It wasn’t long ago when it seemed like the tide was beginning to turn on ransomware. But 2023 has shown us that’s not the case: We’re only halfway through the year, yet hackers are already claiming more victims than ever before, reaffirming the importance of cybersecurity for every business.
While 2023 has been fruitful for hackers, it has been less so for the startups trying to defend against them. Investment in cybersecurity has fallen well below the record highs recorded in previous years: Security startups saw $2.7 billion in funding the first quarter of the year, a 58% drop from the $6.5 billion recorded in Q1 2022. And just 149 were deals announced in Q1 2023, the lowest total in years and a 45% drop from a year earlier.
We’re looking for founders to participate in a TechCrunch+ survey about the usefulness of various founder-focused events.
If you’re a founder and have something to share about your experiences at such events, fill out this form.
Investors, however, remain optimistic. The explosion of large language models and generative AI has many excited about the technology’s potential in the cybersecurity space. Others believe that the need to secure the cloud and connected devices — coupled with a drop in valuations — makes now the perfect time to invest.
We checked in with some of the leading investors in cybersecurity to hear their thoughts on the funding slowdown, what market trends they are most excited about, and cybersecurity’s ongoing diversity problem.
We spoke with:
- Alex Doll, founder and managing general partner, Ten Eleven Ventures
- Barak Schoster, venture partner, Battery Ventures
- Sheila Gulati, managing director, Tola Capital
- Umesh Padval, venture partner, Thomvest Ventures
- Andreas Calabrese, general partner, Tampa Bay Ventures
- Deepak Jeevankumar, managing director, Dell Technologies Capital
- Mark Kraynak, founding partner, Acrew Capital
- Ariel Tseitlin, partner, Scale Venture Partners
Alex Doll, founder and managing general partner, Ten Eleven Ventures
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
We successfully closed our latest cyber-only, stage-agnostic global fund in June 2022 and are actively deploying capital from it. Despite the current environment, our investment strategy is largely the same as it has always been, although, within our cyber-only, stage-agnostic and global mandate, we are always agile and adjusting to look for the stages, subsectors and geographies where we see the most significant opportunity at the best value.
Right now, those subsectors include new approaches in the software supply chain, identity, privacy and trust. We are actively investing across stages where we see market opportunity and compelling tech. Just last week, we announced a seed investment in Silent Push and a Series B investment in Blackbird.ai. We’re still hunting actively, including meeting with several inspiring entrepreneurs at InfoSec in London.
While growth-stage opportunities have decreased at the pre-IPO stage with the downturn in the public market, we’ve found some very exciting prospects at Series B and C, where non-cyber specialist funds have pulled back, and we’ve been able to be strategic in helping those companies on their next chapter.
What advice would you give your portfolios to survive the current challenging market?
During uncertain and potentially scary times like these, leaders must stay close to their teams, communicate an inspired and motivating vision, and give team members time together to solve problems collaboratively. This kind of culture can be challenging to reinforce as we normalize from the pandemic; we are still adjusting to remote work routines and have experienced a lot of shocks (including the SVB crisis) over the last 12 months. But it is more important than ever.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
There has undoubtedly been a shift in perspective; investors are now more heavily weighting capital efficiency metrics when making investment decisions for cybersecurity companies raising new rounds. So companies need to keep these metrics in mind, especially early on, and as they approach maturity.
On the other hand, companies should be mindful of not “starving growth” by underinvesting in sales and marketing or, importantly, R&D. Experimentation is still essential when developing the best go-to-market strategy for new products and for new audiences.
There should be more intention around measuring the spending on R&D and looking for leading indicators of success as projects develop. For example, there is always a lot of attention on quantifying the marketing/sales funnels and channels (and for good reason), but I am always amazed at how little time is spent on R&D productivity metrics. R&D productivity stats may be less developed and more subjective to a degree, but that’s “art” that is required learning for every cybersecurity CEO.
Every R&D resource needs to be accountable to the team/business, like sales and marketing are accountable every quarter. For example, measuring innovation release cycles and the number of true “market tests” can be a very predictive but overlooked statistic for early-stage companies. Great companies have an inherent urgency in their innovation cycle times.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
While there has been a decline, cybersecurity investing will accelerate again within the next 12 to 18 months. Cybersecurity spending is still a priority for enterprises, and we are seeing interesting new investment areas — including protecting AI and organizations from the risks of disinformation — that will propel more investment rounds going forward.
