information security services to satisfy the customer desire for one-stop shopping, as Xconomy’s Greg Huang reported recently. And in a September report, Gartner said most of the security software market consists of “mature technology areas where the penetration rate is already high.” The growth forecast for cybersecurity is dimming because many aspects of data protection are becoming commodity services, Gartner said. But new opportunities are still opening as business operations shift to Web-based software and mobile devices, the firm said.
Thakker says the best tactic for a cybersecurity startup is to do a few things really well. As an investor, he has observed characteristic patterns in the life cycle of young companies in the sector.
“The half-life of a security company is a little lower than most IT companies’,” Thakker says.
Some startups are acquired early if they have very desirable intellectual property assets, he says. One example was San Jose, CA-based Elastica, founded in 2012, which was snapped up by Bluecoat Systems in November for $280 million. The exits for other startups typically take eight to 10 years, Thakker says. Once they reach revenue levels of $30 million to $50 million, it’s hard for them to grow much beyond that, he says. The exit path for most is an acquisition. These often fall in the $300 million to $500 million range, Thakker says.
“We try to get in on the ground floor,” when a company has a valuation of about $20 million, Thakker says.
Only a handful of cybersecurity companies can aspire to a $1 billion IPO—and it would be a long ride, Thakker says. Notable IPO successes in the sector are Milpitas, CA-based FireEye, whose IPO raised $304 million in late 2013; and Santa Clara, CA-based Palo Alto Networks, which raised $260 million in its 2012 IPO.
Battery Ventures hasn’t set a specific target amount to spend on cybersecurity investments, or a target percentage of its outlays, Thakker says. But the company aims to back new companies every quarter to address the vulnerabilities constantly arising because of technological change, including connected cars and mobile devices that put business data at risk everywhere they go, he says.
“A connected car is an attack surface,” Thakker says. “The more technology changes, the more exposure there is to cybersecurity risks. The consequences are pretty significant.”
“The United States owes its position in the world to its advances in technology, and the adoption of that technology by everyone from banks to plumbers,” Thakker says. “But this also means we’re more vulnerable to hackers.”
