Perhaps the only thing more abundant than headlines about cyberattacks this year has been reports of record funding rounds by companies expected to protect against those attacks.
Subscribe to the Crunchbase Daily
While global funding to startups has exploded this year, cybersecurity seems to be riding its own wave. Only halfway through the year, 2021 already has surpassed the record-breaking $7.8 billion raised by security companies last year.
According to Crunchbase data, $9 billion has flooded into the sector in 309 deals in the first six months of the year — more than double the $4.4 billion the industry realized in the first half of 2020. The second quarter alone saw $5.2 billion — compared to less than $2 billion for the same quarter last year.
The second-quarter blitz came after the sector saw $3.8 billion in the first quarter.
“Valuations have been crazy,” said Umesh Padval, a venture partner at Thomvest Ventures. “The multiples have just been crazy.”
Some of the largest rounds the first half of this year include:
- Israel-based passwordless authentication company Transmit Security raised a $543 million Series A at a $2.3 billion pre-money valuation in June;
- San Jose, California-based cloud security company Lacework closed a $525 million round at a valuation of more than $1 billion in January; and
- France-based digital asset security provider Ledger raised a $380 million Series C in June.
What’s going on?
The reasons for the explosion in dollars raised cybersecurity are varied, but no doubt some may be attributed to huge attacks like the SolarWinds and the Colonial Pipeline incidents. Just as the first half of the year was closing, the sector saw another large-scale attack with Kaseya — which helps companies manage their IT infrastructure — being hit by a ransomware attack.
“There have been so many hacks, you see it every month,” Padval said.
But to just point to those attacks as the driving factor is likely an oversimplification.
“I’m not too surprised by the surge in activity in 2021 given a couple key drivers,” said Dino Boukouris, founding director of Momentum Cyber, a San Francisco-based financial advisory firm for cybersecurity.
“First, in 2020 we saw a rapid acceleration in companies’ digital transformation leading to a significant increase in their reliance on technology in order to thrive — or even survive,” he said. “This further fuels already strong growth in cybersecurity spending.”
Richard Seewald, founder and managing partner at Evolution Equity Partners, added that the pandemic also is the type of crisis that spawns an increase in more sophisticated cyberattacks and forces people to be more vigilant when it comes to their network and IT infrastructure.
“Post 9/11, cybersecurity grew about tenfold in the following decade,” he said. “Then you had the financial crisis in 2008 … after that you had companies like CrowdStrike and Okta.”
Areas of interest
Post-COVID-19, Seewald said he believes new generational companies could be created in security for things like quantum computing, DevOps and crypto, and digital assets.
Padval said areas such as cloud security — which has seen big rounds this year go to companies such as Lacework and Israel-based Wiz — as well as API security and continuous, contextual authentication likely will interest him in the second half of the year.
API security saw a blitz of funding in the second quarter, with companies like London-based 42Crunch, Palo Alto-based Salt Security, Colorado-based ThreatX and Sunnyvale, California-based API security provider Cequence Security all announcing raises.
In addition to cloud security, subsectors such as identity and access management and risk and compliance all performed well in the first half of the year and there’s little reason to believe that will change, Boukouris said.
“These sectors have been performing well over the past few years and we see them continuing to do so in the quarters to come,” he said.
While there is no doubt some of those areas of cybersecurity will continue to see increased interest, the question remains whether this level of venture capital interest is sustainable for the long run.
Yanev Suissa, founder of SineWave Ventures and an early investor in SentinelOne — which went public in late June — said he sees some problems with the current landscape and investment interest.
Suissa said he believes there are too many “whack-a-mole” solutions being funded — solutions that solve a very specific sliver of security or a niche problem.
“We just don’t see a lot of revolutionary platforms out there right now,” he said. “We are seeing a lot of ‘nice-to-have things.’ ”
There also have been changes in the overall investment philosophy in the sector, he adds. Where once investors looked to fund companies at moderately increasing levels as a company matured, firms now offer huge sums of money in several companies early — hoping one becomes the next CrowdStrike.
“You are just seeing these guys pour a ton of money early at a price they know can win the deal and hope you get one winner,” Suissa said.
Others also see something similar, with firms usually associated with later growth rounds now contributing to Series As and Bs. Whether that behavior continues likely will determine if the current rate of investment continues.
“Firms like Alkeon, Dragoneer, Tiger … will they slow down?” Padval asked.
It’s almost inevitable cybersecurity will see at least $15 billion of investment this year and could see $20 billion if the frenzy continues, he said.
He does not know how long the current run will last, and does not think this record-breaking run is indefinite.
“I just don’t see it as being sustainable,” he said.
Illustration: Dom Guzman
Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.