Cybercrime has become a global epidemic. Attacks will cost the world $6 trillion by 2021, research firm Cybersecurity Ventures says-–the greatest transfer of economic wealth in history and more profitable than the trade in all major illegal drugs.
As the threat keeps rising, the cybersecurity industry keeps growing. According to data released in January by Strategic Cyber Ventures, a cybersecurity-focused venture capital firm, global funding for security companies nearly doubled between 2016 and last year, to $5.3 billion.
The space is ripe for entrepreneurial technologists with a passion for helping businesses protect themselves, but it sure isn’t for the faint of heart. Security company founders must address a pervasive and ever-evolving threat landscape of phishing emails, ransomware, account takeovers, and assorted data thievery. And they operate in a hyper-competitive market, crowded with some 3,000 companies.
As I mark my seventh year as CEO at Barracuda Networks—and as the company recently celebrated its 15th birthday—I’ve been thinking about lessons we’ve learned along the way and how they apply in today’s uniquely intense and constantly changing environment. Here are three that I hope will help others.
Focus like crazy on what customers are dealing with
I didn’t start my career in cybersecurity or even high tech. In the ‘90s, I founded and led a company, Snow River Products, that made houseware products including cutting boards, stemware, wine storage racks, and salad bowls, and was later acquired by consumer goods firm Bemis. But whether you’re selling kitchenware or security software, it’s essential to cultivate an obsession with what customers are dealing with every day and how you can help in practical ways.
Of course, if any company fails to understand its customers, it doesn’t belong in business. However, cybersecurity requires an extremely intense form of this ethic. The stakes are so high: You’re responsible for protecting the customer’s crown jewels—their data, their customers’ data, and their corporate brand reputation. And the attackers are invisible, global, and constantly resorting to new tactics.
Winning security firms must not only work very hard to understand the constantly evolving threats their customers are facing; they must also ask themselves questions that the producer of any kind of product must ask: Does our product fit seamlessly into customers’ daily lives? Does it play well with other things the customer already owns (in this case, the rest of their IT and security infrastructure)? Is it easy to use?
It’s crucial for a cybersecurity company to not only have deep empathy with its customers and appreciate their pain points, but also to be intimately familiar with the bigger picture operations, processes, and daily realities.
As Mark Cuban once said, “Make your product easier to buy than your competition, or you will find your customers buying from them, not you.”
Morph along with the threat
The threat of cyberattacks is never static. The bad guys are always getting more clever and varied in their tactics—and security companies must constantly tailor their strategies to the latest trends. It can feel like a game of whack-a-mole.
For example, attackers are increasing their use of social engineering to scam people through email or other online vehicles, leveraging information available on social networks to create maps of relationships and impersonate their friends, relatives, or colleagues. No one is immune. I’m the CEO of a cybersecurity company, and I received an email the other day that spoofed my wife’s account and asked for money to pay a bogus invoice.
Attackers also are increasingly moving beyond traditional targets like retailers and financial services companies to schools, real estate firms, hospitals, and manufacturers as every sector in society becomes digitally uber-connected.
As attack vectors multiply and spread out, security companies must know who is vulnerable and where solutions are sorely needed.
An apt example is the video doorbell industry that seems to have sprouted out of nowhere the last couple of years and is projected to be a $1.4 billion market by 2023. It used to be that good door locks or home security systems were sufficient to avoid break-ins, but the threat to property evolved: People now often buy items online for home delivery, raising concerns that the packages could be stolen from the porch. So video doorbells changed how people secure their homes, while also creating a new attack surface that could allow hackers to infiltrate the home’s IoT system, including locks operated by an app.
Security companies need to identify trends early—such as businesses’ move to the cloud and the resulting need for a new type of protection—if they want to survive.
Carefully consider your funding strategy
The huge market opportunity in cybersecurity makes security startups very attractive to VCs. But that doesn’t necessarily mean it always makes sense to grab the money.
In a market awash with VC money, bootstrapping—simply building a product, creating a website, and taking orders—can be a good model to follow. In a market where the threat changes so often and so quickly, the best way to start building the company may simply be to get the product out, grow the customer list, and really establish yourself before going for larger rounds of funding.
Many security companies believe they have a magic product that’s going to solve every problem, and they take and spend a ton of money to scale the business as fast as possible—never becoming profitable. But I’ve never met a customer who deploys just one security technology. Unlike some other parts of the enterprise, no one provider can cover all the threats. If you have a targeted product that customers like, try to
