With $3.7 billion raised in cybersecurity funding so far this year, 2021 is on track to overcome last year’s record $7.8 billion total. Many of these companies have very high valuations – and to some experts that sounds like a bubble.
As damage from hacking to businesses and individuals gets worse each year and as new threats emerge, new technologies are being developed to protect organizations, leading investors to pump more money into the industry.
The fact that a cybersecurity company is able to raise money in an era in which investors are looking to give away their cash is no indication of the quality of its work and is no indication that the company will be around for the long-term.
How can investors differentiate between a “value” cyber company and one that is getting “swept along” by the general market valuation uptick? What signs should they be looking for to indicate that they are getting true value for their investment money and how can investors differentiate between value investments and “bubble” investments?
The cyber fundamentals
Perhaps more than anything else, strategic investors must consider the fundamentals. If the fundamentals are in place, it’s almost certain that the company will survive for the long-term – and that will be enough to attract investors seeking a long-term relationship. In my opinion, there are 3 fundamentals that companies need to pay attention to, as outlined below:
The team: The founding team of a cybersecurity company is a key fundamental. Get a good team together and a company is almost guaranteed to outlast the competition. Ideas can be changed, adopted, and replaced, but if the team knows how to work together, and knows what it is doing, the company will thrive. With a constantly changing threat landscape, teams need to meet the new challenges that come their way, requiring cybersecurity companies to adapt and change to meet the customer demands and needs.
The market: Who are we serving, and what are we trying to do for them? Founders, CEOs, and investors all need to consider that question. And the answer must be that the company’s product or technology has enough heft to support sales at scale and ensure (eventual) profitability. The addressable market must be big and mature enough to enable scale-level sales and distribution of the product/solution. If a cybersecurity company has the right solution – and can build the right narrative around that solution – the addressable market will be almost infinite.
The fit: Once the right team is in place to produce a solution for the right market, companies need to ensure that its solution is the right one for the market. Does the solution respond to market needs? Is it something customers would be willing to pay for – and how much would they be willing to pay? Does it do the job it’s supposed to do? If the answer to those questions is yes, then a company is well positioned to achieve success – and investors can be assured that they have found a good-value cybersecurity investment.
Continuous value creation
Good fundamentals dictate product development and will serve as a guide for a company in building an effective technology platform that can provide continuous value creation for customers by providing them with real solutions that help them overcome a constantly changing threat landscape.
To build that platform, however, companies must have a broad knowledge of current solutions, along with their drawbacks and advantages. That knowledge – along with knowledge of the market and the needs of their customers – will result in the development of a product or service that will offer customers high-value, effective solutions.
Armed with those solutions, companies will acquire more customers, creating a value chain that will increase the company’s bottom line on a steady basis over time. Those are the results investors are looking for, and those results will encourage VCs and other investors to build an investment relationship with a company.
When a company creates clear and significant value for customers, they will remain that company’s customers; they will find a way to pay for the solutions that are giving them value, and no bubble or crisis will make them want to leave. Value for customers is fundamental; it’s always been so in business, and given the stakes to customers, it’s perhaps even more true in the cybersecurity business.