A Blog by Jonathan Low


Jun 29, 2022

Why Venture Funding In Cybersecurity Is Declining As Threats Rise

Even as the threat of Russian cyberattacks has risen (Lithuania suffered a major DDS attack earlier this week), venture investment in cybersecurity firms has declined in 2022.

The reasons appear to be primarily valuation related as entrepreneurs' and venture investors' expectations outpaced a declining market. But the cyber market is considered recession-proof, a position enhanced by geopolitical threats. JL 

James Rundle and Vipal Monga report in the Wall Street Journal:

Investors attribute the crunch to the absence of hedge funds, late-stage, and crossover funds that invest in both public and private companies, which have pulled back from the cyber market. Cybersecurity companies raised $2.4 billion globally during the second quarter of this year, as of June 14, short of the $5.1 billion raised during the first quarter, Companies raised $6.4 billion in the second quarter of 2021. (This) is likely to force more rational valuations. Mergers and acquisitions between cyber companies will supplant public listings. "The fact is, during recessions, during conflicts, cybercrime historically has risen.”

Venture capital money has poured into cybersecurity companies in recent years, driven by an increase in hacking and elevated valuations for startups. Now fears of a recession and disruption in the wider technology market are beginning to curb cybersecurity investments.

Investors say the industry has seen a contraction in late-stage funding, where companies have enjoyed years of rounds in the hundreds of millions of dollars and multibillion-dollar valuations at high multiples of their revenue. The speed of the change has surprised even some veteran investors.

Rama Sekhar, partner at Palo Alto, Calif.-based VC firm Norwest Venture Partners, said that in 2021 VC funding was plentiful and investors were focused on growth. “It’s been dramatically different over the last two months just based on the markets—the private and startup markets always lag the public markets in terms of reaction to downturns, but this one was very quick and very swift,” he said.


Companies and governments depend on the cybersecurity sector to constantly keep pace with the sophistication of hackers. A weakened cybersecurity industry could open the door to further attacks.

“At the end of the day, just because the markets are down, the bad actors aren’t going away. If nothing else it’s accelerating what they’re doing,” said Mark Hatfield, founder and general partner at cyber-focused VC firm Ten Eleven Ventures.

The slowdown is part of a broader downturn in public markets, where the technology industry has been particularly hard hit following years of growth that were fueled in part by consistently low interest rates and stay-at-home orders during the pandemic. Tech-heavy indexes such as the Nasdaq Composite Index have seen sharper dips than some other benchmarks.

Fundraising has already started to slow down. Cybersecurity companies raised $2.4 billion globally during the second quarter of this year, as of June 14, according to research firm PitchBook Data Inc. The pace is short of the $5.1 billion raised during the first quarter, Companies raised $6.4 billion in the second quarter of 2021.

Investment banking firm DBO Partners LLC estimates that cyber companies will raise around $21 billion in total funding this year, compared with $26 billion in 2021. That number is still a significant increase from around $11 billion raised in 2020.

Many investors attribute the crunch to the absence of hedge funds, late-stage funds, and crossover funds that invest in both public and private companies, which have pulled back from the cyber market after a period of intense activity. Funding deals that used to take two to three days to close are now taking weeks, Mr. Sekhar said.

“The big takeaway is that the growth players, the ones that were very light on diligence, which hit the companies with high valuations and then weren’t being very active on boards, have pulled back pretty dramatically,” said Ten Eleven’s Mr. Hatfield.

Early-stage investment activity, such as seed funding through to Series A rounds, remains strong, Mr. Hatfield said. But others say that the market downturn and the hardening of the late-stage venture capital environment have had a sobering effect on the economics of the cybersecurity industry.

“Entrepreneurs came in and said: ‘I have $1 million of annual recurring revenue. I’m worth $1 billion.’ And they were getting it,” said Dave DeWalt, founder and managing director at San Francisco-based cyber VC firm NightDragon LLC. “But now, the power reverses where suddenly we have the capital and we say: ‘Oh, you’re $1 million dollars of ARR? You have a $40 million dollar market value, or $50 million,’ ” he said.

Investors say that this shift in funding likely means fewer exits through initial public offerings, which have boomed in recent years for cyber companies. Instead, they say, a period of consolidation and targeted mergers and acquisitions activity between cyber companies will likely supplant public listings.

Alex Doll, founder and managing general partner at Ten Eleven, said that a reduction in the number of IPOs is likely to force more rational valuations, which could then encourage more acquisitive behavior by cyber firms. “Candidly, the last couple of years, it really hasn’t been IPO valuations. It’s been private money valuations that have kept a little bit of a lid on the M&A market,” he said.

Despite the recent slowdown, funds continue to have faith that cybersecurity investments will pay off. Washington, D.C.-based Paladin Capital Group earlier this month closed fundraising on a $372 million fund focused on investments in cybersecurity.

Michael Steed, who founded the firm after the September 2001 terrorist attacks, called the industry “recession-proof,” especially now that the threat of attacks on U.S. companies and infrastructure has increased in the wake of the Russian invasion of Ukraine.

“The government standing alone can’t protect the infrastructure of America,” said Mr. Steed. “It needs to have the private sector at the table.”

Because the industry’s growth is in large part based on the current threat environment, many expect the growth to continue and have an appetite for investment, even through a potential recession and with a pullback in the late venture stages.

“A lot of those folks, as I mentioned, are running for the hills right now. But I think the unfortunate fact is that, during recessions, during conflicts, cybercrime historically has risen,” Norwest’s Mr. Sekhar said.


Aaron Reed said...

While the decline in venture funding for cybersecurity is concerning given the rise in threats, it's important to highlight innovative solutions that are making strides. For instance, JuicyScore is offering unique approaches to fraud prevention and risk reduction, particularly in online financial products. Their technology focuses on identifying multiple devices associated with a single virtual user without using personal data. This is crucial for maintaining privacy while ensuring security. Furthermore, their system detects anomalies in device behavior and user internet connections, flagging potential suspicious activities. What's remarkable is their collaborative approach. They work with numerous partners to monitor online financial product applications, which aids in uncovering social fraud risks. It’s a sophisticated blend of device authentication and user behavior analysis that doesn't rely on traditional data points. More details can be found at JuicyScore , which explains their methods and benefits in depth. This technology could be a game-changer in mitigating cybersecurity risks, especially in the financial sector.

Post a Comment