The latest in information security: venture capital trends and opportunities

Alex Simmons our consultant managing the role
Information security (infosec) is one of the most resilient categories of enterprise software in turbulent economic conditions. Morgan Stanley’s Q3 Chief Information Survey found that 15% of executives in the industry viewed security software as the least likely to reduce spend, and no executives reported that it was likely to see cuts.

As such, this perceived resilience and proven performance means that infosec is a leading investment priority for investors. Pitchbook, a leading financial data and software company, is forecasting 15.6% growth in the infosec industry, making it the leading segment in the industry.    

However, the ability for start-ups to achieve high growth may be muted. Leading Chief Information Security Officers (CISOs) are reporting the need for vendor consolidation. Thus, because of this trend, the volume of projected sales amongst SME customers is weak. Although, broadly speaking, infosec looks to be in for a period of sustained growth, despite sales cycles extending and depressed market conditions. 

Investor activity   

According to Pitchbook, investor activity is in a steady decline from the heady post-pandemic days. During Q3 2022 infosec startups raised $2.6billion, and they raised the same amount in Q4 2022 too. But the number of deals taking place was down 11.2%. This was primarily driven by the fact fewer early-stage start-ups closing investor deals than late-stage. This is an anomaly in the market but may be a sign of long-term changes.
snippet image

Tuck-in acquisitions, this is when a large entity totally absorbs a smaller one, were the only deals to take place in Q4, signalling a potential emerging trend. Much like the broader private equity investment market, businesses and investors will bolster their portfolios through M&A activity.

In our recent article reviewing the latest in private equity investment activity, we discussed the fact that 2022 was a record year for take-private deals. In terms of infosec, there are several take-private deals which loom on the horizon.  

It is no secret that publicly listed companies have the past found themselves in some difficultly in the past few years, with share prices struggling. Scrutiny has increased significantly with rising costs and weak growth. From a business perspective, PE firms with elevated levels of dry powder (the amount of committed, but unallocated capital a firm has on hand), could supply a much sought-after injection of capital for publicly listed companies.

So, where do the investor opportunities lie?  
Machine learning security   

Machine learning (ML) carries several risks, which include: 
  • Data poisoning  
  • Model theft  
  • Reverse engineering     
Currently, artificial intelligence (AI) and ML processes integrate extremely sensitive data in open-source environments, with minimal intervention from security experts. According to Pitchbook, Data Scientists are less attuned to cybersecurity concerns than software developers and can lack common security practices.

ML cybersecurity is a developing area, but prime for infosec investors. There has been limited industry research into the threats posted to ML. One set of research from Microsoft documented only 15 examples of ML cybersecurity attacks, but this research was limited in scope. Security features in this market are underserved, and many platforms lack security policy enforcement. Start-ups in this area remain small, with the largest valuation reaching $208million. Moreover, the most advanced start-up in this space focusses primarily on government. This means the commercial landscape is ripe for start-ups. 

Managed detection and response    

Managed detection response (MDR) is an outsourced service that provides organisations with threat hunting services and responds to threats once they are discovered. Unlike AI and ML, it also involves a human element. Namely, security providers supply their MDR customers access to their pool of security researchers and engineers, who handle monitoring networks, analysing incidents, and responding to security cases.

In addition to midsize businesses seeking traditional monitoring services, they are increasingly looking for turnkey managed detection services and managed threat hunting. As we are currently experiencing a period of increased budget constraints, enterprises are circling back to managed security services to save money. As such, creating a large market for vendors that is increasingly insulated from economic uncertainty.

Much like with other infosec enterprises, M&A activity will be virulent in 2023. As we have already seen in the market, MDR consistently plays a significant role vendor consolidation, and providers are looking to merge features within their platforms. For example, Google acquired Mandiant for $5.4 billion to enhance its security services technology along with its Chronicle security operations software. And platform vendors including Microsoft and Palo Alto Networks launched MDR offerings in 2022. Pitchbook has reported that due to the looming presence of these large vendors in the market, start-ups will focus on the quality of their professional services, rather than technology.

Postquantum cryptography 

Post-quantum cryptography, also called quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Quantum computing presents fundamental challenges to legacy encryption technologies that must be proactively addressed with novel algorithms. Not only can quantum computers theoretically decrypt conventional encryption systems, but they can be used to take entire portions of the economy offline.   

Critically, the US government in December 2022 passed the Quantum Computing Cybersecurity Act, which guides federal agencies to prioritise data that will require protection from quantum computers. This bill is a first stage of a process of postquantum modernisation that may last until 2031. 

Most quantum-safe encryption start-ups are at seed or early stage and rely on grant funding. This is indicative that there is strong potential for growing commercialisation of the space, with vast opportunity for investors. Furthermore, highly regulated industries, like banking, are likely to adopt postquantum cryptography to safeguard against future risks. In these market conditions, startups can continue research and development (R&D) on techniques that are yet to be selected by the National Insitute of Standards and Technology (NIST). 

Find your next information security role with Marks Sattin Technology    

If you are interested in information security, we may have an opportunity for you. At Marks Sattin Technology, we work with a range of businesses, from innovative start-ups and FTSE 100 companies. With over 30 years of experience, we have helped more than several professionals find their next exciting opportunity in technology.  


Apply for an available technology job with us today or register your details to shortlist jobs so you never miss an opportunity.  

17/02/23
posts

Related articles

What is the role of a financial controller?
What is the role of a financial controller?

Teaser

Finance & Accounting

Content Type

General

04/09/24

Summary

An organisation’s financial controller is the executive responsible for overseeing all of the accounting functions of the firm, ensuring they are completed accurately and on time. From compiling

Teaser

Join us as we outline the main tasks that fall within a FC's job description.

Read full article
Carmine Scalzo

by

Carmine Scalzo

Carmine Scalzo

by

Carmine Scalzo

Things to look for in a software engineering CV
Things to look for in a software engineering CV

Teaser

Technology

Content Type

General

04/09/24

Summary

At Marks Sattin, we understand that hiring the right software engineer involves more than just scanning through a resume - it’s about identifying the perfect match for your team’s technical needs

Teaser

Here's what to look for in a software CV:

Read full article
Ghazal Mayahi

by

Ghazal Mayahi

Ghazal Mayahi

by

Ghazal Mayahi

The Exciting Growth of Global Private Credit
The Exciting Growth of Global Private Credit

Teaser

Financial Services

Content Type

General

15/08/24

Summary

We’ve long been talking about the fact private credit is a future giant in financial services.In today's fast paced financial landscape, private credit stands out as one of the most interestin

Teaser

Discover the dynamic rise of global private credit and it's impact on the financial landscape

Read full article
David Harvey

by

David Harvey

David Harvey

by

David Harvey

jobs

Related jobs

Data & BI Analyst

Salary:

£65,000 - £75,000 per annum

Location:

London

Industry

Professional Services

Qualification

None specified

Market

Financial Services

Salary

£70,000 - £80,000

Job Discipline

Business Intelligence & Analytics

Contract Type:

Permanent

Description

A Central London based Mid-Tier bank seeking to hire a Data & BI Analyst. The role will play a crucial role in transitioning to and supporting the business new Azure Data Warehouse.

Reference

BBBH181521

Expiry Date

01/01/01

James  Thompson Find out more
View all jobs