Additionally, new funds are being raised right now in the space that will contribute to increased funding levels in the future. Overall, cybersecurity is still seen as a strong growth area, and it is resilient compared to many other sectors.
Valuations have dropped, yet cybersecurity M&A activity remains flat. Are you accelerating your cybersecurity investments to take advantage of lower prices?
We are active where we see well-priced opportunities, of course, and it is refreshing to invest when expectations on valuation are not so inflated. So, yes, we believe it is a good time to invest, and we are actively looking for companies with expectations aligned with today’s environment.
Recent data shows that only 24% of the cybersecurity workforce are women. Are you seeing changes in cybersecurity founder demographics, or do they mirror what we’re seeing among cyber workers more generally?
While most cybersecurity founders we meet are men, we’re seeing increasing numbers of women executives in these companies. Notable examples of innovative CEOs in our portfolio are Poppy Gustafsson, CEO of Darktrace, and Anusha Iyer, founder and CEO of Corsha.
A lot of the research and thought leadership within the portfolio is coming from women, such as Marta Janus, principal adversarial ML researcher at HiddenLayer, or Amanda Berlin, lead incident detection engineer at Blumira, which is exciting. We are actively meeting with new female founders and executives all the time, and would love to meet others who are looking to speak with a cybersecurity specialist investor.
Looking ahead, what cybersecurity trends are you most excited about from an investing point of view?
We think that AI brings several new dimensions to the cybersecurity sector, including augmenting security analysts and making traditional security operations tools easier to use. Also, as you can see with our recent investment in HiddenLayer, machine learning models, including LLMs, must be protected from malicious attacks. We also closely watch new risks emerging from AI-enabled automation, including bots, and symptoms like vast amounts of quickly spreading disinformation.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
Historically, we have invited founders to submit via our website or email. The most important details to include are the team’s background, product idea, initial thoughts on early/milestone customers, and some idea of a round size, as well as some thoughts around the “use of proceeds”: Why that amount is required and how the founder would spend it in the next 18 to 24 months to get to the next milestone.
Before they get on a call with us, founders should know that we are cybersecurity specialist investors and already have a lot of knowledge on general dynamics in the space. So beyond general statistics on breaches and industry growth, we would like to know the founder’s unique experience in cybersecurity and how that contributes to the product they are looking to build and grow.
We would like to see early evidence that they are getting early and rapid feedback from potential buyers or design partners. The founding team’s ability to receive and iterate quickly on this feedback is very important. Great companies have inherent urgency in their innovation cycle times, and we think this predisposition can be seen very early in the DNA of a winning founding team.
Barak Schoster, venture partner, Battery Ventures
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
Our investment strategy remains consistent. I founded a cybersecurity company before becoming a venture capital investor, and my passion for the sector has not changed. Cybersecurity remains a critical area of focus for Battery, and we have expanded our scope to include other related sectors, including privacy protection, developer tools, cloud computing, data analytics and artificial intelligence. We aim to capture opportunities in adjacent markets that have synergies with the cybersecurity market.
We maintain a long-term perspective and prioritize investments in startups with promising technologies and strong market potential, even if the immediate funding landscape is challenging.
What advice would you give your portfolios to survive the current challenging market?
Focus on the customer: Continue building software that people want, meet customer needs, listen to feedback and proactively address their pain points. Additionally, many cybersecurity companies may need to revisit their go-to-market strategy by exploring different distribution methods (such as direct, managed security service providers, value-added resellers, open source, self-service, etc.); by adapting to the needs and compliance regulations of customers in newly emerging market segments; and by investing in research and development to uncover new opportunities, improve efficiency and differentiate themselves in the market.
It is also critical that companies preserve cash flow and ensure efficient resource allocation. We are advising our companies to closely monitor cash flow and maintain a healthy financial position to ensure sustainability.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
I believe cybersecurity startups should adopt a balanced approach, considering their specific circumstances and market dynamics. To pursue revenue growth, startups in any technology sector may need to invest strategically in marketing, sales, product development and talent acquisition. Some deep tech companies require significant investments in advance. Still, in most cybersecurity categories, leaders can deliver value to the customer, monitor monetization and continually assess resource allocation through customer retention and acquisition cost.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
I continue to be excited by the significance and long-term growth potential of cybersecurity investment. Demand for cybersecurity solutions continues to rise amid the increasing frequency and sophistication of cyber threats, and this demand creates meaningful opportunity for cybersecurity-focused venture capital. The pace and scope of technological advancements in AI, software development life cycle and the cloud present new challenges and opportunities for cybersecurity entrepreneurs.
