As cyberattacks surge, security startups reap the rewards

After bids from seven investors, Netskope raised $300 million this month at a valuation of $7.5 billion, up from a $2.8 billion valuation last year. It was one of the year’s largest cybersecurity funding rounds, but not the maximum that Netskope could have attained.

David Hatfield in San Francisco on July 21, 2021. Hatfield runs Lacework, a cloud security start-up that closed a $525 million funding round in January. (Marissa Leshnov/The New York Times)

Written by Erin Woo

As cyberattacks proliferated this year, Sanjay Beri, CEO of Netskope, a cloud security startup, got a phone call. Then an email. Then more messages.

All were from venture capitalists who wanted to invest in his company. Given the ransomware attacks and nation-state hacks that were making headlines, they told him, companies that made security products had a bigger market and mission than before.

“We weren’t looking for capital,” said Beri, who founded Netskope in 2012, but the cyberattacks “definitely increased their interest.”

After bids from seven investors, Netskope raised $300 million this month at a valuation of $7.5 billion, up from a $2.8 billion valuation last year. It was one of the year’s largest cybersecurity funding rounds, but not the maximum that Netskope could have attained.

“We could have raised $1 billion in capital,” Beri said.

Recent cyberattacks around the world have taken down operations at gasoline pipelines, hospitals and grocery chains and potentially compromised some intelligence agencies. But they have been a bonanza for one group: cybersecurity startups.

Investors have poured more than $12.2 billion into startups that sell products and services such as cloud security, identify verification and privacy protection so far this year. That exceeds the $10.4 billion that cybersecurity companies raised in all of 2020 and is more than double the $4.8 billion raised in 2016, according to the research firm PitchBook, which tracks funding. Since 2019, the rise in cybersecurity funding has outpaced the increase in overall venture funding.

The surge follows a slew of high-profile ransomware attacks, including against Colonial Pipeline, software maker Kaseya and meat processor JBS. When President Joe Biden met with Russian President Vladimir Putin last month, cyberattacks perpetrated by Russians were high on the diplomatic agenda. This month, the Biden administration and its allies also formally accused China of conducting hacks.

The breaches have fueled concerns among companies and governments, leading to increased spending on security products. Worldwide spending on information security and related services is expected to reach $150 billion this year, up 12% from a year ago, according to the research company Gartner.

“Before we got to this point, we as security teams were having to go and fight for every penny we could get, and now it’s the exact opposite,” said John Turner, an information security manager at LendingTree, an online-lending marketplace. Executives, he said, are asking: “Are we protected? What do you need?”

All of this is set to drive business for cybersecurity companies, creating a potential windfall that has excited investors. The average valuation of cybersecurity companies raising funds this year has more than doubled to $524.1 million from $221.8 million in 2020, according to PitchBook.

“In close to two decades as a VC, I’ve never seen valuations so escalated,” said Asheem Chandna, a venture capitalist at Greylock Partners, who has invested in security companies such as Palo Alto Networks.

The money is flooding into startups that are tackling hackers in new ways. Traditionally, security systems at companies relied on the idea of securing a perimeter. That meant companies installed firewalls and other software to protect access to their corporate network.

But over the past several years, a shift to cloud computing has rendered the perimeter and the reliance on corporate networks obsolete. Employees now get access to applications over the internet, rather than through a data center operated by their employer. That has opened the door to startups that focus on cloud-based security and identity verification.

“Don’t build higher fences — have really good ID cards,” said Jason Crabtree, CEO of Qomplx, a risk-analytics startup that provides identity-verification software and is in the process of going public.

The funding frenzy has built for months. The pandemic provided momentum when companies shifted to remote work, which required securing those remote-access systems, investors and executives said.

On a Friday evening in October, Chandna introduced the CEO of Abnormal Security, an email-security company in which he had invested, to another investor, he said. That investor, Venky Ganesan of Menlo Ventures, who had been pursuing a meeting with the CEO, Evan Reiser, for months, immediately emailed Reiser to invite him to dinner that night.

Reiser drove, he said, from San Francisco to Ganesan’s home in Atherton, California, about 30 miles away. By the end of the weekend, Abnormal had signed a deal to raise $50 million at a $600 million valuation, putting its total funding at $74 million. Menlo’s $40 million check was the firm’s largest investment ever.

“As shotgun weddings go, it’s as shotgun as you can get,” Ganesan said.

Since then, the ransomware attacks have given the funding wave a further boost.

In January, Lacework, a cloud security startup in San Jose, California, garnered $525 million in funding. Investors reached out because of Lacework’s products, which use artificial intelligence to identify threats, said Andy Byron, the company’s chief resource officer. In total, Lacework has raised $625 million since it was founded in 2015.

Mike Speiser, a venture capitalist at Sutter Hill Ventures, which led Lacework’s January financing, had no problem getting other investors to participate, he said.

“I called the five people that I thought were the best investors and asked them if they were interested. They were all interested, and within 48 hours we had a deal,” Speiser said. “One hundred percent of the people I called said they wanted in. We could have raised well over $1 billion.”

Business has boomed for Lacework because of “the combination of all of these ransomware and nation-state attacks, together with people moving to the cloud so aggressively,” said David Hatfield, who joined the startup in February as CEO.

Other security startups have also benefited. Orca, a cloud-security startup, raised $210 million in March. Trulioo, a company that makes sure users are who they say they are when they join a platform, collected $394 million last month.

Security startups are also being acquired for large sums or are going public. Last month, SentinelOne went public with a market capitalization of over $10 billion, the highest-valued cybersecurity public offering. In May, Auth0, an identity-verification company, was bought by Okta, another security company, for $6.5 billion.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest Technology News, download Indian Express App.

News Assist
Next Story