Why It’s Time for Investors to Redeem Their Cyber Security Investments

Cyber security technology is one of investors’ dearest investment channels of the second decade of the millennium. In the wake of unending attacks on political bodies, the most famous and recent of them have been directed at the Democratic Party in the U.S and the French President, and on corporations such as Yahoo, Lockheed Martin, Sony, and Target.  It is undeniable that cyber tech is here to stay.

As attackers change and improve their methods to better cope with cybersecurity weaponry, new technologies are constantly being developed, thus justifying an unending wave of new startups and a massive flow of funding into them. But now that we’re a few years into the cyber trend, investors are starting to look into their books in search of a paycheck.

It is possible that this time has arrived, and the industry is going to soon witness a few interesting deals. We at Zirra, a research company focused on the private tech market, have found several indicators which support this trend.

Main Factors for Cyber Security Investments

1. The market capital of cyber companies is on the rise again: After a long “winter,” Symantec’s stock is up by 35% since January 2016, CheckPoint is up by 26% and Fortinet is up by 28%; Fireye is up finally, after a 48% cut in stock price from the beginning of 2016 to the lowest point this March. Their stock has gained about 36% since then. The last year and a half were also hard on Palo Alto Networks who has seen a gradual decline in stock price since January 2016, but in the first days of May the company’s price is up by 5%; CyberArk‘s stocks, too, experiencing its best times in almost two years.

Source: Google Finance

Rising stock prices improve the appetite for acquisitions in a couple of ways: 

A general optimistic, constructive sentiment.

The acquirer can better tolerate a temporary decline in the stock’s price inflicted on it during the hours and days following a deal.

Investors can now demand higher prices for the startups they are selling, after a long period of sitting in the middle.

2. Too many companies were established in a very short time, but only a fraction will get acquired: There is no argument that there has been a significant amount of money invested in the cyber security segment in recent years. The number has almost quadrupled from 2012 to 2015, and is just short of $4 billion. But, it is not the total funding that worries the investors, so much as the number of companies that were funded in total.

From mid-2014, there were nine quarters in which 90+ companies were funded in each. Quarters with 100+ companies appeared five times. In comparison, the hot area of AI surpassed 100 companies per quarter only at the beginning of 2015. But, whereas investors keep pouring more and more money into AI, that now reaches around 170 companies per quarter, cyber security had cooled down to 76 companies in the last quarter of 2016, according to CB Insights.

The funding could be well explained if there were enough exits to justify it. But after two great years, 2014 and 2015, that have produced 107 and 124 exits and 11 IPOs together, 2016 was a tough year, with only 88 exits and one IPO. Following the good news coming from New York stocks exchanges, VCs are interested in selling some of their companies, and when valuations are going up again, it will be easier to do so.

Source: CB Insights

Oren Bar-On, a senior partner at EY, told the press that 2017 is going to be harsh on many startups in the cyber security industry. Startups that had raised small financial rounds of $1-2 million in the last two years will find it quite challenging to complete bigger rounds now. Therefore, it’s possible we’ll see a good deal of small and medium-sized acquisition deals.

Who will be the next cyber company to be acquired? Zirra put together a list of some of the most interesting cyber security startups. Click on their names to get the full Premium Insight Reports.

Search for a company

TrapX is a deception-based security firm that detects, analyzes and defends new zero-day and APT attacks in real time.

Inpedio offers mobile security solutions through Mercury, its flagship solution, using multi-layered deep defense security that covers the device, network connectivity, and communications from within

Tufin automates and accelerates network configuration through security policy orchestration. The company’s proprietary technology enables IT organizations drastically to reduce the time and cost to implement network changes. Specializing in the management of firewalls, routers switches, and load balancers, Tufin also allows customers to automate daily configuration changes to all network security devices.

Upguard, formerly known as ScriptRock, has developed the Cybersecurity Threat Assessment Report, that provides in-depth and actionable intelligence on the preparedness for enterprises. UpGuard allows the user to monitor all server, network device, and cloud app configurations.

Alcide is planning to build a network security platform from the ground up for modern, large-scale data centers that leverage multiple technologies and micro-service architectures.

Ensilo was founded on the recognition that external threat actors cannot be prevented from infiltrating networks, and instead focuses on preventing the theft and tampering of critical data in the event of a cyber-attack. It is doing so by blocking in real-time ant data-related malicious activity.

Endian provides open source network security and remote connectivity solutions under their brand: Unified Threat Management. The system, comprised of hardware, software and virtual appliances provides gateway security that includes firewall, VPN, web, and email security services to networks in all sizes.

Assaf Gilad

An ex-journalist from Calcalist, a leading business and tech news outlet in Israel, I'm now writing about startups for Zirra.com.