The current cycle of investment in cybersecurity began in 2012, catalyzed by three major IPOs: Proofpoint, Splunk, and Palo Alto Networks. As is typical, big exits in a space significantly increase investor confidence and drive up supply of capital as additional investors rush in hoping to find the “next big thing.”
2013 saw another major exit with the “eye-popping” IPO of FireEye. It also became the year that cybersecurity rocketed to the forefront of public attention — first after the Edward Snowden incident and again after major breaches at Adobe Systems, the Target Corporation, and Heartland Payment Systems, each of which exposed more than 100 million records. Security has always been a game of cat and mouse, but these events demonstrated how fat the cat had become.
Entrepreneurs and investors took note of two challenges in particular:
- Many companies weren’t even doing the basics right. Existing products were either never fully deployed or not used effectively, and best practices were falling by the wayside. This was usually the result of understaffed security teams being overwhelmed with alerts, many of which were false positives. Security products were also known for impeding productivity, so business users would find ways to get around them, exposing an enterprise to a potential breach.
- The previous generation of security products were just plain inadequate. Not only had the bad guys become more advanced than ever, enterprises were rapidly shifting the way they consume technology. The rise of cloud and mobile put sensitive assets outside of an enterprise’s perimeter and beyond the protection of legacy security vendors. SMBs were particularly at risk, as they were adopting the cloud more rapidly than big companies and historically did not have the resources to invest in security.
A handful of investment themes arose to solve these challenges:
- Back to the (better)…