Data Breaches Boost Funding for Cybersecurity Startups

BT-AD101_CYBERV_16U_20150715182705.jpg

In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups
 
Before Max Krohn, the OkCupid co-founder, played online matchmaker, he had a far-less-romantic interest in cryptography. But he couldn’t see a way to make a living at it.
“Security startups never really did so well,” says Mr. Krohn, who studied computer science at Harvard University and the Massachusetts Institute of Technology. “There was not an example of a runaway success.”
That is changing, following major data breaches, as corporate customers and venture capitalists show increased interest in cybersecurity. Mr. Krohn and another OkCupid co-founder have a new startup, Keybase, which aims to make encryption easier to use. Wednesday drew its first outside investment, a $10.8 million round led by venture-capital firm Andreessen Horowitz.
On Monday, Google Capital, the search giant’s growth-equity fund, made its first cybersecurity investment, leading a $100 million round in Crowdstrike, known for outing Chinese and Russian hackers. Allegis Capital this month said it closed on $100 million toward a fund focused on cybersecurity. Three years ago, private-equity fund Blackstone Group had no cybersecurity investments; now it has seven.
“It’s almost like, ‘Who hasn’t been hacked?’ ” said Venky Ganesan, a managing director at Menlo Ventures who led the firm’s investment in BitSight Technologies, which gives companies a credit-score-like rating for computer defenses. In 2011, Menlo directed about 5% of a $400 million fund toward security startups, Mr. Ganesan said, and its current fund has dedicated about 20% to the field.

In the 2015 first half, venture firms invested $1.2 billion in cybersecurity startups, according to researcher CB Insights. That is down slightly from $1.4 billion a year earlier but up sharply from $771 million in 2013’s first half.
The shift is particularly notable at Andreessen Horowitz, which used to view security companies as necessary for Internet safety but less lucrative than other technology niches.
One reason is that cybersecurity startups were often acquired prior to an initial public offering, says Scott Weiss, an Andreessen Horowitz partner. Mr. Weiss sold his own security startup, IronPort Systems Inc., to Cisco Systems Inc. for $830 million in 2007.
Well-received offerings from companies including Palo Alto Networks Inc. in 2012 and FireEye Inc. in 2013 have altered that view. Partners at Andreessen Horowitz say they likely wouldn't have invested in a company like Keybase even two years ago. Over the past 13 months, the firm also made an unusually large $142 million bet on Tanium Inc., which tries to make it easier for companies to find vulnerable and infected machines on their networks.
Ted Schlein, a partner at Kleiner Perkins Caufield & Byers who has invested in security startups for two decades, says he has noticed more investors jumping into cybersecurity.
That is a risk for investors in cybersecurity companies, as is the rush of entrepreneurs suddenly flooding the space. Bob Ackerman, a managing director of Allegis Capital and another longtime investor in cybersecurity, says he sees a lot of me-too companies led by founders without experience in the field.
“This isn’t sharing-economy stuff,” says Mr. Ackerman, referring to companies like Uber Technologies Inc. and Airbnb Inc. that connect individuals looking for rides or rooms. “This is nerdy stuff.”
Another risk, Mr. Ackerman notes, is that every new piece of security technology is one data breach away from being obsolete.
Core to Keybase’s pitch is making it easier for users to trade public encryption keys, a crucial step in using PGP, the encryption protocol formally called Pretty Good Privacy. PGP is considered secure, but it’s clunky and nowhere near as simple as Facebook or Google.
Chris Dixon, the Andreessen Horowitz partner who led the investment, said he expects Keybase to let individuals use the service for free but charge enterprises for extra features. Krohn, the cofounder, said he wants to offer users an encrypted file-sharing tool and encrypted chat applications.
As a Harvard student in the late 1990s, Mr. Krohn worked on websites during the first tech boom alongside programmers with a hacking background. The interest rubbed off, he said.
After graduating in 1999, however, he and his friends were more interested solving more immediate problems, like dating. Hence OkCupid.
Mr. Krohn left the dating site in 2012 and pondered his next move with cofounder Chris Coyne. They became intrigued with simplifying encryption, and launched Keybase last year.
They initially didn’t see much commercial future in the startup, and spurned investment offers from venture capitalists, Messrs. Krohn and Dixon said.
A few breaches later, they too began to see it as a business.
“Five years ago, it would have been a very hard sell,” Mr. Krohn said. “Probably, it would have been, ’Sorry, no one cares about security, therefore this product doesn’t have much of a hope.’ ”
WSJ: http://on.wsj.com/1HweA7Z

« SurfWatch Labs Rolls Out Dark Web Intelligence Service
How Analytics Will Influence Connected Cars »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

CloudInsure

CloudInsure

CloudInsure is a Cloud Insurance platform designed to specifically address emerging liabilities within the Cloud environment.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

Idemia

Idemia

Idemia is a global leader in security and identity solutions.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

DoQubiz Technology

DoQubiz Technology

DoQubiz is using the idea of security through obscurity to develop their proprietary Fractal Security Engine that implements a highly resilient data protection protocol.

Cyberi

Cyberi

Cyberi provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance to incident management and response, and technical security research.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Liberty Technology

Liberty Technology

Liberty Technology has a host of highly trained, certified experts who assist our clients with immediate remote support as well as on-site service.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Airbus Protect

Airbus Protect

Airbus Protect is an Airbus subsidiary bringing together the Company’s expertise in cybersecurity, safety and sustainability-related services.