Power

Cybersecurity investors are still writing checks amid coronavirus

"I haven't been this busy in months."

Yoav Leitersdorf

"We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm.

Photo: Courtesy of Kfir Ziv

No matter the market pressures, no organization can afford to get hacked. And that's a good thing if you're in the cybersecurity industry.

Investors and analysts say that cybersecurity is one of the few industries that can thrive during times of crisis and is better positioned than other sectors to weather the coronavirus outbreak.

Several cybersecurity firms saw their stocks soar over the last week, and cybersecurity startup investors say deals have shown no sign of slowing down. "We're business as usual and very bullish on the industry," said Yoav Leitersdorf, managing partner at YL Ventures, a cybersecurity-focused venture capital firm with offices in Tel Aviv and Silicon Valley.

Although many big corporations will be looking for ways to reduce spending, few will be willing to cut cybersecurity budgets because the cost of an attack can far exceed the price of security tools. Additionally, cyberthreats are increasing as organizations shift to more remote work, and hackers try to take advantage of coronavirus fears.

Not all cybersecurity companies will fare the same. Some — like those that provide security tools that support telework or have cloud-based security solutions that can be remotely managed — will likely receive a boost during the outbreak. Others, including legacy companies that sell firewalls and physical devices, are expected to take a hit. Cybersecurity investors and analysts explained who they think the winners and losers are.

Cash is still pouring into cybersecurity startups

Cybersecurity is a relatively new and fast-moving industry, and many of the firms in the space are backed by venture capital; there are more than 1,000 cybersecurity startups, according to data from Crunchbase.

Investors in the industry say they are still pouring money into these companies. Leitersdorf said his firm closed a multimillion-dollar investment with a software development security startup last week, and has eight other deals in the works. "I haven't been this busy in months," he said.

Alberto Yepez, managing director of ForgePoint Capital, another cybersecurity-focused VC firm with $750 million in assets under management, said his company has issued two new term sheets since the beginning of March and plans to complete those investments in the next month. "We're actively investing," he said. "People might think deal flow would slow, but in cybersecurity our deal flow has increased."

So far, the outbreak's main effect has been on the process of how deals get done. Leitersdorf said he hasn't had in-person meetings with about half of the companies that he's currently considering investing in.

"Online video meetings provide us with a fair amount of comfort, but there's nothing like being in the same room with someone," he said. "We've never closed an investment with a group that we haven't met in person, so that will be a first. Maybe we'll find a way to meet them in a park standing far away from each other."

Leitersdorf said that two types of organizations in the cybersecurity startup ecosystem may face challenges in the near future from COVID-19: startups that don't have a lot of cash on hand to get them through the crisis, and VC firms that are looking to raise funds from institutional investors. "If you've not raised your fund yet, don't do it. Go to the beach, relax for about six months. There are hardly any VC firms that can raise capital in this environment," he said.

You can't cheap out on security right now

With record drops in global markets over the last month and the International Monetary Fund warning that a coming recession could be "as least as bad" as the global financial crisis of 2007-'08, companies across the board are assessing their budgets and trying to tighten up where they can.

Cybersecurity, however, has become an area that few companies will be willing to cut.

"What board of directors is willing to cut spending on security and increase exposure to cyberattacks?" Leitersdorf asked.

For one thing, attacks are increasing and companies are especially vulnerable as they transition into remote work environments. Coronavirus phishing scams have exploded in recent weeks, and health care organizations including University Hospital Brno in the Czech Republic have been targeted by ransomware attacks. Cybersecurity experts have warned that the coronavirus outbreak is a perfect time for nation-state hackers to strike, and the effects of such attacks might not be felt for months.

"The volume and sophistication of attacks is increasing, and people are looking at cybersecurity as a must-have, not a nice-to-have," Yepez said.

These attacks can cost a lot more to an organization than the price of technologies that can defend against them. Ransomware attacks, for example, have cost firms like Merck and FedEx an estimated $870 million and $400 million, respectively, in lost revenue and other damages.

"When the dust settles, it is very likely that most organizations will assess that they are not as resilient as they thought they were from a cybersecurity standpoint, and increased investments are likely," Katell Thielemann, research vice president at Gartner, said in an email.

Winners: Cloud and remote services

Several publicly traded cybersecurity companies, such as Crowdstrike, Okta and Fortinet, have rallied over the last two weeks, climbing 25% or more. "Many cyber companies in the public market have fared better than most in the tech sector," Yepez said.

After experiencing a drop in early in the month, Crowdstrike's stock, for example, is up almost 78% since March 16. In a regulatory filing issued on Monday, the company said it's not yet clear what the impact of COVID-19 will be on its financials or operations. But cybersecurity investors and analysts said that cloud-based security providers like Crowdstrike stand to gain a lot.

"Everything they've done for years plays out very well with this crisis — the cloud elements, protecting phones, laptops and other devices that people are taking home," Leitersdorf said.

