Data Breaches Boost Funding for Cybersecurity Startups

In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups
 
Before Max Krohn, the OkCupid co-founder, played online matchmaker, he had a far-less-romantic interest in cryptography. But he couldn’t see a way to make a living at it.
“Security startups never really did so well,” says Mr. Krohn, who studied computer science at Harvard University and the Massachusetts Institute of Technology. “There was not an example of a runaway success.”
That is changing, following major data breaches, as corporate customers and venture capitalists show increased interest in cybersecurity. Mr. Krohn and another OkCupid co-founder have a new startup, Keybase, which aims to make encryption easier to use. Wednesday drew its first outside investment, a $10.8 million round led by venture-capital firm Andreessen Horowitz.
On Monday, Google Capital, the search giant’s growth-equity fund, made its first cybersecurity investment, leading a $100 million round in Crowdstrike, known for outing Chinese and Russian hackers. Allegis Capital this month said it closed on $100 million toward a fund focused on cybersecurity. Three years ago, private-equity fund Blackstone Group had no cybersecurity investments; now it has seven.
“It’s almost like, ‘Who hasn’t been hacked?’ ” said Venky Ganesan, a managing director at Menlo Ventures who led the firm’s investment in BitSight Technologies, which gives companies a credit-score-like rating for computer defenses. In 2011, Menlo directed about 5% of a $400 million fund toward security startups, Mr. Ganesan said, and its current fund has dedicated about 20% to the field.

In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups, according to researcher CB Insights. That is down slightly from $1.4 billion a year earlier but up sharply from $771 million in 2013’s first half.
The shift is particularly notable at Andreessen Horowitz, which used to view security companies as necessary for Internet safety but less lucrative than other technology niches.
One reason is that cybersecurity startups were often acquired prior to an initial public offering, says Scott Weiss, an Andreessen Horowitz partner. Mr. Weiss sold his own security startup, IronPort Systems Inc., to Cisco Systems Inc. for $830 million in 2007.
Well-received offerings from companies including Palo Alto Networks Inc. in 2012 and FireEye Inc. in 2013 have altered that view. Partners at Andreessen Horowitz say they likely wouldn't have invested in a company like Keybase even two years ago. Over the past 13 months, the firm also made an unusually large $142 million bet on Tanium Inc., which tries to make it easier for companies to find vulnerable and infected machines on their networks.
Ted Schlein, a partner at Kleiner Perkins Caufield & Byers who has invested in security startups for two decades, says he has noticed more investors jumping into cybersecurity.
That is a risk for investors in cybersecurity companies, as is the rush of entrepreneurs suddenly flooding the space. Bob Ackerman, a managing director of Allegis Capital and another longtime investor in cybersecurity, says he sees a lot of me-too companies led by founders without experience in the field.
“This isn’t sharing-economy stuff,” says Mr. Ackerman, referring to companies like Uber Technologies Inc. and Airbnb Inc. that connect individuals looking for rides or rooms. “This is nerdy stuff.”
Another risk, Mr. Ackerman notes, is that every new piece of security technology is one data breach away from being obsolete.
Core to Keybase’s pitch is making it easier for users to trade public encryption keys, a crucial step in using PGP, the encryption protocol formally called Pretty Good Privacy. PGP is considered secure, but it’s clunky and nowhere near as simple as Facebook or Google.
Chris Dixon, the Andreessen Horowitz partner who led the investment, said he expects Keybase to let individuals use the service for free but charge enterprises for extra features. Krohn, the cofounder, said he wants to offer users an encrypted file-sharing tool and encrypted chat applications.
As a Harvard student in the late 1990s, Mr. Krohn worked on websites during the first tech boom alongside programmers with a hacking background. The interest rubbed off, he said.
After graduating in 1999, however, he and his friends were more interested solving more immediate problems, like dating. Hence OkCupid.
Mr. Krohn left the dating site in 2012 and pondered his next move with cofounder Chris Coyne. They became intrigued with simplifying encryption, and launched Keybase last year.
They initially didn’t see much commercial future in the startup, and spurned investment offers from venture capitalists, Messrs. Krohn and Dixon said.
A few breaches later, they too began to see it as a business.
“Five years ago, it would have been a very hard sell,” Mr. Krohn said. “Probably, it would have been, ’Sorry, no one cares about security, therefore this product doesn’t have much of a hope.’ ”
WSJ: http://on.wsj.com/1HweA7Z