As the markets continue to fluctuate, budget cuts and layoffs now extend across the tech industry, with cybersecurity no exception from tightening its belt and assessing its priorities. Investors are proceeding with caution and waiting to see a correction in valuations, while cybersecurity startups are examining their runway and long-term viability.
The growing number and sophistication of cyberattacks, however, reinforce the need for heightened security awareness and innovation. Standing on the front lines of these challenges are the CISOs, security practitioners and vendors working tirelessly to revolutionize the industry. I recently had the opportunity to speak with five leading investors and enterprise security executives that shed an optimistic light on current challenges, viewing them as a necessary impetus for innovation.
Will history repeat itself?
The stark dissonance between the highs of 2021 and what seems to be a cooled-off 2022 has some security professionals and CEOs concerned that this downturn will become the new long-term reality.
However, industry veterans see things differently. Todd Weber, Operating Partner and CTO at Ten Eleven Ventures is confident in the market’s resilience: “Our paradigm regarding 2022’s downturns is skewed due to 2021’s bonanza. Viewed statistically over the past 10 or 15 years, we see a healthy environment and industry that I am really not concerned for.”
Richard Seewald, managing partner of Evolution Equity Partners, adds that “Post 9/11, we saw cybersecurity funding decline sharply – as it does at the apex of every global crisis. The returns that were generated in the wake of that crisis, however, as well as those post-2008 and post-COVID, were the most attractive returns in cybersecurity private equity year on year.”
The mix of bountiful opportunities and a limited number of top-of-the-line vendors in the early 2000s brought about the “bronze age” of cybersecurity, as Richard called it, with the “silver age” dawning in the post-2008 crisis as cloud computing began its meteoric rise and helped establish the tech behemoths that are today iconic and publicly owned. Going forward in this environment and over the next ten years, we’ll see the “golden age” of private investing in cybersecurity, says Richard. “With an increasing attack surface and the ability to address multiple vectors besides cybersecurity, including blockchain, quantum computing and others, entrepreneurs will be presented with significant opportunities – as will investors.”
These growing opportunities for innovation also stem from the challenges CISOs face due to the lack of solutions to address security risks and needs.
“Our jobs keep getting harder,” says Tim Brown, CISO at SolarWinds. “No matter what the economy does, we’re still going to be implementing technology in areas that we haven’t before, with security gaps that will need to be filled. From a security perspective, we need to be able to fit the new models. We need to be able to grow.”
In times of turmoil, it makes good business sense to return to the source: paying customers. Entrepreneurs would do well to reassess their priorities and ensure that they are aligned with customer needs. There is no better way to do so than to have frequent and transparent conversations with customers and partners, throughout the entrepreneurial journey.
Udi Mokady, chairman and CEO of CyberArk, who amassed decades of experience working with cybersecurity professionals, says, “Never go frothy in good times, and never over-correct in bad times. I remain optimistic and believe that a customer-focused startup with a strong product and an ability to secure funding will have even greater opportunities going forward.”
Greg Sands, managing director at Costanoa Ventures, agrees: “Those of us who help startups build brick-by-brick and grow at a good pace into stellar companies with great unit economics are not worried, and will not change our investing approach.”
Has the unicorn magic worn off?
2021 was rightly dubbed The Year of the Unicorn, with an unprecedented 9 new Israeli cybersecurity unicorns crowned (as opposed to only 5 in 2020). 2022 is undoubtedly different. There is a clear distinction between unicorns that were crowned due to triple-digit, top-line growth with solid products addressing large markets, and companies that have achieved unicorn status with little to no revenues that must now grow into their bloated valuations.
“Companies that achieved that status with a few million in ARR will clearly need to demonstrate value, product and accelerated growth in the next couple of years,” says Seewald. “If they don’t, they can expect down rounds.”
It is important to note, however, that difficult decisions on follow-on rounds after fast growth are a natural part of the cycle. “This has always happened, the volume is just greater,” he continues. “We just have more unicorns now, so we’ll have more brick walls—but this will be resolved as an industry. There is enough capital out there to rework valuations, with various investors working with startups on restructuring rounds.”
There’s a silver lining
Investors and founders may consider periods of turbulence to harbor opportunities for the long term. Companies can use this volatile economic time for introspection, and an assessment of what needs to be cut, shifted, or changed to stimulate growth after the storm.
“I believe it’s healthy for these cycles to take place,” says Weber. “Companies should evaluate whether what they’ve been doing, in terms of budgeting and hiring for example, is conducive to growth. Burn rates may become healthier, leading to a balanced and revenue-based road to unicorn status as opposed to what happened last year.”
On the early-stage side of the spectrum, the experts believe that these startups are better positioned to weather this turbulence. “Seed stage investment hasn’t slowed down,” asserts Sands. “These companies are the R&D function for the entire market and should concentrate on solving client problems and attracting new talent. As they grow, they must pay more attention to the correlation between growth rate and burn rate, unit economics in terms of customer acquisition and all the important basics — product-market fit, sales repeatability and more, before they begin to scale.”
Young and growing startups could benefit from the following guidelines, to assist them in weathering these challenging times:
- Focus on the product: Entrepreneurs must double down on their product. Anticipate where your customer is headed and ensure that your product continues to be relevant and of increasing value to them. If you can demonstrate your worth to a CISO when times are rough, you will gain credibility over the long term – so view this as an opportunity. Tim Brown provides a singular example of this approach from his experience as CISO at SolarWinds during the infamous 2021 breach, “Throughout our incident, customers remained loyal to our product because we brought them value – enough to keep them with us even after a major event.” Investors and their networks are key – leverage their contacts and have as many CISO conversations as possible to find out what values your customers prioritize.
- Layoffs should be a last resort: There is still a severe shortage of talent in the industry. Founders that are making cuts to “trim the fat” should be wary of trimming down muscle in the process. Founders should ensure that they retain and protect the company’s core assets and culture because they’ll need them when the storm blows over.
- Get creative with financing: Managing burn is crucial. Examine your burn rate to assess your runway, and possibly extend it from the recommended 18 months to at least 20 or 24 before the next round. Work closely with your VP of finance or with your investors to find creative ways to resolve financial risks and retain strong employees, rather than making reactionary cuts that will hurt in the long run.
Granted, the striking and sudden shift from an industry high in 2021 to a volatile market environment in 2022 has real and painful repercussions for startups in the global economy. That said, cybersecurity entrepreneurs may benefit from this healthy curve and find that the need for their brilliance hasn’t abated and will continue fueling innovation for years to come. This may be a challenging bump in the road for us all, but at the end of it may begin the golden age of cybersecurity.