In parallel, some incumbent network providers in established cybersecurity categories like networks, data, identity and application development have not demonstrated the agility required to answer fast-paced market needs, compounding the opportunity at hand for cybersecurity entrepreneurs and venture capital investment.
Recent figures show that only 24% of the cybersecurity workforce are women. Are you seeing changes in cybersecurity founder demographics, or do they mirror what we’re seeing among cyber workers more generally?
Building diverse and inclusive teams makes companies more innovative and competitive, full stop. More work is needed to close the gender and diversity gap in the cybersecurity workforce and in broader technology founder demographics.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
I am excited by the potential to work with founders disrupting existing categories like privacy, identity, data and application security, or creating new ones to support the security of new technological trends such as WASM, LLM, confidential computing, and edge computing.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
Founders can reach out to me over email.
Sheila Gulati, managing director, Tola Capital
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
We are excited about the future of cybersecurity in an AI-centric world and are increasing our investment in the space. The platform shift to LLMs and other models is enabling new attacks and requires new strategies for protecting systems, which creates enormous need and opportunity for new companies to solve those problems.
The funding landscape has certainly changed in the last year, requiring more pricing and operating discipline, but great companies are being founded right now to solve security for and with AI, and we want to partner with them.
What advice would you give your portfolios to survive the current challenging market?
We tell our portfolio companies that they must be great businesses, not just great products. The change in the funding environment means discipline on spending and excellence in operations are no longer just helpful, but essential, even at the early stage. Companies that can show this alongside growth will be in a great position to fundraise and invest, but others will struggle.
Later-stage companies will and should still invest for growth, but must be able to show a credible path to profitability.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
I do not put much weight on that difference in the public markets, especially for early-stage companies. The capital environment is more difficult for everyone because the cost of capital has gone up for everyone, and security startups will face pressures similar to other industries and must focus on building great products, repeatable sales and operational excellence.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
I do expect a surge in funding later this year, particularly a surge focused on AI security. The simultaneous trends of AI-powered attacks, new technology platforms with novel attack patterns, and security-focused LLMs will create even more interest and focus on this space. The change in the underlying technology that AI represents is so profound that there will be enormous opportunities for security startups, and that will lead to increased funding across the security landscape.
Valuations have dropped, yet cybersecurity M&A activity remains flat. Are you accelerating your cybersecurity investments to take advantage of lower prices?
Our bullishness is not primarily driven by valuation changes. We are investing in the space because of the opportunity represented by AI security and the amount of talent focused on the space.
Recent data shows that only 24% of the cybersecurity workforce are women. Are you seeing changes in cybersecurity founder demographics, or do they mirror what we’re seeing among cyber workers more generally?
We need to see faster change here. It is true that cybersecurity is less diverse than many other parts of technology, and we all need to do more up and down the industry to drive more inclusive businesses. This means more hiring of women and underrepresented groups in security roles as well as more funding for those founders when they start companies.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
We are excited about the impact of AI on the cybersecurity market. Adoption of these models will both dramatically change the attack surface organizations must secure, and provide new, more powerful tools to reduce risk across that surface.
One area we are bullish on is architecting safe, reliable and secure systems on top of powerful LLMs. Today, the models themselves are opaque and unpredictable, so systems that use them will need to make smart architecture decisions to prevent unsafe or unexpected behavior. We are currently spending less time on tools that fit neatly with the existing set of security products, as we think the opportunity is so large in the AI world that we have deprioritized traditional products.
Any other thoughts you’d like to share with TechCrunch+ readers?
Cybersecurity is an exciting space for us because we are still in the early stages of AI’s impact. As LLMs and other powerful models continue to accelerate in both adoption and capabilities, we will see new security challenges being realized.
There have already been cases of breaches related to sensitive and confidential information leaking via these systems, and there will be more examples in the next year. Sensitive internal data and customer information will need to be protected in a world where software is non-deterministic and models are opaque, and there will need to be companies forming at the same speed to meet that challenge.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
We invest at the early stage (seed and Series A) and partner with founders very closely to build their companies. Right now, we are focused on founders building in the following areas: domain-specific foundation models, AI/ML tooling, AI SaaS applications, AI compliance and governance, AI security tools, and enterprise of the future.
