yesAdam JanofskyNone
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Power

Cybersecurity investors are still writing checks amid coronavirus

"I haven't been this busy in months."

Yoav Leitersdorf

"We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm.

Photo: Courtesy of Kfir Ziv

No matter the market pressures, no organization can afford to get hacked. And that's a good thing if you're in the cybersecurity industry.

Investors and analysts say that cybersecurity is one of the few industries that can thrive during times of crisis and is better positioned than other sectors to weather the coronavirus outbreak.

Several cybersecurity firms saw their stocks soar over the last week, and cybersecurity startup investors say deals have shown no sign of slowing down. "We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm with offices in Tel Aviv and Silicon Valley.

Although many big corporations will be looking for ways to reduce spending, few will be willing to cut cybersecurity budgets because the cost of an attack can far exceed the price of security tools. Additionally, cyberthreats are increasing as organizations shift to more remote work, and hackers try to take advantage of coronavirus fears.

Not all cybersecurity companies will fare the same. Some — like those that provide security tools that support telework or have cloud-based security solutions that can be remotely managed — will likely receive a boost during the outbreak. Others, including legacy companies that sell firewalls and physical devices, are expected to take a hit. Cybersecurity investors and analysts explained who they think the winners and losers are.

Cash is still pouring into cybersecurity startups

Cybersecurity is a relatively new and fast-moving industry, and many of the firms in the space are backed by venture capital; there are more than 1,000 cybersecurity startups, according to data from Crunchbase.

Investors in the industry say they are still pouring money into these companies. Leitersdorf said his firm closed a multimillion-dollar investment with a software development security startup last week, and has eight other deals in the works. "I haven't been this busy in months," he said.

Alberto Yepez, managing director of ForgePoint Capital, another cybersecurity-focused VC firm with $750 million in assets under management, said his company has issued two new term sheets since the beginning of March and plans to complete those investments in the next month. "We're actively investing," he said. "People might think deal flow would slow, but in cybersecurity our deal flow has increased."

So far, the outbreak's main effect has been on the process of how deals get done. Leitersdorf said he hasn't had in-person meetings with about half of the companies that he's currently considering investing in.

"Online video meetings provide us with a fair amount of comfort, but there's nothing like being in the same room with someone," he said. "We've never closed an investment with a group that we haven't met in person, so that will be a first. Maybe we'll find a way to meet them in a park standing far away from each other."

Leitersdorf said that two types of organizations in the cybersecurity startup ecosystem may face challenges in the near future from COVID-19: startups that don't have a lot of cash on hand to get them through the crisis, and VC firms that are looking to raise funds from institutional investors. "If you've not raised your fund yet, don't do it. Go to the beach, relax for about six months. There are hardly any VC firms that can raise capital in this environment," he said.

You can't cheap out on security right now

With record drops in global markets over the last month and the International Monetary Fund warning that a coming recession could be "as least as bad" as the global financial crisis of 2007-'08, companies across the board are assessing their budgets and trying to tighten up where they can.

Cybersecurity, however, has become an area that few companies will be willing to cut.

"What board of directors is willing to cut spending on security and increase exposure to cyberattacks?" Leitersdorf asked.

For one thing, attacks are increasing and companies are especially vulnerable as they transition into remote work environments. Coronavirus phishing scams have exploded in recent weeks, and health care organizations including University Hospital Brno in the Czech Republic have been targeted by ransomware attacks. Cybersecurity experts have warned that the coronavirus outbreak is a perfect time for nation-state hackers to strike, and the effects of such attacks might not be felt for months.

"The volume and sophistication of attacks is increasing, and people are looking at cybersecurity as a must-have, not a nice-to-have," Yepez said.

These attacks can cost a lot more to an organization than the price of technologies that can defend against them. Ransomware attacks, for example, have cost firms like Merck and FedEx an estimated $870 million and $400 million, respectively, in lost revenue and other damages.

"When the dust settles, it is very likely that most organizations will assess that they are not as resilient as they thought they were from a cybersecurity standpoint, and increased investments are likely," Katell Thielemann, research vice president at Gartner, said in an email.

Winners: Cloud and remote services

Several publicly traded cybersecurity companies, such as Crowdstrike, Okta and Fortinet, have rallied over the last two weeks, climbing 25% or more. "Many cyber companies in the public market have fared better than most in the tech sector," Yepez said.

After experiencing a drop in early in the month, Crowdstrike's stock, for example, is up almost 78% since March 16. In a regulatory filing issued on Monday, the company said it's not yet clear what the impact of COVID-19 will be on its financials or operations. But cybersecurity investors and analysts said that cloud-based security providers like Crowdstrike stand to gain a lot.

"Everything they've done for years plays out very well with this crisis — the cloud elements, protecting phones, laptops and other devices that people are taking home," Leitersdorf said.

"If you provide cloud-based security solutions that can be remotely managed, you are probably rather busy," Thielemann said.

Other winners include managed service providers, which handle security for small- and medium-size businesses that may opt to outsource security instead of having a full-time team or CISO, Yepez said. And companies involved in securing remote workers, like VPN providers, will also see an uptick in business, Thielemann said.

Losers: Legacy providers and security auditors

Although the cybersecurity industry will likely be resilient during the outbreak, some companies will suffer.

