Capitalising on Demand for Cybersecurity
The pressure to digitize is intense – regardless of industry. From mobile and cloud platforms to emerging technologies such as AI, companies must keep up or fall behind. However, greater digital capabilities also bring a wider surface area of assets to attack and it’s no wonder that cyber theft is now recognized as the fastest growing crime in the world.
COVID served to put cybersecurity considerations into even sharper focus; the overnight shift to remote working led to a scramble by organizations to secure sprawling networks and safeguard against increasingly complex and frequent cyber threats. It’s against this backdrop that Gartner estimates that worldwide spending on information security and risk management technology and services will grow 12.4% to reach $150.4 billion in 2021.
Cybersecurity as it relates to the energy industry, as part of the critical infrastructure of all nations, it is of particular concern. The proliferation of the Internet of Things (IoT) and a shift towards smart grids are opening up a whole new set of threats. Recent large-scale disruptions to the industry include Mumbai’s massive power outage in October 2020, which according to a probe may have been due to cyber sabotage; and the near-collapse of Texas’ electric grid, which left millions with no electricity in February 2021.
With so much money going into cybersecurity, growth and innovation in the space are only set to continue. Competition is heating up among solution providers and the pool of targets for eagle-eyed investors is rising. For these investors, the key challenges lie in picking the right company, growing them, and making them attractive to sell on in this saturated market.
It is a great time for cybersecurity-focused start-ups looking for funding or to be acquired, but it is of utmost importance that start-ups look beyond the financial sum and instead find the right investor who will drive value creation while supporting product and new business development – ideally an investor that has a blend of perspectives as a financial and strategic backer and partner.
Ripe for picking
Demand for cybersecurity start-ups can come from anywhere. There have been a string of recent high-profile acquisitions from within the cybersecurity industry, with incumbents looking at start-ups as a means of building out their product offering, advancing their enterprise IT, and boosting their agility in networks at lower price points. M&A activity in the industry remained robust in 2020, with transaction volumes increasing 33% year-on-year, despite a slowdown in the broader M&A markets, according to Capstone Partners.
Palo Alto Networks is a prime example. In August 2021, the cybersecurity giant announced it now has a product in pretty much every category that it wishes to, after averaging one major acquisition per quarter since the beginning of 2018. Another example of a vendor targeting a specific area within the cybersecurity value chain is Okta, which completed its $6.5 billion purchase of rival Auth0 this May, strengthening its position as an enterprise identity management services provider.
Another group driving M&A activity in cybersecurity is corporates. Weighed down by the sheer multitude of solutions in the market, today’s chief information security officers (CISOs) are grappling with an overload of data, overlapping functionality, limited oversight and mounting costs. For the firms that have the resources, the solution is bolstering and streamlining their cyber defenses via the acquisition route. In August 2021, Deloitte enhanced its cybersecurity offerings with the acquisition of a cyber solution, gaining the business’ well-tested frameworks, methodologies, and technology-enabled tools for industrial control systems / operational technology (ICS/OT) security.
Meanwhile, venture capital (VC) investments into cybersecurity have been rampant. According to Momentum Cyber, investors poured $11.5 billion in VC financing into cybersecurity start-ups in the first half of 2021, up from $4.7 billion a year earlier. So how are acquisitive incumbents and corporates affecting VC returns? Pitchbook research shows that later-stage investments are more likely to pay off than Series A and B investments. This is typically because market leaders tend to acquire earlier in the company lifecycle or compete in new business segments internally to limit the start-up’s competitive advantages.
Focusing on the energy industry, innovative and targeted start-ups can help extend the scope of cybersecurity to meet new and emerging needs with next-generation technologies as digitization takes hold. As part of the energy transition, utilities are looking to innovate their retail business models, enrich customer experience and deepen their engagement with users. The solid trust between brands in the energy industry and adjacent industries becomes fragile on digital platforms and can be susceptible to cyber-attacks.
Cutting through the noise
Early-stage investing in cybersecurity companies, whatever the motivation, is challenging and reaping the desired returns, be they strategic or financial, is far from straightforward. Investors must be judicious in spotting potential, identifying the right market opportunity and then providing the start-up with the direction to capitalize on the problem they are solving or to develop new use cases. Strategic and corporate investors with a personal interest in the business they are investing in risk overlooking budding industry trends while financial investors with a pure returns-first mentality may be lured by the momentum of the cybersecurity market and fail to refine the proposition to fit the end-market need.
A powerful blend
A solid foundation of the industry, corporate, technology and investment expertise is key to investing in cybersecurity; finding the right company without that blend of expertise is difficult. Such a blend allows for an informed, comprehensive outlook that strengthens not only judgment upon investing but also the investor’s approach to the mentoring and acceleration of the business.
They can provide a cybersecurity start-up with insights into the energy industry, help to finetune their solution for market needs and immerse them into the customer’s world through pilot projects. Being a hybrid of a financial and strategic investor means they can take financial risk and hedge it with good strategic alignment. They can support strategic explorations with their capital strength and therefore capture early cybersecurity trends before they become financially attractive or widely deployed.
Ultimately, investors that approach a start-up or portfolio company from both a corporate and industry angle – bringing an in-depth understanding of the firm’s target market – will have a special advantage in finding the businesses most likely to succeed.