Source Code: Your daily look at what matters in tech.

source-codesource codeauthorAdam JanofskyNoneWant your finger on the pulse of everything that's happening in tech? Sign up to get David Pierce's daily newsletter.64fd3cbe9f
×

Get access to Protocol

Your information will be used in accordance with our Privacy Policy

I’m already a subscriber
Power

Cybersecurity investors are still writing checks amid coronavirus

"I haven't been this busy in months."

Yoav Leitersdorf

"We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm.

Photo: Courtesy of Kfir Ziv

No matter the market pressures, no organization can afford to get hacked. And that's a good thing if you're in the cybersecurity industry.

Investors and analysts say that cybersecurity is one of the few industries that can thrive during times of crisis and is better positioned than other sectors to weather the coronavirus outbreak.

Several cybersecurity firms saw their stocks soar over the last week, and cybersecurity startup investors say deals have shown no sign of slowing down. "We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm with offices in Tel Aviv and Silicon Valley.

Although many big corporations will be looking for ways to reduce spending, few will be willing to cut cybersecurity budgets because the cost of an attack can far exceed the price of security tools. Additionally, cyberthreats are increasing as organizations shift to more remote work, and hackers try to take advantage of coronavirus fears.

Not all cybersecurity companies will fare the same. Some — like those that provide security tools that support telework or have cloud-based security solutions that can be remotely managed — will likely receive a boost during the outbreak. Others, including legacy companies that sell firewalls and physical devices, are expected to take a hit. Cybersecurity investors and analysts explained who they think the winners and losers are.

Cash is still pouring into cybersecurity startups

Cybersecurity is a relatively new and fast-moving industry, and many of the firms in the space are backed by venture capital; there are more than 1,000 cybersecurity startups, according to data from Crunchbase.

Investors in the industry say they are still pouring money into these companies. Leitersdorf said his firm closed a multimillion-dollar investment with a software development security startup last week, and has eight other deals in the works. "I haven't been this busy in months," he said.

Alberto Yepez, managing director of ForgePoint Capital, another cybersecurity-focused VC firm with $750 million in assets under management, said his company has issued two new term sheets since the beginning of March and plans to complete those investments in the next month. "We're actively investing," he said. "People might think deal flow would slow, but in cybersecurity our deal flow has increased."

So far, the outbreak's main effect has been on the process of how deals get done. Leitersdorf said he hasn't had in-person meetings with about half of the companies that he's currently considering investing in.

"Online video meetings provide us with a fair amount of comfort, but there's nothing like being in the same room with someone," he said. "We've never closed an investment with a group that we haven't met in person, so that will be a first. Maybe we'll find a way to meet them in a park standing far away from each other."

Leitersdorf said that two types of organizations in the cybersecurity startup ecosystem may face challenges in the near future from COVID-19: startups that don't have a lot of cash on hand to get them through the crisis, and VC firms that are looking to raise funds from institutional investors. "If you've not raised your fund yet, don't do it. Go to the beach, relax for about six months. There are hardly any VC firms that can raise capital in this environment," he said.

You can't cheap out on security right now

With record drops in global markets over the last month and the International Monetary Fund warning that a coming recession could be "as least as bad" as the global financial crisis of 2007-'08, companies across the board are assessing their budgets and trying to tighten up where they can.

Cybersecurity, however, has become an area that few companies will be willing to cut.

"What board of directors is willing to cut spending on security and increase exposure to cyberattacks?" Leitersdorf asked.

For one thing, attacks are increasing and companies are especially vulnerable as they transition into remote work environments. Coronavirus phishing scams have exploded in recent weeks, and health care organizations including University Hospital Brno in the Czech Republic have been targeted by ransomware attacks. Cybersecurity experts have warned that the coronavirus outbreak is a perfect time for nation-state hackers to strike, and the effects of such attacks might not be felt for months.

