Building Cybersecurity Companies in Uncertain Economic Times
Cybersecurity start-ups have an important role to play during a global crisis
Coronavirus has turned the world upside down overnight. Known as COVID-19, the virus continues to spread and is impacting individuals, families, communities and businesses. With so much uncertainty, entrepreneurs and investors in the cybersecurity industry are questioning their next moves. Is it possible to build a business during hard economic times?
The answer is yes. Many of us in the industry successfully weathered the financial crises of 2000 and 2008. Those experiences taught us important lessons, and we emerged stronger and wiser. We learned that great cybersecurity companies are forged in times of crisis. While it may seem a prudent time for investors to take a cautious approach, I believe now is an opportunity to invest in high-quality companies.
With valuations returning to reasonable benchmarks, the price of entry will determine the exit multiple, and venture cycles typically take anywhere from five to seven years to create companies that will deliver significant value that will command premium outcomes.
We believe a downturn in the broader economy will inspire a wave of market consolidation. Many cybersecurity companies with unproven business models and lack of market traction will be unable to raise capital and seek exit opportunities, while well-capitalized companies with proven business models and customer traction will ride out the storm and prove successful.
COVID-19 and The Rising Demand for Cybersecurity Solutions
Cyber threats are a daily issue, but we’ve seen a large uptick in cyberattacks, both in volume, frequency and sophistication, as COVID-19 has surged. These attacks include ransomware, business email compromise, account takeovers, and the use of compromised credentials — obtained via security breach – to commit fraud.
Unfortunately, in times of crisis, cyber criminals will try to exploit the situation. For example, the World Health Organization, the U.S. Department of Health and Human Services, hospitals and other important healthcare organizations have reported attacks during the coronavirus pandemic. Unfortunately, healthcare systems and facilities have always been major targets. In fact, a McAfee report showed that healthcare was one of the top ten targeted sectors of cyber attacks in 2018-2019. According to a recent TechTarget article on ransomware, cybersecurity experts predict that escalating threats during the pandemic will continue to disrupt healthcare and government response efforts.
Over the coming months, we expect the number and frequency of data breaches to increase, as cyber criminals lure unsuspecting users to malicious websites or compromise their security through weaponized attachments.
The other driver of increased demand for cybersecurity solutions is what has quickly become the new normal: remote workers and online business. To protect the privacy of employees, customers and suppliers, as well as their intellectual property, many companies will need to invest in cybersecurity infrastructure. Due to newly constrained budgets, executives will need to make the trade-off between new IT initiatives, such as implementing a business application vs. protecting their existing infrastructure.
While there will likely be tough times ahead for the broader economy, cyberattacks are rising in both volume and sophistication, so now is a great time to start a cybersecurity company or continue building an existing start-up. Larger, more established companies are not only distracted, but also unable to innovate at the speed of a small, nimble, focused team.
Well-funded start-ups can thrive during this time of upheaval and economic hardship if and only if they do the following:
1. Realign spending structures
Cyber start-ups need to revise their sales forecast and adjust their spending accordingly. Assume a drop in sales anywhere between 10% and 50% of projected attainment. That broad range will depend on industries that are most impacted by the pandemic.
2. Extend your runway
With thoughtful spend reductions, cyber start-ups should be able to extend their runway by at least six months.
3. Focus on employees
In hard times, companies that take care of their most important assets — their people and their families– will earn loyalty and trust. Employees will work harder if they see their companies doing the right thing even with reduced spending.
4. Invest in customer success
Successful businesses are about happy customers. They will remember who helped them during the crisis. Cybersecurity start-ups can keep existing customers happy by offering assistance on how best to use and implement solutions more effectively in hard times. This helps customers take responsibility for their own success.
When customers are happy, they are more likely to renew and increase their commitments with their key technology partners, such as subscription renewals, ongoing maintenance and support, and openness to services-led engagements.
5. Offer services-led engagements
It’s best not to assume that potential customers have the resources to implement a cybersecurity solution. Instead, one option is to offer implementation and managed services to complement their existing teams.
6. Reassess sales and marketing investments
Sales and marketing efforts can include meaningful online engagement with customers. Cyber start-ups should consider offering webinars, remote discovery assessments, online educational workshops, thought leadership content and how-to implementation tutorials. While a cyber company may know its products and solutions inside and out, it should never assume its customers or partners do.
7. Invest in making your products easy to use and manage
To get ahead of the competition, cyber start-ups should hat focus on the usability of their products. Ideally, the products should be easy to evaluate, deploy and operate remotely. Also, it’s wise to focus on intuitive, user-centered design.
Looking Forward: Survive then Thrive
Subsequent to Q4 2019, global market conditions have shifted dramatically. It’s clear that the outbreak of COVID-19 has adjusted expectations of the macroeconomic environment. However, in the event that a demand shock spurred by the pandemic precipitates a wider economic downturn, we anticipate that public equities may experience a reset to growth, returning indices closer to long-term benchmarks.
While private companies’ valuations will decline, and it’s not clear yet how much they will decline, during the previous two economic downturns, the information security market demonstrated surprising durability and lower correlation to broader market conditions at that time.
A now archived report (October 2001) published by Gartner, a market research firm, concurs: “The downturn in the U.S. economy starting in mid-2000 did not have an appreciable effect on the security software market, which grew 25 percent to $3.3 billion in 2000, up from 22 percent in 1999.” To put those figures into context, the present market opportunity in what is now referred to as cybersecurity is $114 billion (2020), yielding long-run nominal market growth above 20% (CAGR).
It’s our belief that cybersecurity companies cannot only survive during this cycle but thrive when the economy recovers. What they do matters, because great cybersecurity enables economic prosperity while also protecting classified information as well as every individual’s privacy and civil liberties.
About Alberto Yepez
Alberto is one of the pioneers of the cybersecurity industry (founder enCommerce in 1995) and has played significant roles as a serial entrepreneur, public company CEO, board member and venture capital investor. He is recognized as one of the leading investors in cybersecurity and for his company-building skills. Alberto spent 10 years at Apple, 2.5 years at Oracle and was CEO of enCommerce, Entrust and Thor Technologies. He serves on the board of the National Venture Capital Association (NVCA) and is chairman of the Hispanic IT Executive Council (HITEC).
About ForgePoint Capital
ForgePoint Capital actively invests in the next generation of cybersecurity and cyber intelligence leaders who will protect individuals, businesses and government agencies against cyberattacks. In February 2020, the company announced the closing of ForgePoint Capital Fund II with $450 million of committed capital.