Legacy companies that sell tools like firewalls and physical devices will likely take a big hit. One reason is because restrictions on movement will make it difficult for companies to install and manage these tools, Yepez said.

Another reason is because the corporate attack surface has changed due to coronavirus, according to Leitersdorf. "On-premise firewalls aren't relevant when people are working all over the place. Companies that provide solutions for anything with a physical perimeter will not do well," he said. These companies likely have contracts that will sustain them for some time, but the disruptions caused by the coronavirus outbreak will likely accelerate the move away from these companies toward more innovative solutions, he said.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Another part of the security industry that will probably experience disruptions or a drop in revenue are companies that offer auditing and security assessments, Thielemann said. These companies typically send teams to clients to probe them for vulnerabilities and other weaknesses, which is sometimes required by regulators.

"It's difficult to conduct assessment and audits at client locations. In some verticals like Energy, NERC/FERC [regulators for power system operators] have temporarily suspended standards-compliance audits, for instance. When that side of the market will return to normal is unknown," Thielemann said.

People

Expensify CEO David Barrett: ‘Most CEOs are not bad people, they're just cowards’

"Remember that one time when we almost had civil war? What did you do about it?"

Expensify CEO David Barrett has thoughts on what it means for tech CEOs to claim they act apolitically.

Photo: Expensify

The Trump presidency ends tomorrow. It's a political change in which Expensify founder and CEO David Barrett played a brief, but explosive role.

Barrett became famous last fall — or infamous, depending on whom you ask — for sending an email to the fintech startup's clients, urging them to reject Trump and support President-elect Joe Biden.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Protocol | Enterprise

Why Oracle and SAP are fighting over startups

Did someone mention a chance to burnish reputations and juice balance sheets?

New cloud-based offerings and favorable contract terms are convincing startups to switch to software from Oracle and SAP earlier in their lives than your might expect.
Jane Seidel

In the hunt for their next big-ticket customers, SAP and Oracle are trying to cast off reputations as stodgy tech providers by making a huge push to provide their software to startups.

Both companies have found themselves in choppy waters recently as potential customers have turned to the cloud, shunning the on-premises solutions SAP and Oracle are known for. That's coupled with a global pandemic that dried up demand for the expensive enterprise-grade software that drives profits at the vendors.

Keep Reading Show less
Joe Williams

Joe Williams is a senior reporter at Protocol covering enterprise software, including industry giants like Salesforce, Microsoft, IBM and Oracle. He previously covered emerging technology for Business Insider. Joe can be reached at JWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Is this a VC bubble, or just the new normal?

Huge deals, little diligence and hyper-fast follow-on rounds have become commonplace. For now.

Things are looking awful frothy, aren't they?

Photo: Drew Beamer/Unsplash

The VC industry is "frothy," "overheated" or "bonkers," investors say. Whether this is the new normal or unhealthy signs of an overheated market depends on your point of view — and how well your portfolio is doing.

There are signs that VC has changed all around. In recent months, deal sizes and valuations have spiked in hot deals; due diligence on startups has evaporated as investors compete to get into hot deals first; venture firms are investing much more than they normally do; there are hyper-fast follow-on rounds; and more non-traditional investors are backing early-stage startups.

Keep Reading Show less
Tomio Geron

Tomio Geron ( @tomiogeron) is a San Francisco-based reporter covering fintech. He was previously a reporter and editor at The Wall Street Journal, covering venture capital and startups. Before that, he worked as a staff writer at Forbes, covering social media and venture capital, and also edited the Midas List of top tech investors. He has also worked at newspapers covering crime, courts, health and other topics. He can be reached at tgeron@protocol.com or tgeron@protonmail.com.

Protocol | Enterprise

Don’t worry about the cybersecurity fallout of the Capitol breach

Members of Congress can't access classified information on their work computers, and the chances that Wednesday's mob contained a few moonlighting cyberspies are slim.

Any lasting cybersecurity damage from the breach is likely to be limited.

Photo: Louis Velazquez/Unsplash

Among the disasters that visited Capitol Hill on Wednesday, the fact that the people who infiltrated Congressional offices had unfettered access to IT assets for several hours ranks rather low.

One of the most iconic images of Wednesday's events was a picture of the home screen of Speaker Nancy Pelosi's office computer, abandoned in haste after a mob broke into the Capitol building, forcing Congress and staffers to retreat to safer locations. By design, nothing on Pelosi's computer was classified: Members of Congress have to enter a protected area room in the building to view secret documents, as you'll recall from last year's impeachment proceedings when several House Republicans stormed into such a room in protest because they were denied access to documents their leaders could access.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.

COVID-19 bruised TripActions’ business. It chose to innovate.

If nobody's booking business flights through your startup, why not help people pay for their corporate takeout instead?

TripActions had to confront a world with far less travel.

Photo: TripActions

TripActions was a fast-growing startup that helped clients manage their business travel when the pandemic hit early last year. Now, almost a year later, it's also helping businesses with their work-from-home expenses.

Chief financial officer Thomas Tuchscherer compared what happened last spring to being in a speeding car that was forced off a cliff — a terrifying experience shared by most travel industry companies hit hard by the COVID-19 crisis.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Latest Stories