A report published this week by Strategic Cyber Ventures reveals that more than $5.3 billion of venture capital funding poured into the cybersecurity sector in 2018, while initial public offerings from just four companies raised another $1.4 billion.
Chris Ahern, data scientist and principal for Strategic Cyber Ventures, said it’s unlikely that level of investment will be sustainable throughout 2019. But the venture capital firm does expect to continue to see billions of investment dollars invested in the cybersecurity sector throughout the year. It’s unlikely there will be a “cybersecurity bubble” that will suddenly collapse, said Ahern.
The challenge facing cybersecurity professionals is determining which of cybersecurity vendors are going to around for the long haul versus becoming the latest company to be acquired by a larger vendor. The Strategic Cyber Ventures report notes that 2018 saw a wave of mergers and acquisitions across the category, including:
- Duo Security, acquired by Cisco for $2.4 billion.
- AlienVault, acquired by AT&T for $1.6 billion.
- Cylance, to be acquired by Blackberry for $1.4 billion.
- ThreatMetrix, acquired by RELX Group for $811 million.
- InfoArmor, acquired by Allstate for $525 million.
- Phantom Cyber, acquired by Splunk for $350 million.
- Evident.io, acquired by Palo Alto Networks for $300 million.
- Iovation, acquired for $300 million by TransUnion.
- Barracuda Networks, acquired for $1.6 billion by Thoma Bravo.
- Bomgar, acquired for $739 million by Francisco Partners.
- Centrify, acquired for $400 million by Thoma Bravo.
- Cofense, acquired for $350 million by BlackRock.
- Skyhigh Networks, acquired for $400 million by McAfee via its financial sponsor Thoma Bravo and TPG Capital.
Ahern said IT organizations are already suffering from a significant amount of cybersecurity vendor fatigue, and many would prefer to see additional rationalization across the cybersecurity sector.
However, that rationalization usually comes at a price. Whenever a larger company acquires a smaller vendor, the cost of product or service being provided by the smaller vendor often increases to help pay for the cost of the acquisition.
Ahern noted that are already more than a few zombie cybersecurity companies that need to either be acquired or close their doors. These companies have raised significant amounts of funding, but growth has slowed. It’s now only a matter of time before investors in these companies execute an exit strategy, or the company simply fades away.
Another factor driving mergers and acquisitions is artificial intelligence (AI). Cybersecurity vendors need access to massive amounts of data to drive AI models. The bigger a cybersecurity vendor is, the larger the pool of data they tend to be able to access.
Whatever the outcome, Ahern said breaches continue to occur regularly. That means additional budget dollars will continue to be allocated to plug cybersecurity holes. However, as cybersecurity becomes a requirement that needs to be addressed with any IT project going forward, it’s also apparent that cybersecurity technologies are becoming a feature of a swath of emerging applications and platforms. As such, how cybersecurity budget dollars are allocated between chief information security officers (CISOs) and IT leaders remains challenging to navigate.