Over the past 18 months, the world has witnessed ever larger and more frequent security breaches of trusted IT systems. Target, Anthem, Sony, Uber… the list is getting longer. The costs are increasing – executives are getting fired and companies are losing market value as consumer trust wavers. While all of this is terrifying, the consequences of future cyber crimes will be even more dire. The perpetrators – organized, profit-motivated global crime rings and state-sponsored entities looking to advance political ideologies – are getting stronger. As I mentioned in my ‘15 predictions post, I believe we’ll see the first major public breach of a governmental institution or agency with a corresponding declaration of cyber war by the US against an enemy. Many others are also focused on this trend. Journalists such as Nicole Perlroth and Danny Yadron have been tracking cyber security issues and have written many good pieces such as this and this, and Brian Krebs keeps an very thorough blog on this topic. Fred Wilson also predicted ‘15 would be a year of exploding cyber security budgets.
I’ve focused much of my VC career on enterprise infrastructure, and given all the headlines, I’m very bullish on cybersecurity. Now, it’s no surprise a tech VC would be interested in security — big deal. But, I want to share why we’re so bullish, what we’re seeing from companies in the space, and how we think the market will evolve over the coming years. Some of key themes emerging that interest us include the following:
- Crowdsourcing – Hackers, whether profit-minded or state-sponsored, are organized and sophisticated. It’s an unfair fight when they target an individual company that has only its internal resources to bring to the table. To address this issue, companies developing solutions that extract wisdom, knowledge and coordination from the “crowd” are extremely compelling. Getting the benefits of a broad network of security professionals and experts to help identify threats and remediate these risks as they emerge will be a key strategy to successfully fight cyber-crime in the future. GGV recently invested in Synack to capitalize on this trend.
- Analytics & Big Data – Much has been made of the growth in data volumes, both consumer and business related, and the infrastructure to store and analyze this data. While all this new data has become a key attack surface for hackers, there’s also opportunities to spot risky and possibly nefarious patterns in this data as well. Systems that suck in data of all types, correlate it, spot patterns and continually learn to identify emerging risks will be critical as cyber-criminals continue to become more sophisticated. GGV portfolio company AlienVault is doing great work here.
- The Consumerization Trend Hits Security – While consumer-oriented, workplace solutions such as Slack, Zendesk and DropBox have been widely adopted in companies, security products are still stuck in the dark ages. Meanwhile most of the high profile cyber attacks originate from “social engineering” or the compromise of an unsuspecting employee or other person with access to a network and applications. Getting employees to comply with security best practices is a real challenge, but consumerization can help change this. Security products built for usability from the ground up, enabling users to seamlessly integrate protection into their existing workflows, will create big value.
- Risk is Everywhere/ Protection Must Follow – It’s a great time to be a consumer. Our lights, thermostats, security systems and front door locks are connected and controllable remotely. Tesla has allowed us a glimpse into the future, when cars will be highly connected. Everything from the planes we fly to the medical devices and equipment used to keep us healthy is rapidly becoming IP-connected. This trend will unlock huge value but also creates massive new attack vectors for hackers. The consequences of a hacked front door lock, an airplane or an insulin pump are potentially dire. The bad guys are working on this already. Companies that seek to protect the connected-everything systems that are now proliferating are necessary and the payoff for successful players will be huge.
- Cloud Security Coming of Age – Most security companies we meet support a specific form factor and deployment architecture. This is increasingly irrelevant. Hackers don’t care about form factor; they only care about accessing sensitive data and compromising applications. In a cloud world, this type of data can live anywhere and applications can run in a very distributed fashion. Winning security companies will build their solutions to be relevant for a cloud world – nimble, agile and form-factor agnostic to protect key assets regardless of location.
While the cyber security industry is poised to create some huge winners, it’s important to note that there will never be a perfect solution. No company can hope to completely wipe out all cybercrime; the best one can do is to try to stay on par with, or a bit ahead of, the hackers. As such, the best companies won’t build products for a point in time but will focus on continuous innovation. Additionally, as vulnerabilities proliferate, the best entrepreneurs will prioritize and focus on those with the biggest payoff.
If you’re interested in this space – as a seed or VC investor, a founder, an executive or a CISO/ security-focused IT professional, please reach out to me. I’d love to connect to compare notes and collaborate.