Up market or down market, individuals, companies and governments need cybersecurity to survive in today’s digital age. With the growing frequency and sophistication of cyber attacks, as well as the increasing reliance on technology in our daily lives, cybersecurity has become an increasingly important and headline-leading industry.
Due to the rise of cloud computing, the Internet of Things (IoT), and mobile devices, there are simply more potential entry points for hackers to exploit. In fact, according to McKinsey’s study, “at the current rate of growth, damage from cyberattacks will amount to about $10.5 trillion annually by 2025—a 300 percent increase from 2015 levels.”1
This leaves a large opportunity for cybersecurity companies to offer solutions to a growing problem, one that persists regardless of market cycles.
Key Areas of Cybersecurity You Need to Know
Cybersecurity involves the practice of protecting computer systems, networks, and sensitive data from unauthorized access, theft, damage, or other cyber threats. The industry includes a wide range of products, services, and practices aimed at securing digital infrastructure and ensuring the confidentiality, integrity, and availability of information.
There are several sub-sectors within the cybersecurity industry, each focused on specific areas of security2:
- Network Security involves protecting computer networks from unauthorized access, malware, and other threats. This includes firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs).
- Endpoint Security involves securing devices such as laptops, desktops, and mobile devices against cyber threats. This includes antivirus software, anti-malware, and mobile device management (MDM) software.
- Cloud Security involves securing data and applications that are hosted in the cloud. This includes cloud access security brokers (CASBs), cloud security posture management (CSPM) tools, and cloud workload protection platforms (CWPPs).
- Application Security involves securing software applications against cyber threats. This includes web application firewalls, static and dynamic code analysis tools, and application security testing (AST) solutions.
- Identity and Access Management involves managing user access to systems and data to ensure that only authorized individuals can access sensitive information. This includes identity and access management (IAM) solutions and multi-factor authentication (MFA) tools.
Investment Trends in Cybersecurity
The investment landscape for cybersecurity has evolved significantly over the past few years. In the past, the industry was primarily focused on selling hardware-based solutions such as firewalls and intrusion detection systems. However, with the rise of cloud computing and software-as-a-service (SaaS) models, many companies have shifted to offering cloud-based solutions and services, which we see reflected in the types of startups coming to market.
Increasing cyber threats, growing adoption of cloud computing, and the increasing use of artificial intelligence and machine learning in cybersecurity solutions are expected to drive the overall global cybersecurity market. Grand View Research indicated that the global cybersecurity market is projected to grow from $167.1 billion in 2019 to $373.5 billion by 2026, at a compound annual growth rate (CAGR) of 10.0%.
Within the private markets “private equity sponsors and their portfolio companies have backed 162 cybersecurity deals worldwide valued at $34.9 billion, including both add-on and platform acquisitions…If dealmaking continues at its current pace, it could surpass last year's tally of $36.4 billion across 308 transactions.”3 Cybersecurity companies generally have the ability to generate high margins and offer a lower customer churn rate compared to other SaaS businesses, both of which are big draws for private equity firms. In fact, 26% of the deals that Thoma Bravo, a leading private equity firm, participated in during 2022 were in cybersecurity firms.4
Resilience During Recessionary Periods
The cybersecurity industry has historically shown resilience during economic downturns and has been considered a good investment during a recession. The demand for cybersecurity solutions tends to remain strong regardless of economic conditions as cyber threats are an ongoing concern. In fact, “economic volatility creates a confluence of factors that can increase security risks while at the same time negatively impact defenses,” which, in turn, leads to a greater need for cybersecurity itself.5
More importantly, cybersecurity is not typically considered a discretionary expense by businesses, but rather a necessary investment to protect their operations and assets.6 Given the potential losses arising from breaches, businesses have taken this approach and it has helped to maintain demand for cybersecurity solutions even during periods of economic uncertainty.
Moreover, many cybersecurity companies offer subscription-based services or software licenses, which can provide a steady stream of recurring revenue. Companies that provide critical infrastructure, such as those that protect financial institutions or government agencies, may also be more resilient across market cycles due to the essential nature of their services.
Hybrid remote work, as well as more stringent regulations also support the expansion of cybersecurity. This sentiment is echoed by Cybersecurity Dive, which highlights that, “analysts expect cybersecurity spending to continue its run of sustained growth, a trend fueled by the persistent threat of cyberattacks, the demands of hybrid work and increased data privacy and governance regulations.”7
While no investment is entirely immune to market fluctuations, and investing in any industry during a recession carries inherent risks, cybersecurity is uniquely positioned as a critical expenditure.
The Private Companies You Should Know
There are many private companies operating in the cybersecurity industry, ranging from small startups to large multinational corporations. Some of the most well-known private companies include:
- Snyk: Snyk’s Developer Security Platform aims to automatically integrate with a developer’s workflow and is built for security teams to collaborate with their development teams. Snyk is used by 1,200 customers worldwide as of November 2021, including enterprises such as Asurion, Google, Intuit, MongoDB, New Relic, Revolut, and Salesforce.
- Tanium: Tanium aims to offer real-time endpoint visibility and control that is built for the most demanding IT environments. Many of the largest and most sophisticated organizations, including more than half of the Fortune 100, top retailers and financial institutions, and multiple branches of the US Armed Forces rely on Tanium.
- Signifyd: Signifyd aims to provide an end-to-end Commerce Protection Platform that aims to maximize conversion, automate customer experience and eliminate fraud and customer abuse for retailers. Signifyd uses big data and machine learning and claims to provide a 100 percent financial guarantee against fraud and chargebacks on approved orders.
- BigID: BigID aims to develop data intelligence software in order to help companies secure customer data and comply with privacy regulations. BigID solutions aim to offer customers compliance with relevant global regulations while offering security, governance, and privacy tools.
- Wiz: Wiz is a cybersecurity company that allows companies to find security issues in public cloud infrastructure. It has designed the first cloud-native visibility solution for enterprise security teams that analyzes the entire cloud environment to deliver a 360° view of security risks across clouds, containers, and workloads.
Cybersecurity breaches can have severe consequences for individuals, businesses, and even governments, including financial losses, reputational damage, and national security risks. As a result, the demand for cybersecurity professionals and solutions has grown significantly in recent years.
The industry is expected to continue to expand in importance and prominence as technology becomes more ubiquitous and cyber threats become more sophisticated over time. If you’re interested in learning more and investing in this growing space, take a look at our listings page.
- McKinsey. October 2022
- Checkpoint. N/A
- Pitchbook. August 2022
- CB Insights. March 2022
- CSO. February 2023
- Forbes. February 2022
- Cybersecurity Dive. March 2023