The Age of the Cyber Unicorn is Here
Do good things come to those who wait?
In recent years, there has been a notable shift in the cybersecurity space exhibited by both startups and VCs; It’s the shift from the long-held, take-what-you-can-get “fast exit” mentality to a wait-it-out “unicorn” mentality. While fast exits are still quite common, we are now seeing a growing number of cybersecurity companies shooting for a valuation of $1B or higher, rather than looking to be snapped up fast. The recent acquisition of Armis by Insight Partners gave the IoT security startup a unicorn price tag of $1.1B as well as the $1.9B Forescout acquisition, which serve as great examples of this shift.
In this blog post, I’ll examine what is driving this trend and give you some practical ways to determine if there is a unicorn on your horizon.
The Numbers — They Don’t Lie
Everyone knows the cybersecurity market is red hot. This is especially true here in Israel, where it’s a $92B industry. But inside and outside the borders of our little country, cyber unicorns are being created faster than ever before. The current cybersecurity investment cycle, which started about seven years ago, is showing solid evidence of this wait-it-out trend, with a growing number of startups on their way to unicorn status.
This is especially true when you look at the data collected from 2017 to 2019; During 2017, there was a major jump in the number of companies that raised $20M and above. In 2018, the major jump was seen in the number of companies that raised $60M and above. In 2019, the major jump was seen in the number of companies that raised $100M and above. So, while the total number of companies has not changed significantly, the number of growth companies — those who raised $20M and more — has grown dramatically.
What Keeps Driving the Cyber Market
There are a bunch of factors propelling this hyper-focus on cyber, and it seems that the same factors that are creating a strong M&A market are opening the way for cyber unicorns. I’ll explore the ones I think are the most salient below.
The Changing and Expanding Attack Surface
First, cybersecurity is an industry that’s constantly transforming itself, something that cannot be said for many other areas in tech. Consider your iPhone for a minute — how different is the iPhone 10 from the iPhone 11? Yeah, you paid a little more for your new one, but in terms of functionality, it’s about the same set of chips and LCDs. This is not the case in cybersecurity- There are always new and scary vulnerabilities, which, in turn, lead to new innovative solutions.
What’s more, our lives are totally wrapped up in “digital” and this only becomes more evident with each passing week, month, and year. A great example of this is in the automotive industry; 10 years ago, nobody had to worry about their cars getting hacked. That all changed in 2015 when Andy Greenberg from Wired posted a video of himself locked inside a hacked runaway SUV. His “assailants” were two white-hat researchers who hacked into the vehicle’s Uconnect entertainment and navigation system to prove what can happen when vulnerabilities fall into the wrong hands.
The video went viral and now we know that our cars — just like everything else in our lives — can be hacked, thus reinforcing the urgent need for new, ground-breaking solutions.
The rapid change of attack vectors forces large cyber companies to buy new, innovative companies to fill the ever-changing gaps in the cyber portfolio. However, at the same time, these gaps create opportunities for new cyber unicorns.
The Cyber Skills Gap and the Need for Tools to Compensate
The next element driving the cyber market is the fact that there simply aren’t enough experts to fill the open jobs. The industry refers to this issue as “the cyber skills gap” and as far as problems go, it’s a big one. There are currently thousands of security positions unfilled in the US alone and the number is expected to rapidly rise into the millions by 2021.
But why is this helping the M&A scene? The lack of staff means that organizations must make the most of the tools and people they have. Businesses need unified solutions, not a string of standalone products that create more noise and put stress on analysts. Purchasing decisions are often based on which vendor can offer the most comprehensive suite of solutions. This, again, motivates M&As, as bigger companies that don’t have the bandwidth to create this innovation snap up little companies to give them a more comprehensive capability set.
These gaps clear the way for new cyber unicorns, companies that will be smart enough to create fully automated, comprehensive, end-to-end cyber solutions. In my mind, the days of “detection only” solutions are done. Clients expect new platforms to fix the issues it finds automatically and to do it with as little human interference as possible. New companies that can create solutions to significant problems have a real chance to become a unicorn.