We love receiving pitches. We can be contacted with pitches at info@tolacapital.com.
Umesh Padval, venture partner, Thomvest Ventures
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
The macroeconomic headwinds, the interest rate hikes, the persistent inflation as well as the collapse of several tech banks all have definitely slowed down the pace of cybersecurity investment since 2022. The exception would be the torrid pace of investments in generative AI since the arrival of ChatGPT in late 2022.
We continue to adhere to our disciplined strategy of investing in exceptional teams, expansive market opportunities and distinctive technology platforms, with no changes in sight. In the past, economic downturns have often given rise to successful companies, and currently, we are witnessing great investment opportunities at reasonable valuations, unlike the high valuations observed in recent years.
What advice would you give your portfolios to survive the current challenging market?
Entrepreneurs ought to maintain their focus on developing a superior product, remain agile, and effectively adapt to market changes while paying attention to customer feedback. Due to economic uncertainty, the sales cycles are longer, so staying scrappy and managing cash to extend runway is the prudent thing to do. Lastly, this is a great opportunity to hire top-tier talent as well as upgrade the team wherever possible.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
Companies that have found the right product-market fit should focus on growth. However, growth at all costs is not a prudent strategy. For mature companies, growth should be driven by essential metrics such as unit economics, net customer retention, customer payback period, and free cash flow. The Rule of 40 tells you to balance growth rate and gross margin — the latter reflects the value captured by the product.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
The pace of cybersecurity investment has slowed down significantly from the hyper-investment cycle of the past few years. We are seeing investments pick up gradually since the RSA conference in April, especially in the AI security space. But in general, it is going to take some time to get to the normal pace of investments in this space.
Recent data shows that only 24% of the cybersecurity workforce are women. Are you seeing changes in cybersecurity founder demographics, or do they mirror what we’re seeing among cyber workers more generally?
We are seeing more women becoming CISOs at private and public companies, which we think is a very positive trend. We are also seeing an uptick in women investors in the cybersecurity space.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
The areas we like include software supply chain security, AI security, authentication and authorization, and privacy.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
We identify great companies to invest in through many sources: our track record in this space; references from our extensive CEO and CISO networks; VCs who have been investors with us and respect us; panels we serve on at conferences; and the several curated events we host with CISOs, along with outbound and inbound calls with entrepreneurs.
Founders interested in chatting can reach me at my email or connect with me on LinkedIn.
Andreas Calabrese, general partner, Tampa Bay Ventures
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
The technical landscape has changed, but our thesis has remained constant. There is some consideration for the go-to-market strategy and how capital efficient it might be, but our opinions on the space remain consistent.
What advice would you give your portfolios to survive the current challenging market?
Positive unit economics and service revenue. Particularly for cybersecurity companies, there is almost always demand for a service associated with any new security tool or initiative. By focusing on supplementing product earnings with service revenue, the path to profitability is more likely in the current environment.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
On a case-by-case basis, we believe that cybersecurity companies do have slightly more ability to focus on growth versus pure sustainability in the current environment. The demand elasticity is different from other subverticals within tech.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
No, we believe (and some of our data shows) cybersecurity funding regression seems to be in line or slightly better than the general venture capital landscape. This makes sense, given the need for cybersecurity is more linear and less dependent on innovation cycles.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
Awareness training and defending against socially engineered attacks is a future we deeply believe in within our firm. As AI continues to progress, manipulating the user of a system rather than the system itself will likely become the most effective vector to attack an organization or government. Finding effective ways to help employees or individuals defend themselves from these types of attacks is a future we subscribe to.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
We are open to anyone who’s looking to help us build a city alongside their venture. Contacting any of the general partners through TampaBay.Ventures is how we receive all of our current opportunities. In particular, we are looking for world-class cybersecurity companies to join us.
Deepak Jeevankumar, managing director, Dell Technologies Capital
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
Our investment strategy hasn’t really changed; we are as open for business as before. When you’re investing at the seed and Series A or B stages, you get to be somewhat agnostic to the current exit market.
After a decade of investing in cloud security, we’re looking for companies creating new categories and taking on new problems to solve. Generative AI and security, the intersection of development and security, and companies that want to address the cyber poverty problem: underserved geographies and SMBs/midmarket companies.
What advice would you give your portfolios to survive the current challenging market?
I think a lot of early-stage founders make the mistake of focusing too much on stretching every dollar in markets like this. But my advice is to be all about your product right now. Be focused and honest.