"If you provide cloud-based security solutions that can be remotely managed, you are probably rather busy," Thielemann said.

Other winners include managed service providers, which handle security for small- and medium-size businesses that may opt to outsource security instead of having a full-time team or CISO, Yepez said. And companies involved in securing remote workers, like VPN providers, will also see an uptick in business, Thielemann said.

Losers: Legacy providers and security auditors

Although the cybersecurity industry will likely be resilient during the outbreak, some companies will suffer.

Legacy companies that sell tools like firewalls and physical devices will likely take a big hit. One reason is because restrictions on movement will make it difficult for companies to install and manage these tools, Yepez said.

Another reason is because the corporate attack surface has changed due to coronavirus, according to Leitersdorf. "On-premise firewalls aren't relevant when people are working all over the place. Companies that provide solutions for anything with a physical perimeter will not do well," he said. These companies likely have contracts that will sustain them for some time, but the disruptions caused by the coronavirus outbreak will likely accelerate the move away from these companies toward more innovative solutions, he said.


Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.


Another part of the security industry that will probably experience disruptions or a drop in revenue are companies that offer auditing and security assessments, Thielemann said. These companies typically send teams to clients to probe them for vulnerabilities and other weaknesses, which is sometimes required by regulators.

"It's difficult to conduct assessment and audits at client locations. In some verticals like Energy, NERC/FERC [regulators for power system operators] have temporarily suspended standards-compliance audits, for instance. When that side of the market will return to normal is unknown," Thielemann said.

Fintech

Election markets are far from a sure bet

Kalshi has big-name backing for its plan to offer futures contracts tied to election results. Will that win over a long-skeptical regulator?

Whether Kalshi’s election contracts could be considered gaming or whether they serve a true risk-hedging purpose is one of the top questions the CFTC is weighing in its review.

Photo illustration: Getty Images; Protocol

Crypto isn’t the only emerging issue on the CFTC’s plate. The futures regulator is also weighing a fintech sector that has similarly tricky political implications: election bets.

The Commodity Futures Trading Commission has until Oct. 28 to decide whether the New York-based startup Kalshi can offer a form of wagering up to $25,000 on which party will control the House of Representatives and Senate after the midterms. PredictIt, another online market for election trading, has also sued the regulator over its decision to cancel a no-action letter.

Keep Reading Show less
Ryan Deffenbaugh
Ryan Deffenbaugh is a reporter at Protocol focused on fintech. Before joining Protocol, he reported on New York's technology industry for Crain's New York Business. He is based in New York and can be reached at rdeffenbaugh@protocol.com.
Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Enterprise

The Uber verdict shows why mandatory disclosure isn't such a bad idea

The conviction of Uber's former chief security officer, Joe Sullivan, seems likely to change some minds in the debate over proposed cyber incident reporting regulations.

Executives and boards will now be "a whole lot less likely to cover things up," said one information security veteran.

Photo: Al Drago/Bloomberg via Getty Images

If nothing else, the guilty verdict delivered Wednesday in a case involving Uber's former security head will have this effect on how breaches are handled in the future: Executives and boards, according to information security veteran Michael Hamilton, will be "a whole lot less likely to cover things up."

Following the conviction of former Uber chief security officer Joe Sullivan, "we likely will get better voluntary reporting" of cyber incidents, said Hamilton, formerly the chief information security officer of the City of Seattle, and currently the founder and CISO at cybersecurity vendor Critical Insight.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.

Climate

Delta and MIT are running flight tests to fix contrails

The research team and airline are running flight tests to determine if it’s possible to avoid the climate-warming effects of contrails.

Delta and MIT just announced a partnership to test how to mitigate persistent contrails.

Photo: Gabriela Natiello/Unsplash

Contrails could be responsible for up to 2% of all global warming, and yet how they’re formed and how to mitigate them is barely understood by major airlines.

That may be changing.

Keep Reading Show less
Michelle Ma

Michelle Ma (@himichellema) is a reporter at Protocol covering climate. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at mma@protocol.com.

Entertainment

Inside Amazon’s free video strategy

Amazon has been doubling down on original content for Freevee, its ad-supported video service, which has seen a lot of growth thanks to a deep integration with other Amazon properties.

Freevee’s investment into original programming like 'Bosch: Legacy' has increased by 70%.

Photo: Tyler Golden/Amazon Freevee

Amazon’s streaming efforts have long been all about Prime Video. So the company caught pundits by surprise when, in early 2019, it launched a stand-alone ad-supported streaming service called IMDb Freedive, with Techcrunch calling the move “a bit odd.”

Nearly four years and two rebrandings later, Amazon’s ad-supported video efforts appear to be flourishing. Viewership of the service grew by 138% from 2020 to 2021, according to Amazon. The company declined to share any updated performance data on the service, which is now called Freevee, but a spokesperson told Protocol the performance of originals in particular “exceeded expectations,” leading Amazon to increase investments into original content by 70% year-over-year.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Latest Stories
Bulletins