investors Search for IPO 'Unicorns' Among Cyber-Security Startups
The funding frenzy is driven by the constant litany of network breaches hitting the headlines. More than that, the consequences to businesses and their executives' reputations have corporate boards willing to spend on security. Target, Sony and the U.S. Office of Personnel Management all dismissed their top manager following significant hacks. Online adultery site Ashley Madison will likely have to scuttle plans for an initial public offering after hackers appeared to have stolen data on its 37 million users. With such dire consequences from undetected breaches, companies are understandably willing to pay for better security. "If you look at the threat landscape, it is as broad and deep as you can get," Ackerman said. "You have vulnerabilities absolutely everywhere. People are very very concerned, and their concern is driven by wondering where the adversaries are going to hit next.""No one wants to be the next Sony, and that makes this a board-level discussion, not an IT-department discussion," he said. "That is why it is valuations are so high." In addition, a number of other factors have restricted supply of cyber-security companies, leaving investors to aggressively fight over fewer companies. The shortage of skilled and experienced cyber-security entrepreneurs—an offshoot of the lack of supply of cyber-security professionals in general—means that fewer companies are available to be funded. "We know for a fact, there are truly a small number of people that understand cyber-security," Jeff Hudson, CEO of key-management firm Venafi, told eWEEK. "Think of people that can start companies and have the domain expertise and the track record to do it—there are not that many." Venafi raised $39 million in June. The cyber-security industry's failure to stop breaches, however, is wearing on the confidence of potential customers. Information security managers and chief security officers also only have so much time to evaluate new products and have to carefully choose what they are actually going to deploy on their network. While investors continue to be enamored of the cyber-security industry's luster, the time of bargains is long past and potential pitfalls are more likely, Allegis' Ackerman said. "I think there are things that are getting funded that should not get funded, because people do not understand how complicated this is," he said. "When you get to cyber-security, it is still the domain of deep science and deep engineering, and many people do not understand that."
The constant reminders that businesses can be impacted by breaches has loosened purse strings and driven business to security firms. With CEOs worried about their jobs, and boards worried about potential negative impacts to their stock price, cyber-security firms no longer have to convince businesses that information security is necessary, Zscaler's Druker said.