Are you 10x better than your competitors? If not, what will it take to get there? If it seems like you’re a “nice to have” solution solving a niche problem, how does your product roadmap need to change to get you to being a critical part of your customers’ cybersecurity stack?
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
The answer for early-stage companies is nuanced. Early-stage companies should not constrain long-term growth or innovation in pursuit of short-term profits. Not even now. It should be all about investing in 10x superiority of your product and building a solid GTM motion, be it enterprise sales, PLG or community or open source focused. If you’re in the growth stage, pre-IPO right now, you need to show decent growth with a very short-term path to profitability. But don’t fall into that trap if you’re an early-stage team.
Think of cash conservation as efficiency, not conservation. Right now, the focus should be on efficiently extending your company’s runway, not “conserving” cash. This isn’t “spend and grow at all costs” advice. Balance spending on product innovation and building a more effective sales motion against levers to extend your runway: raising capital, updating the structure of your sales contracts, and being thrifty with hiring and expenses. As an example, money may be better spent on improving your PLG experience than on a sales team flying around to close deals.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
I don’t think early-stage investors are holding back (yet) because of market conditions. Rounds are taking a little longer to come together, but what’s happening is that diligence is again following the normal timelines from 2017 or 2018 instead of the frenzied pace we saw in the last few years.
I think early-stage investors are looking for new categories, such as cloud security 3.0, developer security, cyber poverty, cloud data security and cloud incident response. We’re not going to invest in companies solving the same problems that already have five solutions available on the market. Early-stage investments will grow in earnest when we see new categories and technologies.
Late-stage investments will return when we see a few IPOs. That’s probably not going to be this year, though.
Valuations have dropped, yet cybersecurity M&A activity remains flat. Are you accelerating your cybersecurity investments to take advantage of lower prices?
A few weeks ago, Tesla dropped prices on several models. Does that mean it’s smart to buy two Teslas now? That sounds flippant, but what I mean by that is venture shouldn’t be a volume play. There is no capital constraint for great companies and great founders. The market controls the valuation and the exits; we control finding the best founders, teams and companies.
Recent data shows that only 24% of the cybersecurity workforce are women. Are you seeing changes in cybersecurity founder demographics, or do they mirror what we’re seeing among cyber workers more generally?
No. Unfortunately, cybersecurity founder demographics haven’t moved much toward the positive in the past decade. Anecdotally, the percentage of women founders of cybersecurity companies feels even lower than the 24% you’re quoting for the sector.
Historically, part of the challenge could be that less than 20% of cybersecurity degrees go to women. Part of the solution has to be investing in founders with different education and professional backgrounds. As the security field continues to grow, I am hopeful that more women in adjacent fields or the business side will start companies. Data scientists, product and finance leaders all bring valuable skills to the table as founders.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
I’m most interested in meeting teams that are thinking about the new challenges that will arise as more companies adopt generative AI platforms for running their businesses. Those businesses are likely to be Fortune 500 enterprises. On the other end of the spectrum, teams that are focused on economical ways to keep midmarket and SMB customers secure are also interesting.
Ransomware is still an unsolved problem, and SBOMs (software bill of materials) are only going to get more complicated with generative AI.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
Venture is driven so much by word of mouth. The best way to get the attention of any venture investor is usually through your angel investors, other founders or, honestly, your customers. As security investors, we’re always talking to customers and CISOs about their needs and the new tools on their radar.
Even if you’re not ready to sell anything, including CISO conversations as a part of your early market research gets you product feedback and may result in investor intros.
Of course, cold pitches can work, too. For that, find me on LinkedIn.
Mark Kraynak, founding partner, Acrew Capital
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
With the exception of a few “hot” spaces (like security for AI), the main issue is that the valuation reset hasn’t yet fully played out. There’s a pretty big segment of strong security companies that, simply put, have set the bar too high for their following rounds. This doesn’t mean they are bad companies, but there needs to be a reset in valuation expectations for them to get funding and move forward.
We’ve not really changed our strategy with respect to what we’ll back. Our view is to pay a fair price that sets the company up for an achievable next step on the way to becoming a significant stand-alone company.
What advice would you give your portfolios to survive the current challenging market?
For those still building their first product and looking for the elusive product-market fit: This isn’t usually a numbers game. Don’t spend much at all on marketing before you understand who your customer is going to be.
