By Sean Cunningham, Trident Capital Cybersecurity
Given the explosion of ransomware attacks in 2017 and stunning breaches like those at Equifax and the National Security Agency, it’s no surprise that corporations worldwide invested yet another record amount in cybersecurity products and services.
Predictably, venture capitalists and their counterparts inside corporations also invested a record amount in cybersecurity startups.
Will we see more of the same in 2018? The answer is yes.
Cyberattacks will continue to grow, in sophistication and number. According to Gartner, the global cybersecurity industry in 2018 will grow 8 percent to $96 billion from more than $86 billion in 2017. Growth last year was 7 percent on a smaller base.
This is not lost on the venture capital community. While VC overall had an only okay year in 2017, cybersecurity venture and venture-related investors set a record. According to CSO magazine, at least 20 companies raised $40 million or more in the third quarter alone.
According to Momentum Cyber, a cybersecurity investment bank, 290 investments in cybersecurity startups totaled $4.9 billion in 2017, up from 267 investments totaling $4.3 billion in 2016.
Cybersecurity M&A, meanwhile, enjoyed unusually brisk activity in Q3, the latest data available. Cybersecurity Ventures’ Mergers and Acquisitions Report states that activity rebounded sharply from a dip earlier in the year, with more than 50 cybersecurity agreements cut.
As usual, cybersecurity IPO activity was spotty last year and cybersecurity stocks were relatively weak. But a pickup in IPO activity may be on the way in 2018: More than 1,000 cybersecurity startups have been funded in recent years, and many of them are penetrating the markets of public companies.
Helping matters is the best bull market in years, widely expected to continue. Bright IPO prospects include startups Cloudflare and Illumio.
Here are the key developments likely to spur investment activity on all fronts in 2018:
- The adoption of the European Union’s General Data Protection Regulation. GDPR, charged with updating and harmonizing data protection laws throughout the EU, kicks in in May and will increase cybersecurity spending and probably investment. It will be empowered to levy substantial fines against any organization globally that commits assorted privacy violations in processing personal data from Europe.
- More attention to security lapses on Internet of Things (IoT) devices and, to a lesser extent, in critical infrastructure industries. Billions of IoT devices are already in the market, and analysts say more than half of major new business processes and systems will embrace IoT devices within two years. These devices are insecure by design, and many vendors sidestep supplemental security measures. IoT devices also have little ability to be updated and cannot accommodate endpoint protection software. Look for investments to improve their security.
- Heightened attention to cybersecurity offensive countermeasures. Cybersecurity has been mostly defense-oriented, but this has never been sufficient. Moving forward, we will see more companies spring up along the lines of Attivo Networks, a leader in deception solutions. Attivo applies deception-based decoy and luring technologies within networks to misdirect attackers and deceive them into revealing themselves. (Disclosure: My firm has invested in Attivo.)
- The cybersecurity talent shortage will worsen; investment in security-automation tools based on AI will increase. According to a survey by Narrative Sciences, 38% of enterprises are already using AI, and that number is expected to increase to 62% this year. Improvements are likely to lead to quicker responses to breaches and heightened ability to anticipate hacker behavior.
- Advances in mobile-threat protection will begin moving to the forefront. Because corporate Bring You Own Device policies and apps have grown rapidly, mobile breaches at corporations have become commonplace. A recent survey by Ponemon Institute of IT pros found that 67% of global 2000 companies say their organizations certainly or probably suffered a data breach because of employees’ use of personal devices. Expect a range of investments to curb this threat vector in 2018.
- Starting this year, look for the start of development of new technologies that address the weaponization of data. Most cybersecurity efforts focus on the compromise or theft of data, but data also can be weaponized to pursue political or propaganda goals. Last year, for example, Russian agents disguised their identity and flooded Facebook with negative posts about Hillary Clinton. Determining the origins of data is very difficult today, but technology to do just that is under development.
Notwithstanding ongoing breaches, cybersecurity investment is paying off. Breaches would be far more widespread without the cybersecurity measures already adopted.
Sophisticated hackers always have the edge because they have to be successful only periodically. This requires a rigorous protective mindset among enterprises and the adoption of new cybersecurity technology. Startups will ensure they are accommodated again in 2018.
Sean Cunningham is a managing director at Trident Capital Cybersecurity. Previously, he was a director at Intel Capital overseeing investments in cybersecurity. Cunningham can be reached at firstname.lastname@example.org.
Photo courtesy gorodenkoff/iStock/Getty Images.