VC-backed Cyber Companies Need a Federal Government Partner to Win the Cyber Security War

To tackle cybersecurity, the Biden Administration should redouble engagement with the entrepreneurial ecosystem, which produces the most innovative companies in the world.

Why it matters: Cyber-attacks seem to be in the news every week – ransomware attacks, data manipulation, or other threats from bad actors.

Recently, President Biden hosted a cybersecurity summit with corporate executives and stakeholders to discuss threats and how the public and private sectors can work together to address the issue. The president’s attention to cybersecurity is encouraging as leadership on this issue is critically needed. Cyber-attacks seem to be in the news every week – be they ransomware attacks, data manipulation, or other threats from bad actors.

The attendees at the White House meeting were generally large companies, like Alphabet, Amazon, JP Morgan, and Southern Company. Two venture capital-backed companies were also there: Coalition, which raised capital from Felicis Ventures and offers a cybersecurity platform and cyber insurance, and Resilience, which empowers the insurance ecosystem and is backed by Lightspeed Venture Partners and CRV. The participation of Coalition and Resilience is a promising sign that the Biden Administration sees venture-backed companies as a necessary ingredient in safeguarding against cyber threats.

More engagement is needed with innovative young companies

To tackle cybersecurity, the Biden Administration should redouble engagement with the entrepreneurial ecosystem, which produces the most innovative companies in the world.

Why include new companies alongside established ones? Take the U.S. government’s successful bid for a COVID-19 vaccine, which led to Moderna and Pfizer developing deployed vaccines. Moderna was just 10 years old when Americans began receiving the company’s vaccine, whereas Pfizer was 171 years old. Despite their age differences, both offered invaluable innovation that has saved lives.

In the same way, cybersecurity startups contribute to defense of our networks. Fortunately, cybersecurity is a bright spot for venture capital. Venture investment in cybersecurity startups is at a torrid pace, with nearly $10 billion invested in 276 companies so far this year. That is about a third more than all the capital that was invested in cyber companies in 2020 ($7.21 billion) and nearly twice as much as was invested in all of 2018 ($4.93 billion). Pitchbook recently summed it up well:

With billions of dollars in new funding, cybersecurity startups have lined up the capital to take on incumbents or expand into green opportunities. . . A new generation of cybersecurity startups is scaling up to serve companies in the remote work era as a fresh wave of sophisticated attacks spreads security fears.

Source: Pitchbook

Boots in cyberspace

VCs are investing in cybersecurity companies of all stripes, including the following innovative companies that are fighting to protect networks and data.

Founded by former NSA Director General Keith Alexander, IronNet is focused on ‘collective defense’, or the idea that industries plus government sharing information in real-time are better than any one company trying to defend itself on its own. IronNet uses behavioral analytics to find threats and then share the information quickly via their ‘dome’ technology. IronNet recently went public after backing from ForgePoint Capital, Kleiner Perkins, and other venture firms. Ted Schlein and the Kleiner Perkins team have decades of experience in developing top cybersecurity companies. Don Dixon, Alberto Yepez, and the ForgePoint Capital team are prolific cyber investors and have more than 30 early-stage cybersecurity companies in their portfolio.

Started by CEO Jennifer Bisceglie, Interos developed a way to map any company or government program’s supply chain to any degree of supplier. It then shows users the risks associated with each node of a supply chain. For example, if a company is worried about political unrest in an area of the world, Interos can tell the company which of its suppliers will be impacted most and help find alternatives. The company recently completed its $100 million Series C round with backing from Venrock, Kleiner Perkins, and other VCs and is valued at nearly $1 billion.

Ann Arbor, Michigan-based Blumira offers a comprehensive cloud security monitoring platform for small business resiliency. It analyzes billions of events and surfaces priority important threats to allow rapid response to an attack in progress. Blumira is thriving in the Michigan startup ecosystem after investments from VCs like Ten Eleven Ventures (led by Alex Doll) and Mercury Fund (led by Aziz Gilani).

How policymakers can partner with cybersecurity companies

Going forward, the federal government should seek out and team with innovative VC-backed companies that are leading the way on cybersecurity innovation. The cybersecurity provisions in the bipartisan infrastructure package passed by the Senate are a good starting point, but more should be done. The temptation of federal partners is to fall into familiar patterns of procuring from incumbents that all too often offer second-class technology but are first-class at navigating the procurement process. That is not a recipe for securing American networks. Let’s take a page out of the COVID vaccine playbook and leverage the vibrant startup ecosystem to deliver results for the American people.

Jeff Farrah served as General Counsel at NVCA, where he advocates before Congress, the White House, and agencies for pro-entrepreneurship policies and leads in-house legal matters for the association. He loves working at the intersection of venture, public policy, and the law. Jeff served as Treasurer of VenturePAC, the political action committee of NVCA.