The Drive to be the Top Dog
Lastly, although cybersecurity is no newcomer, there’s not a dominating player in the arena. Think about it for a minute — in e-commerce, you have one superpower: Amazon. When it comes to mega telecom giants, you’ve got Verizon. And when it comes to social media platforms, even if you’ve sworn it off, Facebook still reigns king.
But this isn’t the case in cybersecurity. Sure, cyber has a lot of big players; Palo Alto Networks, Checkpoint, Cisco and RSA come to mind; But there is still not a clear top player. This drives a strong M&A market as bigger companies keep buying smaller companies with the hope that maybe “this one” will put them over the top to reach that elusive status. However, the same phenomena provides the necessary hope to newcomers, since that top dog position is still up for grabs.
All these elements together drive a very strong M&A market. Moreover, they are helping propel the possibility of building the next cyber unicorns. When you combine the never-ending need for new solutions with the desire of big players to be #1, what you get is a market that’s ripe for building unicorns.
Your Cyber Unicorn Barometer
But be warned — although the above factors may make it slightly easier to sell a disruptive company in cyber rather than any other industry, building a cyber unicorn isn’t necessarily any easier than building other B2B unicorns.
And not every company has a real shot at becoming a unicorn. In fact, there’s just a .00006% chance of raising that kind of funding. That works out to roughly three companies out of every 5 million or so. But, if you think you may have what it takes, here are some important questions to ask yourself:
· Are you disrupting the status quo? The typical unicorn changes the way its industry’s game is played. We’re talking about products or services that fundamentally transform how people do things; Think Airbnb and Uber — they truly redefined what it meant to find a place to stay and how to get there.
· Do you have a truly big vision? Leaders of unicorns share one thing — they shoot for the stars. With a powerful, clear, and bold vision, they excite the people around them and get them to believe in, and ultimately, share in their goals, too.
· Do existing clients like you? If you have a strong base of existing clients who truly like your product and are eager to recommend it to others, you’re on the right path to becoming a unicorn.
· Are you a strong leader? Unicorns typically have one notable leader who steers the company vision and mission — and more importantly, can transmit that message to potential investors in a compelling way.
· Do you have the right team to build a highly successful startup? After the initial phases, it’s all about the execution — and to do that, you need the right core team. If you have the right team, you are halfway into building a unicorn.
If you can answer all questions above in the affirmative, there’s a chance — however small it may be — that waiting for the right offer could pay off big time.
Making it a Reality
I have found that one of the best ways to help increase the chances of reaching epic status is through mentorship. Here at Glilot, we pair startup leaders with seasoned mentors who have weathered the process themselves. These are people who have built startups that have achieved unicorn status, they know the challenges that lie ahead, and they have the uncommon ability to coach others in the process. Having a dedicated mentor to turn to, someone who knows when to hold his or her cards no matter how enticing another offer might be, can make all the difference.
And at Glilot, we are deeply entrepreneur-centric. When we invest in a cybersecurity company, we make sure to guide it to the path that is most suitable for it instead of following some prefab playbook. This has always been our mission: to help outstanding companies grow in the manner that suits them best.
Moreover, strengthening the Israeli tech industry is one of our guiding principles. The Israel tech scene, with large cyber companies at the fore, is helping shape and propel the economy; Currently, around 40% of Israel’s GDP stems from the booming tech industry. Furthermore, having more billion-dollar companies helps reinforce a stronger and more resilient economy. So, whenever the situation permits, we shoot for building a unicorn, rather than rushing to exit.
As 2020 begins, I hope to see an increased number of cyber companies shooting for $1B. The Israeli cybersecurity sector is unrivalled in its innovation and drive; I truly believe it has all the elements needed to create an entire stable of healthy and robust unicorns.