At any time, a $75 million investment fund earmarked exclusively for cybersecurity startups is impressive. But in the backdrop of tech-sector headlines featuring cybersecurity layoffs and bankruptcies, a massive investment by SYN Ventures into U.S.-based early stage security startups is raising both hopes and eyebrows.
In October venture capital firm SYN Ventures closed a $75 million seed fund dedicated solely to cybersecurity startups. It’s considered one of the largest to date in the U.S. and comes on the heels of security startup IronNet shuttering and Fortinet, Rapid7 and SecureWorks each announcing layoffs.
To many, the closing of the once high-flying IronNet, valued at $1.2 billion in 2021, served as a harbinger of more gloom to come. But for SYN Ventures, a VC firm focused on the security sector, it insists the bloom is on for seeding innovative security firms just as the sector contracts.
Co-founder and managing partner of SYN Ventures, Jay Leek, told SC Media now is a perfect time to launch a cybersecurity seed fund.
“We’re just seeing so many seed opportunities right now. There’s never been a better time,” Leek said.
Rocky market reality
Leek’s bullish outlook contrasts not only headlines, but also September data from IANS Research that illuminates the rocky road security firms have been navigating.
An IANS survey of 550 CISOs found that global instability and inflationary pressures contributed to a 65% fall in IT budget growth in 2022-2023. For 2023 the average budget increase is expected to be 6%, a decrease from the previous budget cycle growth of 17%.
These market forces have investors rethinking previous valuations of cybersecurity startups and put into question how upstarts will fare in the year ahead as their customers pared back IT budgets. In a separate study by Vanta, only 9% of those shrinking IT budgets are dedicated to security.
Other market forces pushing companies to be more frugal are inflationary pressures increasing the cost of doing business and cost pressures tied to increased compliance and regulation requirements, said Deepak Jeevankumar, managing director at Dell Technologies Capital.
Venture tourists return home
This tightening follows years of strong growth of cybersecurity budgets and generous funding of security startups. Easy access to capital helped prop up much of the startup world. Between 2018 and 2022 seed funding and venture capital seed funds earmarked to help launch cybersecurity startups were easy to come by, with eager investors salivating for a piece of the action.
“What we saw was a massive influx of capital into cybersecurity because VCs all wanted to be in an area that was hot,” said AllegisCyber Capital managing director Bob Ackerman.
By 2022 higher interest rates and macroeconomic uncertainty set the stage for a global economic slowdown and an IT market downturn. That turned off the investment spigot tied to casual VC investors, Ackerman said.
“When too much money goes into a sector it tends to distort the economics of the sector so things get funded that probably shouldn’t be funded,” he said. The downturn, he said, was part economic reality and part a correction in how startups were being overfunded.
According to figures compiled by Momentum Cyber, which tracks cybersecurity fundraising and acquisitions, there were 423 financing transactions totaling $5.2 billion in the first half of 2023, down from 531 transactions totaling $12.5 billion in the first half of 2022.
“For too long the seeming measure of success has been the ability of a company to raise capital. But as we are seeing with several recent failures, there is more to a company than raising galactic funds,” said Wayne Schepens, chief cyber market analyst at CyberRisk Alliance (parent company of SC Media) and managing director of LaunchTech Communications.
A perfect storm
While VC funding for cybersecurity startups has cooled, SYN Ventures sees opportunity.
Leek maintains SYN’s $75 million seed fund will go to startups less likely to repeat the mistakes of their predecessors. Those miscalculations include aggressive capital burn rates designed to quickly dominate a booming marketplace that never materialized or is taking longer than expected to mature.
The emphasis today is delivering value, reducing customer costs and aligning a solution with a high-growth product category. Ample funding is out there for startups able to check the right boxes, Schepens said.
The investment climate will pick up in the next year or two, Leek said. That time horizon is perfect for today’s cybersecurity startups to take advantage of a market upswing when it happens.
“Right now, there are no bull’s eyes on the forehead for these startups to immediately drive revenue,” he said. “It’s a special time right now for entrepreneurs to prove marketplace value of a solutions without having to rush to market and keep spending in check.”
VC deals still being done
For startups seeking post-seed funding, significant VC deals are still being done. Data from Momentum Cyber reveals that investors plowed $5 billion into startups in the first half of 2023. However, that’s less than half as much pledged the year prior.
“While investors have become more selective, there are still funding opportunities available for hungry and resourceful entrepreneurs,” Schepens said.
Leek said this new level of caution amongst investors means startups need to alter expectations around how much money they can expect to raise. They needed to be prepared to present an even more compelling case for growth to potential funders.
Focus moves off funding and to fundamentals
As startups recalibrate and focus on profitability, distinguishing their product offerings and driving innovation a thinning of the startup herd is inevitable, VCs told SC Media.
“It’s all about delivering value to customers and there certainly are some amazing young companies out there doing just that. The funds are still there, the money is still there, it needs to be allocated, so VCs are looking for great opportunities and will continue,” Schepens said.
YL Ventures partner Michael Cortez said his organization was continuing to see a high appetite for seed and Series A investments in cybersecurity startups, he said.
Series A funding comes after pre-seed (proof of concept) funding of a cybersecurity startup and is used for product development, operations and marketing. Pre-seed funding can range between $10,000 to $1 million and Series A can be as high as $10 million.
The need for smart startups remain
Startups are also having to deal with industry consolidation and a drive by larger vendors to supply more of their clients’ tech stack, which led to the rise of single security vendors delivering a mega platform.
But that doesn’t mean there is no room for startups. There are always opportunities for startups with unique ways to solve emerging cybersecurity challenges.
AllegisCyber Capital’s Ackerman and others are bullish on tech such as artificial intelligence (AI) as an enabler for innovative solutions applicable to security operations and threat analysis.
“AI will boost productivity and help with the shortage of skills. The industry will also use AI to process threat intelligence and that will be a productivity gain,” he said.
Quantum encryption, blockchain technology used to authenticate and validate user identities and neural network intrusion detection systems are just a few examples beyond AI driving innovation in the cybersecurity space.
Cortez said YL Ventures, which focused on early stage cybersecurity startups, was seeing increased VC interest in funding startups in the identity space, vulnerability and risk management and firms providing tools that monitored generative AI solutions.
“I don’t think funding of cybersecurity startups will be the Wild West like it was,” Schepens said. “However, cybersecurity absolutely remains one of the strongest industries out there. Smart investors will always be on the hunt for newcomers that will rocket their way to the top of the security stack.”
It may take time, but as long as malicious actors continue to find new and more sophisticated ways to challenge security professionals, new and innovative security solutions will continue to attract investor interest, Ackerman said.
(SC Media's Steve Zurier contributed to this report)
