The venture capital ecosystem has deployed over $10 billion to cybersecurity companies since 2012. As the frequency and severity of cyber-attacks increase unabated, venture investment into cybersecurity startups will continue to grow, placing venture capitalists and the entrepreneurs they support on the frontlines of our country’s cyber defense capabilities.
To get a better sense of the innovation taking in cybersecurity by venture-backed startups and the important role venture capital plays in supporting the growth of these young companies, NVCA convened a star-studded panel on Capitol Hill last week to discuss these and other topics.
Moderated by former venture capitalist Ray Rothrock, now CEO of cybersecurity firm RedSeal Networks, the panel featured cybersecurity investors Bob Ackerman of Allegis Capital and Ted Schlein of Kleiner Perkins Caulfield Byers who were joined by cybersecurity startup founders Oren Falkowitz of Area 1 Security and Derek Smith of Shape Security.
A constantly shifting challenge
Coincidentally, on the same day we convened the panel beneath the Capitol dome, the Senate began holding procedural votes to start debate on the Cybersecurity Information Sharing Act (CISA). When asked if CISA would help neutralize the threat of cyber-attacks, the panelists agreed it was a net positive, but due to the changing nature of cybersecurity threats, they cautioned that we will never truly achieve full protection no matter the steps taken by Congress.
Ackerman pointed out that in today’s environment, the bad guys are just as capable as the good guys. They are well financed and the challenges to keep up with attacks is evolving all the time. In truth, prevention is almost impossible—which makes it all the more important to focus on reducing the time between attack and awareness of the attack. Currently, the average time for attack awareness is 220 days; however, the hope is to reduce attack awareness to milliseconds. That’s where cyber startups come into focus.
Very little resources are being deployed to research and development by the large incumbents to tackle this problem. The reason for this is simple—they don’t have to! As Schlein noted, consumers and businesses will continue to buy the incumbents’ products under the mistaken belief those products are keeping them safe. The majority of true innovation is being done by small startups who recognize the gaps that exist in current technologies and are developing solutions to fill them. They are the ones pushing the boundaries of innovation in cybersecurity protection.
Partners in innovation
So you’ve got an innovative idea to meet emerging cyber threats and are looking for a partner to help you grow and expand the business, but what’s it like working with a venture capitalist? As startup founder Derek Smith of Shape Security explained, venture capitalists bring a lot more to the table than just financial capital. They are vital partners who help with such things as talent recruitment and retention, identifying customer bases, providing input into product development, and providing guidance into the broader growth strategy for the business.
Venture investors Schlein and Ackerman echoed Smith’s comments, with Schlein describing a venture capitalist as a “professional advisor” to startup founders, working with them to assist with whatever opportunity they are pursuing. “Writing the check is the easy part,” added Ackerman. “We view ourselves as members of the team.”
Washington’s role in spurring innovation
One of the key takeaways from the event is that the entrepreneurial ecosystem is thriving with many cybersecurity startups breaking ground on innovative technologies. However, there is always room for growth and Washington has a role to play in helping to fuel the rise of early-stage startup companies focused on battling cyber threats. Of late, there has been a marked shift away from Silicon Valley’s desire for government to stay out of the way of innovation toward an increased value placed on collaboration with government as venture-backed industries mature.
Specifically, much of the conversation is focused on making the government procurement and acquisition process more agile and accessible to newer companies that are developing innovative solutions. Often, the process to secure a government contract can take 2-3 years, and though the potential for scale and impact by working with the government is significant, the sales cycle with the government is often too cumbersome and lengthy for startups. As Schlein aptly pointed out, “Changes need to be made so that buying a piece of software is not the same as buying an aircraft carrier.”
In an economy that is increasingly powered by intellectual property, the consequences of getting cybersecurity wrong are very serious. Together with our members, we are jumpstarting the conversation in Washington about the role of venture-backed startups in protecting us from cyber threats and the steps that need to be taken to ensure they have every chance for success.