for capital,\u201d he said. \u201cInvestors will be materially more discriminating in the deployment of capital.\u201d<\/p>\n

Outlook for M&A consolidation<\/strong><\/h3>\n

M&A activity has increased rapidly over the last few years. This trend will continue, driven by a number of different factors: desire among security users to consolidate their existing disparate security controls; a rush to the nearest exit point among startups; declining valuations making attractive targets; and a safe haven for further VC investments.<\/p>\n

\u201cThe cybersecurity market is approaching bloated status,\u201d comments Hank Thomas, CEO at Strategic Cyber Ventures. \u201cThere are too many vendors chasing the same dollars with similar technology. People in charge of purchasing decisions, often CISOs, are looking for more integrated security platforms and less point solution tools. PE firms and other later-stage investors are looking to bring in bigger players to serve as anchors for rollups and bolt on acquisitions.\u201d<\/p>\n

\n
\"\"
Will Lin, Venture Partner at Forgepoint Capital<\/figcaption><\/figure>\n<\/div>\n

Will Lin,<\/a> venture partner at Forgepoint Capital, agrees. \u201cI believe that we\u2019ll see security M&A significantly pick up in 2023. The main reason being that so many security companies have been created in the past couple of years. When so many of these companies, full of amazing talent, come up to the crossroads of M&A or raising their next round, I believe the market dynamics will re-shuffle in a way where M&A will be considered the best next step.\u201d<\/p>\n

Security vendors are seeking to support their users by consolidating point products from different vendors into integrated solutions from single vendors. \u201cThe rapid expansion of new security products has led to many organizations purchasing the \u2018latest and greatest\u2019 without having a strong integration plan in place,\u201d explains Dave Gerry, CEO at Bugcrowd. \u201cWithout a clear deployment and integration plan, even the best security product will go underutilized. For the past few years, the industry has seen an incredible amount of M&A consolidation.\u201d<\/p>\n

This process will continue through 2023. \u201cSecurity organizations are looking internally for ways to leverage existing tool sets or upgrade existing tool sets versus adding to their ever-growing technology stack,\u201d he continued. \u201cThis growing need for security vendor consolidation will continue to be driven by both the cost of the security products and the limited internal resources to effectively operate the products.\u201d<\/p>\n

Ackerman agrees with this sentiment. \u201cInvestors will be materially more discriminating in the deployment of capital with a significant pick up in M&A activity as the market looks to consolidate point products into broader security platforms,\u201d he suggests.<\/p>\n

The second driver for M&A activity comes from the transition from early stage to growth requirements. Early stage is still attractive to investors \u2014 growth stage is more difficult. As startups burn through their early financing, they will find it more difficult to secure further growth funding \u2014 and may find an early exit an attractive option, bumping into the consolidation driver.\u00a0<\/p>\n

This process may be actively promoted by the VC industry. \u201cA new wave of innovation is needed in the security industry. Things have become stale,\u201d explains Thomas. \u201cVC investment will still drive innovation since larger companies often lose the ability to innovate, especially in security. As a result, we will see large entities acquiring VC backed companies earlier as established PE backed platform companies make tuck in and bolt-on acquisitions to remain relevant.\u201d<\/p>\n

Leitersdorf expands on this possibility. \u201cLarge security vendors such as Microsoft, SentinelOne, Akamai, CrowdStrike, IBM, CyberArk and Okta are strengthening their corporate development divisions and doubling down on in-house investment funds (CVCs), looking for strong talent and tech,\u201d he said. \u201cThese venture arms of large security vendors will most likely become increasingly active in both investments and M&A deals in the coming years and make the option of acquisition more attractive for struggling startups.\u201d<\/p>\n

One effect of a downturn in the economy is that company valuations are lowered. This is already happening, and is likely to get worse in 2023. On December 14, 2022, the Federal Reserve raised interest rates by half a point \u2014 and US stock markets fell. The intention was to put a curb on high inflation rates, but it simultaneously increases the likelihood of a recession in 2023.<\/p>\n

If this happens, company valuations will go lower. This in turn will make companies with good products but reduced valuations an attractive target for larger companies with money \u2014 and of course VC firms. VC firms will likely be driven to use their dry powder on their own existing portfolios rather than look for different companies in which to invest.<\/p>\n

The current market conditions look set to promote increasing M&A activity<\/a> through 2023. \u201cThe current state of the global economy will also encourage hyperscalers to move toward an M&A cyber strategy,\u201d summarizes Simon Chassar, CRO at Claroty. \u201cFurthermore, start-ups will struggle as we see less investment from PE or VCs, therefore creating an opportunity for some of the larger cash-strong security control companies to gain market share at a relatively low price.\u201d\u00a0<\/p>\n

What VCs look for\u2026<\/strong><\/h2>\n

2023 will be a year when the VC firms have money to invest, but the economic conditions will force them to be careful where they invest it. Cybersecurity will remain an attractive sector, but the security vendors will need to work harder to get new funding. Two questions come to mind: which security sectors are most attractive to the investors, and how do they choose a specific vendor?<\/p>\n

