According to a recent Crunchbase report, 2020 was a record year for cybersecurity investments, with more than $7.8 billion invested in the industry globally.
The pandemic accelerated digital transformation for many companies, forcing organizations to increase the interconnectivity of their assets and move more business activities to the cloud. This, in turn, has created a much larger attack surface for hackers and played a hand in an increasing number of data breaches and hacks occurring at the start of the pandemic.
As a result, companies and investors have recognized the urgency and importance of the continued development of cybersecurity solutions for everything from network security to identity verification. Although the cybersecurity industry was already on the rise prior to the pandemic, as cybersecurity spending increased at the start of the pandemic, investors poured even more money into the sector.
In the U.S., cybersecurity funding grew 22% from 2019 to 2020, with the largest deal of 2020 the $340 million series G round for California-based cloud security company Netskope, valuing the company at $3 billion.
“We don’t expect cybersecurity investment to slow down any time soon, even post-pandemic,” said Gené Teare, senior data journalist at Crunchbase. “As more and more companies announce remote-first policies, the need for cybersecurity will remain, and likely increase.”
Investments Create New Unicorns
She said one of the most surprising findings from the report was the number of new cybersecurity unicorns, which increased at a swift pace: In 2020, six new cybersecurity unicorns emerged, the most in one year, at the time. Just as quickly, that record was shattered.
“In the first quarter of 2021 alone, nine new cybersecurity unicorns were minted, already surpassing 2020’s record,” she said.
Teare also highlighted the robustness of cybersecurity funding in Israel, which was second only to the U.S. in funding in 2020, with 20% of the country’s total venture funding in 2020 going to cybersecurity companies.
“Israel’s government has been very involved in supporting cybersecurity initiatives for years, and has established a bureau responsible for promoting cybersecurity,” she explained. “This focus, paired with the rise of tech and venture funding globally and in Israel over the last few years, spurred a boom in funding for cybersecurity companies.”
Home to one of the most advanced venture capital ecosystems in the world and long a birthplace of innovation, Teare said it was no surprise to see the U.S. leading the pack of cybersecurity investors.
“Additionally, the U.S. is a leader in technology and use of the cloud, which inherently requires a greater need for cybersecurity solutions,” she noted.
Hank Thomas, CEO of Strategic Cyber Ventures, said he thinks 2020 was “mostly tactical movements” to keep up with the unexpected and rapid shift to virtual work environments.
For the remainder of 2021 and 2022, he thinks we will see more operational and strategic moves as a new, more permanent, security framework is established to support the hybrid workforce environment.
“Clearly we have had an unprecedented, rapid, and unexpected experiment, that quickly turned to a movement, to a decentralized workforce,” he said. “This has forced cybersecurity strategists and operators to move fast and create new security controls that protect these now more heavily used communications paths, as well as the places people are increasingly storing data and running analytics.”
Thomas said cloud security, identity and access management, endpoint security and extended detection and response (XDR) are four of the biggest cybersecurity winners, if you follow the money.
“Once herd immunity is achieved and hybrid is officially declared the way we will work for at least the next few years, expect even further security platform consolidation,” he said. “The XDR trend is a part of this. Expect bigger tech companies, pure-play large cybersecurity firms, SPACs and private equity firms to all be major players in this rollup to better platform strategies.”
Investors Must Tell a Compelling Story
Thomas said for those looking to start their own cybersecurity firms, this record level of investment means being able to coherently articulate strategy and tell a compelling story will be critical going forward.
“Why you? Why your idea? What security requirements are your team or tech going to be mapped to?” he said. “They don’t have to be 2020 requirements, they can be 2025 requirements, that’s what venture capital investment and strategic planning is for. But you better have a clear vision of what 2025 is going to look like in your mind, and be able to explain it so that investors and customers can quickly share your mental image and vision of the future.”
He said whether you are pitching your boss, customers or investors, you want to make them feel like they just read a good book about the future of security and technology that they keep wanting to open up and read—but don’t stop there.
“Then, you write sequels that are equally compelling,” he said. “If you do this, your balance sheet or revenue will grow.”