Cyber Venture Capital: A VC’s Perspective

Is the cybersecurity venture capital surge coming to an end? Overall, the VC world is experiencing a pullback, with S&P Global Market Intelligence revealing that the number of investment rounds was down 32.1% year over year from 2021 to 2022. At the same time, the value of VC rounds fell 65% in the same period. No one knows for sure what will happen to venture funding for security startups, but at least one thought leader is maintaining a positive outlook.

Dr. Lindsey Polley

Dr. Lindsey Polley is Director of Cyber & Space Intelligence at VentureScope’s MACH37 startup accelerator. The 90-day accelerator program’s goal is to facilitate the development of the next generation of cyber product companies. After earning her PhD from the RAND Corporation, where she served as a defense and policy researcher for technology projects spanning the DoD, DHS, and the US intelligence community (IC), Dr. Polley now works as a futurist who specializes in the emergent landscape around cyber and “cyber-adjacent” technologies.

I spoke with Dr. Polley in November of 2022.

Q:           What do you think is happening right now in the world of cybersecurity venture capital?

A:            From 2019 through 2021, we saw dips in venture funding for cybersecurity startups. If you take a closer look, though, it’s not that investor demand was not there. The issue was, and still is, that there are so many similar ventures in the category—everyone’s claiming to be just a bit different, but essentially, a lot of startups are offering the same thing—we’re seeing a consolidation, the acquisition of smaller companies into larger companies, or ventures combining to join a partnership or a larger entity. As a result, there wasn’t as much need for venture capital funding rounds, but that is changing. I think that venture capital appetite still there. Indeed, from our perspective, cybersecurity is less risky to investors than it was just a year or two ago. I think we’re going to see a resurgence of injection of capital into companies operating this realm.

 

Q:           Do you think that there’s a particular category of security venture is going to do well now?

A:            I’m like a parent. I love all my children equally. Seriously, though, if I had to choose areas to focus on, I would say cyber attack surface management (CAASM) tools are looking very strong right now. These tools help you make sure that you have adequate visibility across vulnerability challenges—aggregating data for those vulnerabilities so that you can see in real time what’s going on in your network and endpoints, along with everything that’s connected, it’s a very multi-dimensional view of an enterprise’s threat posture. I think CAASM is going to be hot with VCs in the coming year.

Plus, supply chain. We have a unique confluence of events where we have the developers and researchers working on this, the technical professionals who are now in line with the investors, investors are doubling down on wanting to fund these new capabilities to help make this happen. We like ventures that are developing new tools to secure or prevent against counterfeit components or tampering. That translates into cybersecurity for software in particular, with tools that better protect the entire software stack and the development pipeline.

Quantum security is getting attention, as it should. There’s been some confusion about this, but quantum risk is an area of cybersecurity where we are probably going to see a convergence of civilian and military attack surfaces. It’s like what we see with commercial satellites, where an attack on a corporate asset might be construed as an act of war. Quantum is similar, like if a defense contractor’s data is decrypted through quantum computing, that’s a national security issue even if it’s corporate data. Ventures that help address this risk are going to do well, in my view.

And let’s not forget semiconductors. Chips don’t always make it onto the cybersecurity VC radar screen, but they really should, if you ask me. Security needs to start in the silicon. The recently announced US Japan Joint Research Center is part of this story.

 

Q:           Are the venture capital players in cybersecurity changing, or is the same crowd as always?

A:            Yes, the investors are potentially changing. We have the big traditional investment firms, of course. They are not going anywhere, for the most part, even if some of them pare back their investments in cybersecurity. But, we also have the introduction of like non-traditional investors, like actors and TV personalities, along with platforms that allow crowdsourcing from regular people to put up $2,000 to potentially be betting on a huge unicorn payout. Startups that may not have been able to get funding through the traditional route are finding more opportunities now, given these other non-traditional avenues for funding that have started to open up in the last couple of years.