With the latest layoffs, is the cybersecurity startup bubble bursting?
As industry leaders gather this week for the annual RSA conference in San Francisco, economic storm clouds are potentially on the horizon for the cybersecurity industry.
There is still strong investor enthusiasm for all things cybersecurity, as evidenced by near-daily announcements of major venture capital deals involving promising start-ups. Last Thursday, Cambridge, Massachusetts-based Devo Technology announced that it had raised an additional $100 million, bringing its valuation to $2 billion.
But the very morning of Devo’s announcement, Cybereason, an endpoint security firm that raised $325 million in funding last year, confirmed it was laying off 10% of its workforce, citing deteriorating market conditions. market.
Meanwhile, Lacework, a cloud security startup that raised $1.3 billion last year, announced late last month that it was laying off 20% of its workforce, blaming a “seismic shift” on public and private markets.
With Wall Street beating stocks in general and the IPO market drying up, other tech companies have cut payrolls, with TechCrunch estimating that 15,000 tech jobs were lost in May alone in the United States.
In general, market conditions have become dire enough that Y Combinator, the Silicon Valley-based startup accelerator, recently warned the company’s founders that they had better “plan for the worst” in the event of a tough economic times ahead.
Brittany Greenfield, founder and CEO of Wabbi, said her company and other young security companies were being told by investors that it was best to batten down the hatches.
“Everyone gets the same advice — be prepared to take advantage of it,” said Greenfield, whose Boston-based application security orchestration and correlation (ASOC) firm raised $2 million in funding at the end of last year.
The most recent venture capital data related to cybersecurity is a bit mixed. According to Crunchbase, venture capital funding for cybersecurity startups hit nearly $6 billion in Q1 2022, up nearly 50% from Q1 2021. But Q1 funding was down compared to the $8.2 billion raised in the fourth quarter of 2021, according to Crunchbase.
Mark Hatfield, founder and general partner of Ten Eleven Ventures, said cybersecurity remains a solid long-term bet for investors, based on the strong demand for cybersecurity products and services in general.
In fact, last week Ten Eleven, which focuses entirely on cybersecurity companies, announced that it had raised $600 million for its third generation fund to invest in the next wave of security companies.
Still, Hatfield acknowledged that cybersecurity startup valuations peaked about five or six months ago and have been falling ever since.
The fall in valuations can be explained in part by the fact that a number of cross-funds, or large investment companies that invest quickly and heavily in hot sectors, have recently pulled out of cybersecurity and other spaces. technology, Hatfield said.
Among the top retired investors is Tiger Global Management, the giant hedge fund that the Financial Times said recently lost $17 billion due to the sale of technology on Wall Street.
Alex Doll, founder and managing partner of Ten Eleven Ventures, said a pronounced “bifurcation” in the cybersecurity industry emerged about two years ago – between passive investors, or big players betting on the trends of data, and active investors, who spend more time working with founders and have longer-term goals.
With the onset of the pandemic in early 2020 and the rise of remote working, demand for cybersecurity products exploded — and that demand attracted more passive investors looking for short-term gains, Doll said.
Now these passive investors are pulling out.
“The big funds are kind of leaving the (cybersecurity) realm,” he recently told CRN. “We just had a sort of Covid bubble that is going to loosen up a bit, in terms of non-cyber related investors leaving the space.”
Ofer Schreiber, senior partner at YL Ventures, the Silicon Valley and Tel Aviv-based venture capital firm specializing in cybersecurity, said a market shift was clearly afoot.
“Market fluctuations are hitting the entire tech industry hard, and cybersecurity companies and investors should not ignore the current market climate,” he said in a statement to CRN. “As early-stage investors, we have always urged our portfolio companies to build strong foundations and maintain fiscal responsibility to secure their trail in all market conditions. Cybersecurity startups need to focus on the fundamentals to succeed despite the market downturn.
Still, Schreiber expressed his long-term confidence in the industry as a whole.
“The cybersecurity industry has always been resilient to market fluctuations due to the constant and growing threats it seeks to mitigate,” he said. “As cyber threats grow, we can anticipate continued growth in demand for innovative and game-changing cybersecurity solutions.
Kyle Hanslovan, co-founder and CEO of threat researcher MSP Huntress, said he expects cybersecurity investment to slow, as evidenced by falling valuations and recent layoffs.
“I think there will be less investment,” he said. “But even though there may be fewer (deals), I think there will always be better quality investments.”
Regarding recent layoffs at companies like Lacework and Cybereason, Hanslovan said these were often necessary measures to control spending in anticipation of lean times ahead. “I absolutely expect other companies to walk away if they have (overstretched),” he said.
It’s not just startup CEOs and their investors reacting to market pressures lately.
In a recent interview with CRN, Andre Durand, CEO of publicly traded Ping Identity, said his Denver-based cybersecurity firm is closely monitoring economic conditions and assessing potential market scenarios going forward.
“We talk about it,” he said. “You hate (to see) things become kind of self-fulfilling, where everyone worries about them and then creates them. But there’s a lot of uncertainty that the market is anticipating right now, both from the side of inflation and rising interest rates.In management, you always try to anticipate what’s going to happen to make sure you’re prepared.
But Durand has made it clear that he believes cybersecurity companies should weather a downturn better than other tech companies.
“I think security is not a ‘nice to have’, even in a market downturn. It’s a ‘must have’ in this environment,” he said. “So I think safety in general makes the difference. But the size of deals and how quickly companies are ready to take on projects, all of that could get longer.
Rick Smith, founder and CEO of Renactus Technology Inc., a Union, NJ-based MSP, said stock market concerns and venture capitalists aren’t what blockchain players are paying attention to these days. these days.
When it comes to the economy, it’s all about high inflation, he said.
“We are the most affected by price increases that are passed on to us (by suppliers) and our price increases are passed on to customers,” he said. “Everyone bears the brunt of inflation.”
Although there is widespread concern about the economy, Smith said customers “are not cutting back on security spending at this point.” The reason: they see cybersecurity as vital to their future.
“But they are more aware of their cybersecurity dollars and how they are spent,” he said, noting that chain players need to be careful before losing customers to others who charge. less.