Venture Capital Journal
30 March 2020
Is the security sector recession-proof? Perhaps so, given that investors point to a growing need for protection, especially for solutions that keep a remote workforce safe.
Cybersecurity investors say that they’re seeing an increased number of cyberattacks in the wake of the COVID-19 pandemic, resulting in more potential deal opportunities in the sector.
“Many of our portfolio companies were already ramping up to combat misinformation campaigns surrounding this year’s [US general] election,” said Alberto Yépez, co-founder and managing director at ForgePoint Capital. “But now we’re seeing an increase in attacks over the coronavirus and our portfolio companies are having to constantly evolve to address them.”
Yépez added that he’s seen a surge in deal flow within the cybersecurity sector in recent weeks. “I believe that’s partly a result of recent coronavirus-inspired attacks,” Yépez said. “And, yes, we’re looking at deals still.”
He said that ForgePoint, which announced in February it raised $450 million for its second cybersecurity-focused fund, is getting ready to announce within the next few weeks an investment in a company that focuses on email security. He added that the firm began looking at the start-up before the COVID-19 outbreak.
The increased suspicious activity Yépez and others are seeing includes a growth in the number of phishing attacks that play off of coronavirus and economic fears to get users to open scam emails.
In addition, investors say attacks on state and local governments have picked up. And ransomware incidents are targeting hospitals and the healthcare infrastructure. In addition, the lockdown imposed to combat the pandemic and flatten the curve has forced millions to work from home. As a result, many companies are opening themselves up to more vulnerabilities as their employees access corporate resources through personal devices and their home Wi-Fi networks.
Aaron Jacobson, a partner at New Enterprise Associates, who invests in cybersecurity, said he is looking at a few areas for innovation in the cybersecurity sector, including improving user login security and protecting apps at home. “There’s a need to improve the authenticating of users with passwords and single sign-ons. We’re going to have to do better with those technologies now.”
Among his portfolio companies, he pointed to was Bitglass of Campbell, California, which provides mobile data security. The company has raised $150 million in total venture funding from NEA, Norwest Venture Partners, and others.
Jacobson also said that’s he’s been staying active, looking at new deals and receiving new pitches since the COVID-19 outbreak.
WFH spawns added concerns
Although the coronavirus outbreak is shutting down industries and could potentially upend many sectors in a downturn, it’s expected that corporations will continue to invest in cybersecurity software and services.
“Frankly, cyberattacks tend to pick up in times like these and the current situation is no exception,” said Robert R Ackerman Jr, founder and managing director of cybersecurity specialist AllegisCyber.
He noted that many companies are wrestling with virtualization and weren’t prepared for the influx of remote workers. “How do [companies] protect a more broadly distributed workforce?”
Ackerman pointed to one of his portfolio companies called Prevailion, which has raised nearly $12 million to date. Prevailion came out of DataTribe, a cybersecurity start-up foundry in Maryland. Ackerman said the company operates a global sensor network in cyberspace that allows them to detect and characterize cyber attacks as they are being launched. They can also monitor IP addresses for pending attacks.
“It’s a game-changer in cyber,” Ackerman said. “And it’s very useful when you have employees working outside of the corporate firewalls at home with little to no protection.”
Sharin Fisher, who this month joined Fort Ross Ventures as a partner in Israel, told Venture Capital Journal that many companies weren’t prepared to adapt to a 100 percent work-from-home model, a new dynamic in which cyber risks will undoubtedly increase.
She said that cybersecurity start-ups will need to provide security services for more than just the on-premises enterprise environment.
In regard to cybersecurity products that deal with increased threats in the market, she expects to see “increased investments by corporations for enterprise solutions that provide secure remote access to assets and cloud applications, allowing teams to work safely from home.”
Similarly, Ackerman noted that new threats coming out of the COVID-19 era will likely provide a boon to virtual desktop companies and related security offerings.
The cybersecurity industry has grown to be one of the largest venture-backed sectors in recent years, and it includes a swelling amount of M&A activity. Overall, the cybersecurity industry saw more than 150 M&A deals totaling nearly $24 billion last year, according to Momentum Cyber.
Similarly, the year-end Venture Monitor study by the National Venture Capital Association and PitchBook reports that investors poured about $5 billion of venture funding into US cybersecurity start-ups last year.
Emotions aside from an economic downturn and fears over the coronavirus outbreak, deal activity in the cybersecurity sector should pick up based on the expected cybersecurity needs related to coronavirus concerns.
“I expect we will see additional cyberattacks,” said Timothy Chiu, a vice-president at K2 Cyber Security in San Jose. “As cybercriminals are also self-isolating, they will probably have not much better things to do with their time than to devise new ways to attack infrastructure and applications.”