"The volume and sophistication of attacks is increasing, and people are looking at cybersecurity as a must-have, not a nice-to-have," Yepez said.

These attacks can cost a lot more to an organization than the price of technologies that can defend against them. Ransomware attacks, for example, have cost firms like Merck and FedEx an estimated $870 million and $400 million, respectively, in lost revenue and other damages.

"When the dust settles, it is very likely that most organizations will assess that they are not as resilient as they thought they were from a cybersecurity standpoint, and increased investments are likely," Katell Thielemann, research vice president at Gartner, said in an email.

Winners: Cloud and remote services

Several publicly traded cybersecurity companies, such as Crowdstrike, Okta and Fortinet, have rallied over the last two weeks, climbing 25% or more. "Many cyber companies in the public market have fared better than most in the tech sector," Yepez said.

After experiencing a drop in early in the month, Crowdstrike's stock, for example, is up almost 78% since March 16. In a regulatory filing issued on Monday, the company said it's not yet clear what the impact of COVID-19 will be on its financials or operations. But cybersecurity investors and analysts said that cloud-based security providers like Crowdstrike stand to gain a lot.

"Everything they've done for years plays out very well with this crisis — the cloud elements, protecting phones, laptops and other devices that people are taking home," Leitersdorf said.

"If you provide cloud-based security solutions that can be remotely managed, you are probably rather busy," Thielemann said.

Other winners include managed service providers, which handle security for small- and medium-size businesses that may opt to outsource security instead of having a full-time team or CISO, Yepez said. And companies involved in securing remote workers, like VPN providers, will also see an uptick in business, Thielemann said.

Losers: Legacy providers and security auditors

Although the cybersecurity industry will likely be resilient during the outbreak, some companies will suffer.

Legacy companies that sell tools like firewalls and physical devices will likely take a big hit. One reason is because restrictions on movement will make it difficult for companies to install and manage these tools, Yepez said.

Another reason is because the corporate attack surface has changed due to coronavirus, according to Leitersdorf. "On-premise firewalls aren't relevant when people are working all over the place. Companies that provide solutions for anything with a physical perimeter will not do well," he said. These companies likely have contracts that will sustain them for some time, but the disruptions caused by the coronavirus outbreak will likely accelerate the move away from these companies toward more innovative solutions, he said.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Another part of the security industry that will probably experience disruptions or a drop in revenue are companies that offer auditing and security assessments, Thielemann said. These companies typically send teams to clients to probe them for vulnerabilities and other weaknesses, which is sometimes required by regulators.

"It's difficult to conduct assessment and audits at client locations. In some verticals like Energy, NERC/FERC [regulators for power system operators] have temporarily suspended standards-compliance audits, for instance. When that side of the market will return to normal is unknown," Thielemann said.

Protocol | Workplace

In Silicon Valley, it’s February 2020 all over again

"We'll reopen when it's right, but right now the world is changing too much."

Tech companies are handling the delta variant in differing ways.

Photo: alvarez/Getty Images

It's still 2021, right? Because frankly, it's starting to feel like March 2020 all over again.

Google, Apple, Uber and Lyft have now all told employees they won't have to come back to the office before October as COVID-19 case counts continue to tick back up. Facebook, Google and Uber are now requiring workers to get vaccinated before coming to the office, and Twitter — also requiring vaccines — went so far as to shut down its reopened offices on Wednesday, and put future office reopenings on hold.

Keep Reading Show less
Allison Levitsky
Allison Levitsky is a reporter at Protocol covering workplace issues in tech. She previously covered big tech companies and the tech workforce for the Silicon Valley Business Journal. Allison grew up in the Bay Area and graduated from UC Berkeley.

After a year and a half of living and working through a pandemic, it's no surprise that employees are sending out stress signals at record rates. According to a 2021 study by Indeed, 52% of employees today say they feel burnt out. Over half of employees report working longer hours, and a quarter say they're unable to unplug from work.

