Driven by a boon of high-profile hacks, investment into cybersecurity firms has risen five-fold in the last five years, according to Strategic Cyber Ventures, an investment firm. But that rosy outlook is set to suffer setbacks in 2019, the company said in an investment note, a sign that the cybersecurity market that is overheating.
Companies poured more than $5 billion into the cybersecurity venture capitalist market in 2018, according to the firm. That rate is unsustainable, Chris Ahern, a principal at the firm told Fifth Domain.
“I can’t see it continue to ramp up,” Ahern said. “I predict that in 2019 it will be flat or total investment will be down. That money (invested) needs to find exits over the next five to ten years.”
Major investments in cybersecurity firms in 2018 included $295 million into the virtual private network app AnchorFree, $200 million into the endpoint protection company Crowdstrike, and $200 million into the endpoint protection firm Tanium
Crowdstrike and Tanium have contracts with the federal government. Tanium won a contract worth several hundred million dollars from the Defense Innovation Unit to increase security of Army networks in 2017
“There is big money in IPO’s,” Ahern said. They read about big breaches and hackers every other week. And they come together and say ‘We need to start investing in cyber.’”
Ahern said that his firm invests on the principle of “intruder suppression.”
“It’s all about how we limit lateral movement in the network and how do we limit dwell time.”
Data from Strategic Cyber Ventures shows a disproportionate amount of investment is located in the Maryland area, which is home to the NSA headquarters in Fort Meade.
Roughly 22 percent of investments from venture capitalist firms go to cybersecurity firms based abroad, Ahern said. That figure is roughly double what it was in 2014 and is a sign that the global cybersecurity market is expanding at a fast rate.
In 2017, the Pentagon awarded more than $1.22 billion to cyber contractors, according to research by Frost & Sullivan. Experts have told Fifth Domain that Pentagon spending trends could drive consolidation of the cybersecurity industry. Because many government investments are meant to boost efficiency, such as cloud computing, their total spending may shrink, according to Brad Curran, a researcher at Frost & Sullivan.
The increase in money from cybersecurity venture capital firms may also be explained by empowered chief information security officers, according to 2015 research from the Darwin Deason Institute for Cyber Security at Southern Methodist University.
Sparked by hack of healthcare provider Anthem in 2015, senior executives have become more concerned about the state of cybersecurity in their company.
“This led to support not only at the senior management level, but in many cases at the board level as well," the Southern Methodist report said. “We believe that this is a period when many firms will elevate cyber to being a first-class risk which will lead to a significant adjustment to the role of the CISO.”
Justin Lynch is the Associate Editor at Fifth Domain. He has written for the New Yorker, the Associated Press, Foreign Policy, the Atlantic, and others. Follow him on Twitter @just1nlynch.