Venture Capitalists Chase Rising Cybersecurity Spending

February 1, 2016

Mike Orcutt

The rash of headline-grabbing cyber­attacks on major companies over the past few years has made one thing abundantly clear: it’s not enough to rely only on traditional security tools. To venture capitalists, that means there’s money to be made by betting on startups developing new ones.

Cyber Survival
With cyberattacks getting worse, the urgent need today is for faster responses, smarter technologies, and wider encryption.

VCs are hoping to get a piece of companies’ increased spending on cybersecurity. In 2014 Gregg Steinhafel, the CEO of Target, became the first head of a major company to lose his job over a data breach. Now, worried company leaders are giving their security units a “blank check,” says Scott Weiss, a general partner who specializes in security at the venture capital firm Andreessen Horowitz: “The CEO has said, ‘Look, whatever you need, you’ve got.’”

Today’s advanced threats are much too sophisticated for traditional tools like antivirus software and firewalls. Not wanting to buy obsolete products, security executives are increasingly venturing into agreements with cybersecurity startups. To Weiss and other venture investors, that kind of customer demand is an investment opportunity. According to CB Insights, the global VC community poured a record $2.5 billion into cybersecurity companies in 2014, a strong year for IT startups in general and software in particular. Security companies raised another $3.3 billion in 2015.

The problems these startups are trying to solve are complex. The bad guys do have better weapons, but business systems are also becoming vulnerable in new ways. Businesses are relying more on cloud services and connecting more “things” to the Internet, and their employees are using more connected devices.

Before a few years ago, the conventional approach to security entailed basically building a wall around valuable data and using software to detect known signatures of malicious code. Then security researchers began finding extremely complex malware, derived from government-­designed exploits and sophisticated enough to circumvent traditional antivirus tools. This new generation of malware can be custom-built for a specific network and more precisely controlled by its human operators.