For those further along, the spending environment seems to have shifted from “doing new things” to either:
- Replacing something that isn’t working; or
- Cost savings versus what organizations are currently doing.
Your positioning and pitch should incorporate one or both of these things.
Given that many public cybersecurity companies are posting faster revenue growth than other tech companies, should cybersecurity startups lean more heavily into pursuing revenue growth over cash conservation than the average startup today?
This depends on the situation. I’d frame the key consideration differently. The economic model has to work. If it does, then there are a number of trade-offs on growth versus profitability that are dependent on the market. Some markets in security are still growing quite well, so grabbing market share (growth) should be the priority. Other markets are going through an effectiveness crisis, so profitably replacing legacy solutions might be the priority.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
The money and interest to invest is there for companies that are on track. However, the valuation reset has to play out for investment to increase.
My advice to founders of great companies that are over their skis on valuation from, say, a 2021 fundraise, is to take the down round now and get back to building the business. For the most part, success is going to be measured on a long enough timeline that if you succeed, the outcome will be big enough that the dilution from this will seem like a trifle.
Valuations have dropped, yet cybersecurity M&A activity remains flat. Are you accelerating your cybersecurity investments to take advantage of lower prices?
Our aim is to invest in great founding teams going after big problems in security. That generally means we aren’t chasing opportunities for which we think the best outcome is M&A. Of course, things change, and often, that becomes the best outcome. But, no, we’re not chasing prices into M&A outcomes.
Our view is to pay a fair price that sets the company up for an achievable next step on the path to becoming a significant stand-alone company.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
There are more cybersecurity companies now than ever. This is a good thing, as it shows the cyber category growing and maturing. On the other hand, it means there is more noise and competition, and some markets become oversaturated pretty early in their development.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
I like to get a pretty straightforward description of the problem you are solving, what your approach is, why it will win, and why you and your team are the right team to win. My contact is mark@acrewcapital.com.
Ariel Tseitlin, partner, Scale Venture Partners
Funding for cybersecurity startups has flatlined. How has your investment strategy changed to reflect the new market conditions?
Nothing’s changed from our perspective. We’re still actively investing and looking for innovative companies in growing and emerging categories. Sometimes, there’s a disconnect in the way investors and founders view the valuation environment. There are fewer Series B+ companies raising these days, so most of my attention has been focusing on Series A and earlier.
What advice would you give your portfolios to survive the current challenging market?
There isn’t really a one-size-fits-all message other than to say: Efficiency is much more important to all investors (public and private) today than it was before. To companies that are building new categories and have the level of growth to justify investment, we’re saying keep investing and growing with a close eye on burn.
To others that have seen growth slow down because of the broader impact of tightening budgets, the advice is to lower operational expenditures to match the growth we’re observing. The real challenge and nuance with that advice is how to implement it in a way that doesn’t cause further growth decay, which can lead to a dangerous negative spiral.
Is cybersecurity-focused venture capital in a downturn? Do you expect venture investment in the category to pick up in the back half of the year?
Security as an investment category is very resilient because the underlying need is resilient. We’re about to publish our annual security survey next week, and one interesting data point there is that the number of security incidents has gone up since the prior year. It’s somewhat ironic that as security budgets continue to increase, the number of incidents is going up as well. To me, that signals security innovation remains a great long-term category.
Valuations have also dropped, yet cybersecurity M&A activity remains flat. Are you accelerating your cybersecurity investments to take advantage of lower prices?
The causality is in the opposite direction than implied in your question. We have a long-term view on investing because, for successful investments, there’s a five- to ten-year lag between investment and exit, which means looking at where we are in the current business cycle isn’t all that helpful when making an investment.
If valuations are lower, you would indeed expect more investments to be made, but as a natural output of our decision-making framework rather than a deliberate choice to accelerate.
Looking ahead, which cybersecurity trends are you most excited about from an investing point of view?
I’ve been looking for investments in identity for some time. That’s one area where the gap is still wide between what buyers need and what’s available on the market. Another area is moving security closer to developers, where fixing problems costs much less than discovering them in production or, worse, after a breach.
Any other thoughts you’d like to share with TechCrunch+ readers?
Security, more so than many other investment areas, is complex and nuanced. Make sure you’re filtering for investors [who] understand your market and buyers well.
How do you prefer to receive pitches? What’s the most important thing a founder should know before they get on a call with you?
If you’ve been successful in the security industry, you should be able to find a common connection that can introduce us. That’s the best way to break through the noise.
Comment