The continued swell of reported burnout is a concerning trend for employers everywhere. Not only does it harm mental health and well-being, but it can also impact absenteeism, employee retention and — between the drain on morale and high turnover — your company culture.

Crisis management is one thing, but how do you permanently lower the temperature so your teams can recover sustainably? Companies around the world are now taking larger steps to curb burnout, with industry leaders like LinkedIn, Hootsuite and Bumble shutting down their offices for a full week to allow all employees extra time off. The CEO of Okta, worried about burnout, asked all employees to email him their vacation plans in 2021.

Keep Reading Show less
Stella Garber
Stella Garber is Trello's Head of Marketing. Stella has led Marketing at Trello for the last seven years from early stage startup all the way through its acquisition by Atlassian in 2017 and beyond. Stella was an early champion of remote work, having led remote teams for the last decade plus.
Protocol | China

Livestreaming ecommerce next battleground for China’s nationalists

Vendors for Nike and even Chinese brands were harassed for not donating enough to Henan.

Nationalists were trolling in the comment sections of livestream sessions selling products by Li-Ning, Adidas and other brands.

Collage: Weibo, Bilibili

The No. 1 rule of sales: Don't praise your competitor's product. Rule No. 2: When you are put to a loyalty test by nationalist trolls, forget the first rule.

While China continues to respond to the catastrophic flooding that has killed 99 and displaced 1.4 million people in the central province of Henan, a large group of trolls was busy doing something else: harassing ordinary sportswear sellers on China's livestream ecommerce platforms. Why? Because they determined that the brands being sold had donated too little, or too late, to the people impacted by floods.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
Power

The video game industry is bracing for its Netflix and Spotify moment

Subscription gaming promises to upend gaming. The jury's out on whether that's a good thing.

It's not clear what might fall through the cracks if most of the biggest game studios transition away from selling individual games and instead embrace a mix of free-to-play and subscription bundling.

Image: Christopher T. Fong/Protocol

Subscription services are coming for the game industry, and the shift could shake up the largest and most lucrative entertainment sector in the world. These services started as small, closed offerings typically available on only a handful of hardware platforms. Now, they're expanding to mobile phones and smart TVs, and promising to radically change the economics of how games are funded, developed and distributed.

Of the biggest companies in gaming today, Amazon, Apple, Electronic Arts, Google, Microsoft, Nintendo, Nvidia, Sony and Ubisoft all operate some form of game subscription. Far and away the most ambitious of them is Microsoft's Xbox Game Pass, featuring more than 100 games for $9.99 a month and including even brand-new titles the day they release. As of January, Game Pass had more than 18 million subscribers, and Microsoft's aggressive investment in a subscription future has become a catalyst for an industrywide reckoning on the likelihood and viability of such a model becoming standard.

Keep Reading Show less
Nick Statt
Nick Statt is Protocol's video game reporter. Prior to joining Protocol, he was news editor at The Verge covering the gaming industry, mobile apps and antitrust out of San Francisco, in addition to managing coverage of Silicon Valley tech giants and startups. He now resides in Rochester, New York, home of the garbage plate and, completely coincidentally, the World Video Game Hall of Fame. He can be reached at nstatt@protocol.com.
Protocol | Policy

Lina Khan wants to hear from you

The new FTC chair is trying to get herself, and the sometimes timid tech-regulating agency she oversees, up to speed while she still can.

Lina Khan is trying to push the FTC to corral tech companies

Photo: Graeme Jennings/AFP via Getty Images

"When you're in D.C., it's very easy to lose connection with the very real issues that people are facing," said Lina Khan, the FTC's new chair.

Khan made her debut as chair before the press on Wednesday, showing up to a media event carrying an old maroon book from the agency's library and calling herself a "huge nerd" on FTC history. She launched into explaining how much she enjoys the open commission meetings she's pioneered since taking over in June. That's especially true of the marathon public comment sessions that have wrapped up each of the two meetings so far.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Latest Stories