According to Gartner, worldwide information security spending reached $76.9 billion in 2015. As the frequency and intensity of hacks worsen, security spending is expected to reach $170 billion by 2020. That’s more than 100 percent growth in five years.
Venture capital (VC) investments in cybersecurity startups continues to grow steadily (~40 percent each year over the past 5 years); 2015 may reach an all-time high, with projections of ~ $3.5 billion.
Yet, when we look at cybersecurity as a percentage of all VC investments, the picture is somewhat sobering. Cybersecurity is less than 7 percent of all VC investments. Despite all the hacks and media attention, is the security sector under-funded?
The conservative VC’s view
It’s all about exits and returns. Unicorns are a rarity in the security world. Security exits tend to fall in three distinct bands: ~$50 million, ~$200 million and $500+ million. Capital consumption is highly efficient as compared to other verticals, but the time-to-exit is much longer.
Authy, a two-factor authentication company (2FA) raised $3.8 million and was acquired by Twilio. Another 2FA company, Toopher, was acquired in April 2015 by Salesforce after raising less than $3 million. Aorato, backed by Accel, was acquired by Microsoft for $200 million. The company consumed less than $15 million. Smaller exits occur in ~3 years.
The third band of exits occurs in the $500+ million range. OpenDNS was acquired in 2015 by Cisco for $635 million. According to sources, it had reached $60+ million in ARR, but it took 10+ years from launch. Lancope, also acquired by Cisco in 2015 for $435 million, took 14 years to get to an exit. An occasional IPO like FireEye (IPO in 2014) or Palo Alto Networks (IPO in 2012) can create an adrenalin rush…but these are exceptions.
Read the full article here