Despite a more cautious approach to financing, investors continue to scour the country for the next generation of cybersecurity startups that can aid enterprises in the never-ending quest to safeguard critical IT systems.
Yes, the topline number may be bad: Investment in security companies fell nearly 40% in 2022, to $18.5 billion, according to a recent report from Momentum Cyber, a financial advisory firm where I serve as chairman. But despite the decline, it is still well above pre-pandemic totals. And with a vast market opportunity ahead, the funding environment is expected to remain strong while other areas of tech slow down.
In fact, in the past two years alone, investors have poured nearly $50 billion into the cybersecurity industry, per Momentum Cyber’s report, while mergers and acquisitions (M&A) activity continued at a record pace. Meanwhile, the industry’s new hyperfocus on AI and the advancements the technology will support should only amplify investor interest. However, it’s clear there are shifting priorities founders need to be aware of.
As the cadence of attacks accelerates, investors are flocking to vendors providing tools that can help enterprises verify employee and machine identity to secure access to their systems. With the growing number of new regulations, they’re also now more interested in security vendors that help companies manage both risk and compliance. And as cybersecurity teams become larger and more central to the business, more financiers are backing providers building tools that better connect the division with IT.
While the investor capital may not be as free-flowing as the past several years, cybersecurity remains a promising and high-growth sector. It has to because attacks aren’t stopping. Still, there are new considerations that founders must take into account when fundraising. And the current cycle may require them to look beyond the traditional investment hubs.
The In-Demand Sectors
Given the increasing number of cyberattacks, it’s no surprise that identity and access management tools continued to garner the highest amount of investment last year, at $3.2 billion, accounting for 17% of the sector’s total 2022 financing volume.
But other areas are seeing major growth. Investment into vendors providing risk and compliance tools, like Drata and Pentera, grew 12%, to $3 billion. Meanwhile, vendors that help manage security operations and provide threat intelligence, like Swimlane or Coralogix, nabbed $2.1 billion.
The Growing Investment Hubs
The top five states for investment — California, New York, Texas, Virginia, and Massachusetts — are not too surprising. They’ve been the traditional hubs for years.
However, new markets are emerging that could provide entrepreneurs with access to different investors and new sources of talent.
For example, in 2022, Florida was home to 22 investments that totaled $381 million, a 35% increase from 2021. Meanwhile, other markets saw sharp declines. Cybersecurity investment in Colorado, for example, fell 62%, to $239 million.
Room for Innovation
The seismic shift in attention to AI should only continue to propel the cybersecurity sector in 2023. The topic was inescapable at this year’s RSA Conference. And with such a large market opportunity ahead, investors continue to eagerly fund new security startups.
Last year, there were 516 early-stage deals, a nearly 20% increase, totaling $1.5 billion. However, late-stage companies could face a more selective investor audience. In 2022, the number of Series C deals and beyond fell 16%, to 247, with the overall financing volume also falling to $10.6 billion.
There still remains a ridiculous amount of available capital out there for innovative companies that help businesses tackle the increasingly complex task of securing their IT environments.
But scrappy founders should recognize the sentiment shift among investors and follow the money appropriately to make fundraising their next round as painless as possible.