With companies signaling they will increase spending on cybersecurity in 2020, and with more privacy regulation in the works, investments in privacy and security will continue to rise in 2020.
Subscribe to the Crunchbase Daily
In the Scale Venture Partners Annual Security Report, a couple of trends stood out to Ariel Tseitlin, a partner at Scale who leads their cloud and security investments. Three hundred security leaders were surveyed from a range of companies with more than 250 employees.
The response to privacy legislation has been pervasive with 97 percent of security executives claiming their organization has made changes in response to the General Data Protection Regulation. Seventy-five percent said their companies are equipped to handle data privacy compliance and only 46 percent are concerned about being fined for non-compliance. With the U.S. Senate proposing to create federal privacy regulation– so that each state does not need to create its own–data privacy will remain top of mind for companies in 2020.
Early in cloud
The second trend is around the cloud. According to Tseitlin we are still in the very early days of that cloud migration. While companies are investing very heavily in cloud, they are not yet reducing their investment in data centers. Two-thirds of the respondents said they’re investing in both cloud service security and cloud application security. Hybrid cloud is the way most organizations set up. The majority are planning to invest more in cloud infrastructure (62 percent) and cloud application security (67 percent) in the next 12 months.
While 75 percent of survey respondents feel they’re well equipped for privacy, 73 percent of executives said they feel equipped to handle security risks, which is fairly high from what Scale has seen in the past. Eighty-seven percent said they are more equipped to handle risk than they were a year ago.
“The ability to detect and prevent breaches has already reached a saturation point,” said Tseitlin. “Those dollars are now starting to shift into operationalizing investments, reducing both the human cost and operational cost of implementing the security products that have been purchased.”
For Tseitlin, it’s not enough to deliver the product. Companies need professional services or a managed service on top of their product that help customers with the proliferation of tools in order to detect actual risks among the noise. This need is critical as the industry faces a massive shortage of security professionals.
Here is a short list of Scale companies oriented toward today’s security needs:
- BigID is being adopted due to GDPR and the California Consumer Privacy Act as they help companies secure customer data.
- Threat Stack offers a product that customers can deploy into their cloud infrastructure to detect risky behavior. It has a service component that they sell as well.
- Expel has created a managed service for security. It has built a platform on the back end that correlates all the different security tools for a company, and runs incident response on your behalf.
- CyberGRX created a standardized risk assessment for vendor compliance. Many breaches come not from your own security infrastructure, but through a software vendor that you’re embedding into your application or website, or a supplier or a partner that you do business with. This is currently a very manual process captured in Word or Excel and then filed away. CyberGRX has 60,000 vendors loaded onto its platform. A vendor can share with any number of potential customers or prospects. This removes an incredible amount of friction and inefficiency.
- PerimeterX protects web sites from modern security threats. There are very sophisticated attacks that are taking place these days on browsers that are virtually undetectable by the company that builds their website. E-commerce sites can lose anywhere from 2 to 5 percent of their revenue because the browser has a plug-in that prevents a customer from completing a transaction.
Meanwhile, ForgePoint Capital raises its second cybersecurity fund
In related news for security funding, ForgePoint Capital today raised its second fund, a $450 million dedicated cybersecurity fund. The company raised its first fund in 2017 at $300 million, investing in 17 portfolio companies and plans to invest in 20 to 25 companies in the second fund at Series A with some select Series B and growth-stage rounds. ForgePoint has built an active Cybersecurity Advisory Council with 60 members from both public and private cybersecurity companies.
Crunchbase recorded close to $10 billion invested in privacy and security companies in 2019. In 2020 $1.4 billion has been invested to date. With this projected increase in spending, we expect investments in privacy and security to be strong this year.
Illustration: Li-Anne Dias.