I certainly wouldn’t be the first to declare that the cybersecurity industry is booming. But I am willing to wager that Boston is positioning itself to be the leader.
The cybersecurity space is crowded and incredibly dynamic. On one side of the market, you have the legacy players trying to adapt to new technologies, and on the other side are the startups changing the game and challenging the status quo. This revolution is broader than Silicon Valley – a major hub of cybersecurity innovation is being built here in Boston.
Multiple cybersecurity companies have raised over $100M in Boston – Carbon Black and Cybereason have each raised $189M in capital, and Veracode raised $114M before being acquired. CyberArk went public in 2014, has dual headquarters in Israel and Newton, MA and now has a market capitalization around $1.7 billion. Rapid7 had its IPO in 2015 and now has a market capitalization of about $750M. And there have been a number of recent high-profile acquisitions of cybersecurity companies like Hexadite ($100M by Microsoft), Cloudlock ($293M by Cisco), and Veracode ($614M by CA Technologies) that show that the world’s largest tech companies are looking to Boston to fuel their innovation in cybersecurity.
The M&A activity and large raises are also particularly notable because as an industry, the fundraising peaked in 2015. Now we are in an era where the players who have had commercial success have an opportunity to become the leaders and consolidators in the market. Companies who have crossed the chasm and have achieved some scale in revenue will be able to continue to raise growth capital, but smaller companies will struggle. Boston is fortunate to have multiple cybersecurity companies that have achieved growth scale and are positioned to become the next generation of market leaders.
What else is driving this concentration of activity in Boston?
Dating back to the founding of Check Point Technologies in 1993, Israel has had a strong influence in the cybersecurity market. The compulsory military service for all of its citizens means that all the best software developers spend at least two years in cybersecurity and cyberwarfare roles. Many of them go on to start companies, and not surprisingly a lot of these companies are in cybersecurity. But when most of these companies go to start selling, they realize that having a U.S office is key for market development and sales. And the West Coast is just too far from Israel in terms of time change and flight time to make it a great location for a second corporate HQ. As a result, most of these companies have come to Boston or elsewhere on the East Coast to build their U.S. presence.
Another reason the East Coast is desirable for cybersecurity companies is that most of the biggest and best early customers are in the Boston to DC corridor. The most sought-after customers in the cybersecurity market are financial services, healthcare, and pharma companies, and generally they have their headquarters on the East Coast. Many tech startups want to be rubbing elbows in Silicon Valley with Facebook and Google, but cybersecurity companies prefer to rub elbows with the biotech and healthcare leaders based in Boston and the investment banks in New York City.
There is also a strong security talent pool based here in Boston. RSA was founded in 1982, and even after being acquired by EMC (and again by Dell), was run as a division based in greater Boston and trained thousands of employees on the ins and outs of the security industry. This cycle of industry growth will continue as the employees from the Boston-based cybersecurity companies that went public or were acquired go through additional diasporas, fueling the growth of a new crop of security companies. Not to mention the fact that Boston is a hotbed for acquiring and nurturing the next generation of tech talent due to our proximity to top colleges and universities.
So, what does the future hold?
Cybersecurity is now in the forefront of everyone’s mind. The threats that people and companies face are ever evolving and continue to grow. The future of cybersecurity is intertwined with artificial intelligence and machine learning, both of which are core technologies where the Boston area has strong talent. Carbon Black has filed for an IPO and Cybereason just raised a $100M round, opening the potential for multi-billion dollar players. The flywheel feels like it is almost ready to start spinning on its own. If the Boston cybersecurity community can pull off a couple more IPOs and acquisitions greater than half a billion, we will solidify our claim as a full-fledged hub for the global cybersecurity industry.