WASHINGTON, DC – At a congressional hearing today before the Senate Committee on Commerce, Science, and Transportation, NVCA Board Chair Venky Ganesan, Managing Director at Menlo Ventures, testified on the critical role of venture capital in supporting innovation in cybersecurity.  Since 2010, venture investors have deployed over $14.6 billion in more than 740 cybersecurity companies, including $3.52 billion in 2015 and $2.75 billion in 2016.

“Cybersecurity innovation and venture capital have been inextricably intertwined right from the beginning.  Some of the biggest innovations in cybersecurity have been introduced by venture capital backed startups,” said Ganesan in his prepared testimony.  “For example: The stateful inspection firewall which is a critical component of almost all perimeter security products was invented by Checkpoint; SSL encryption was invented by Netscape; and Next generation firewall based on a ‘single pass’ architecture was pioneered by Palo Alto Networks.  In addition, almost all of the major independent cybersecurity companies in the public market were funded by venture capitalists, including Symantec, Palo Alto Networks, FireEye, Proofpoint, Imperva, Fortinet, Qualys, and Cyberark, to name a few.”

During his testimony, Ganesan discussed some of the emerging threats of cybersecurity but also outlined for committee members major developments in technical areas such as artificial intelligence, Blockchain, Internet of Things and quantum computing, and how they might impact cybersecurity.

“[M]ost experts believe that the existing techniques of capitalizing on human error (e.g., clicking on malware links, opening attachments) are so effective that there currently is little incentive to invest in expensive AI research for cyber hacking.  On the positive side, there are a variety of startups trying to use AI/machine learning to help automate security operations,” said Ganesan.  “One of the biggest challenges in cybersecurity today is the avalanche of security alerts every enterprise gets.  There are not enough security professionals in the world to chase down and resolve every security alert.  There has been some promising advances in using artificial intelligence to automate some of these mundane activities thus freeing the experienced security professionals to focus their energies on the high value alerts.”

As an experienced investor in cybersecurity Ganesan offered a few recommendations for the Committee to consider: 1. Modernize government procurement systems so that the government has access to the best technologies; 2. Setting standards around cyber-hygiene; 3. Enable legal frameworks for companies to share and exchange data; 4. Create a generation of cyberwarriors; 5. Use cyberinsurance to pool and minimize existential risk.

Download Ganesan’s prepared testimony HERE.