Favored cybersecurity sectors<\/strong><\/h3>\n

Heller believes that continuing digital transformation will provide new opportunities. \u201cWe believe that digital transformation, which has been accelerated by the global pandemic, will continue to create significant opportunities and challenges across industries and geographies,\u201d he said. \u201cThese broader trends span new methods of collaboration, workforce transformation, cloud migration, automation and testing, supply-chain disruption, and digital adoption.\u201d<\/p>\n

Sidra says her firm is focusing on data and the threats it faces. \u201cWith rapid cloud adoption, companies are struggling to understand where their data sits and how to put sufficient security and controls around it.\u201d Furthermore, she adds, \u201cThe penalties regarding sensitive data being breached are increasing at an exponential rate globally, making it even more of a priority for companies to be sufficiently protected.\u201d<\/p>\n

And there are new and still evolving threats to data. \u201cAs more companies adopt machine learning and analytical models to make data-driven decisions,\u201d she continued, \u201cthere is now a need to protect data (and the models we build on the data) from being compromised. There are also questions around the validity of data and how to discern true data and information from coordinated disinformation campaigns and narratives.\u201d<\/p>\n

Leitersdorf adds identity to data as an area attractive to investors. \u201cMalicious cyber actors have focused their most egregious attacks on two specific vectors in the past two years \u2013 data and identity,\u201d he says. Attackers have leveraged the gaps, misconfigurations and problems surrounding credentials, identity, and access provisions to steal data. This will continue.<\/p>\n

\u201cTherefore,\u201d he continued, \u201cwe have been focusing our attention on innovative security solutions that strive to tackle these problems and ensure that organizational security postures are strengthened accordingly.\u201d<\/p>\n

Favored companies<\/strong><\/h3>\n

While different VCs may be attracted to different cybersecurity sectors, they must still choose which individual companies to support. \u201cA large part of the decision is based on the management team and our perception of its ability to execute on the vision effectively, and evolve that vision over time,\u201d said Ahmed. \u201cOther criteria include tech differentiation, product vision, competition, size of market and TAM [total addressable market], and path to exit.\u201d<\/p>\n

Leitersdorf takes an almost identical stance. \u201cThe technology must be remarkable, deep, and innovative \u2013 that\u2019s a given. However, even the most groundbreaking idea and cutting-edge tech won\u2019t develop into a top-tier startup without an exceptional team,\u201d he explained.\u00a0<\/p>\n

\u201cWe invest in strong teams that combine determination, talent, and an unrelenting passion for solving the most acute problem spaces in cybersecurity. The cybersecurity market is saturated with startups solving niche problems, and we\u2019re looking for founders that stand out, go big and break the mold.\u201d<\/p>\n

The same goes for Heller. \u201cOnce we have found a sector we like, we generally look for companies that are market leaders or have a real competitive advantage. Cultural fit and alignment is also very important to us and in many cases, we have built relationships with the entrepreneurs and management teams we\u2019re investing in over multiple years.\u201d<\/p>\n

The basic conclusion is that prospective vendors won\u2019t get consideration without an excellent product in an expanding or vital sector. But where two attractive companies exist, the one with the stronger management team is more likely to succeed.<\/p>\n

Summary<\/strong><\/h2>\n

Acquiring venture capital in 2023 may be more difficult than it has been in recent years, but it remains viable and available. \u201cIn 2023, cyber will be softer but will remain a bright spot for investing,\u201d explains Funge. \u201cCompared to the nearly 24% year-on-year decline in deal activity across all verticals, cyber deal activity across all investment stages is down only 3%.\u201d<\/p>\n

What will change most is the decision-making process of the VC firms. They will still wish to invest, and probably at the same overall levels they have been investing. But fears of bad investments in a down economy will make them concentrate on areas that give them the greatest confidence. This may mean more money going to fewer companies. While B, C and D rounds might be left with difficult, declined, or down rounds. seed and startup A rounds might reach new heights. Any money left over will be focused into M&A.<\/p>\n

\n
\n
\n

About SecurityWeek Cyber Insights |<\/strong> At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs.<\/em><\/p>\n<\/div>\n<\/div>\n

\"Cyber<\/figure>\n<\/div>\n

Related<\/strong>: North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains<\/a><\/p>\n

Related<\/strong>: What\u2019s Going on With Cybersecurity VC Investments?<\/a><\/p>\n

Related<\/strong>: How VCs Choose Which Startups to Fund in Challenging Times<\/a><\/p>\n

Related<\/strong>: YL Ventures Closes $400 Million Cybersecurity Investment Fund<\/a><\/p>\n

The post Cyber Insights 2023: Venture Capital<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

About SecurityWeek Cyber Insights | At the end of 2022,\u00a0SecurityWeek\u00a0liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today \u2013 and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […]<\/p>\n","protected":false},"author":2,"featured_media":16889,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[143,98,69,99,71,182,114],"tags":[],"class_list":["post-16888","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberinsights2023","category-cybersecurity-funding","category-featured","category-funding","category-funding-ma","category-investing","category-venture-capital"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16888"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16888\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16889"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}