“A good half of the art of living is resilience,” the philosopher Alain de Botton once said. For private companies, the same could be said about the art of survival in down markets.
As venture and private-equity investors review their portfolios following the financial turmoil of recent months, some sectors look more resilient than others. Companies making software that keep IT networks secure seem like one of the safer havens around right now.
“I’m not sure you can say anything is recession proof. If things get bad enough, people will have to make trade offs,” Seth Boro, a managing partner at PE firm Thoma Bravo, tells me. “But we do think cybersecurity will be the last to go, based on how important it is to every company’s digital transformation.”
To be sure, cybersecurity companies haven’t been immune to layoffs. Lacework and OneTrust laid off 20% and 25%, respectively, of their workforces in recent weeks as IPO markets slowed to a crawl. Cyberreason, Deep Instinct, and Automox have also let workers go. Some publicly traded security stocks have tumbled from 2021 highs. Crowdstrike is down 35% in the past 12 months, while Okta is down 64%.
But other companies in the sector are faring better. Palo Alto Networks, for example, is up 35% in the past year. Mark Hatfield, co-founder and general partner at cybersecurity-focused VC firm Ten Eleven, tells me that most early stage companies in his firm’s portfolio are still hiring to help build new products that may not be marketed for another 12 to 18 months. To support them, Ten Eleven this month raised $600 million for its third-generation fund.
“Things got a little overheated with the valuations of some later-stage companies, but at the early stage there hasn’t been a lot of change in valuations,” Hatfield says. “Look, the bad actors and the hackers aren’t going away, so the industry itself is quite well insulated from the macro elements. If it’s a nuclear winter, things could change, but generally cyber is quite resilient.”
Even if all cybersecurity companies aren’t recession proof, cyberthreats sure seem to be. Hatfield and Boro say that network attacks and breaches can grow more common in economic downturns. That’s when some companies may opt to trim IT budgets and cut network-security staff, opening up vulnerabilities that hackers are only too glad to exploit.
Recent recessions show how attitudes in the C-suite have evolved around network security. During the Great Recession, cybersecurity companies had no problem holding on to existing customers, but acquiring new ones proved challenging. Fast forward to 2020’s Covid-19 crisis, and remote workforces made spending on secure networks a top priority across the board.
The latter scenario may play out again in 2022 simply because cyberthreats grow more common and more sophisticated with each passing year.
“Cyber is at the top of every CIOs list in terms of allocating budget. Companies that shut it off will likely regret it,” Boro says. “Security is critical to enabling digital transformation. Companies can’t afford to take a step back from it, so if you’re an executive running a company, you’re thinking about the threat landscape in a way most people didn’t even five years ago.”
What’s more, enterprise software companies have been increasingly focused on making a business case that their wares can deliver return on investment. In network security, AI and automation are helping to reduce monitoring costs. Platforms that can automatically detect and quickly shut down threats can save on the costs of remediating a successful network breach, which can potentially reach millions of dollars for large organizations.
That business case is one reason why, after the Great Recession, the first stock offerings that helped reignite the IPO market weren’t brand-name consumer companies like Uber or Airbnb, but were lesser-known enterprise software makers. The IPO market may have grown quiet this year, prompting many startups to save cash and extend their runways. But when it starts up again, cybersecurity and other enterprise startups may be the first out of the pipeline.
Even before that happens, there may be more cybersecurity exits through mergers and acquisitions because the sector is ripe for consolidation. VCs invested $50 billion in cybersecurity in the past five years, including $22 billion in 2021 alone. Since 2017, the 10 largest PE firms completed 146 cybersecurity deals with a median deal size of $541 million, according to Pitchbook.
Now that valuations of many publicly traded and late-stage companies have descended closer to earth, more cybersecurity companies may find themselves acquisition targets. Google’s $5.4 billion purchase of Mandiant in March suggests big tech may become more aggressive buyers in the sector. One big reason is the continued shortage of talent in a growing industry. By some counts, there are 2.7 million cybersecurity jobs waiting to be filled.
“A lot of M&A will be driven by access to talent and innovation,” Hatfield says. “There’s just not enough talent to go around in cyber right now.”
None of this is to say that the next year or so will be easy for private cybersecurity companies. In fact, investors talk as if a severe downturn remains a possibility worth preparing for. But the nature of the industry suggests there’s a case to be made for it as a resilient safe haven in private financing.
“Everybody is obviously looking forward with some concern. Right now, how could you not be?” Boro says. “That being said, I think people in cybersecurity still feel good about where they sit.”
Submit a deal for the Term Sheet newsletter here.
Jackson Fordyce curated the deals section of today’s newsletter.
– Openly, a Boston-based homeowners insurance provider through independent agents, raised $75 million in Series C funding. Advance Venture Partners, Clocktower Ventures, Obvious Ventures, Gradient Ventures, PJC Ventures, Techstars, and Mtech invested in the round.
– Sanas, a Palo Alto-based accent translation technology company, raised $32 million in Series A funding. Insight Partners led the round and was joined by investors including GV, Assurant Ventures, angel investor Gokul Rajaram, Human Capital, General Catalyst, Quiet Capital, and DN Capital.
– Strapi, a San Francisco-based content management system, raised $31 million in Series B funding. CRV led the round and was joined by investors including Flex Capital, Index Ventures, and other angels.
– AiVF, a Tel Aviv-based IVF startup, raised $25 million in Series A funding. Insight Partners led the round and was joined by Adam Neumann’s Family Office, 166 2nd.
– Apptronik, an Austin-based robotics company, raised $14.6 million in seed funding. Capital Factory, Grit Ventures, Perot Jain, and others invested in the round.
– BotsAndUs, a London-based intelligence and robotics company, raised $13 million in seed funding. Lakestar led the round and was joined by investors including Maersk Growth, Kindred Capital, and Capnamic.
– Synop, a New York-based electric vehicle fleet operations platform, raised $10.1 million in seed funding. Obvious Ventures led the round and was joined by investors including Wireframe Ventures, Congruent, and Better Ventures.
– designstripe, a Montreal-based visual communication platform, raised $10 million in funding. Insight Partners led the round and was joined by investors including and was joined by Silicon Valley Bank.
– Symbrosia, a Kailua-Kona, Hawaii-based seaweed feed additive startup, raised $7 million in Series A funding. Danone Manifesto Ventures led the round and was joined by investors including Pacific6, HATCH, Presidio Ventures, Kamehameha Schools, Mana Up, and others.
– Kasheesh, a New York-based digital payment platform, raised $5.5 million in funding. Tribe Capital, Anthemis, Courtside Ventures, NFL athlete Odell Beckham Jr, investor Sahil Bloom, and actor Robin Wright invested in the round.
– Octane11, a New York-based B2B data platform, raised $4.5 million in seed funding. Javelin Venture Partners led the round and was joined by investors including BDMI, Honeystone Ventures, Plug and Play Ventures, Base Ventures, Circadian Ventures, AperiamVentures, and other angels.
– Kins, a New York-based hybrid care physical therapy practice, raised $4 million in seed funding led by W Health Ventures.
– Rerun, a Stockholm-based computer vision software building platform, raised $3.2 million in funding. Costanoa Ventures and Seedcamp invested in the round.
– Audax Private Equity acquired a majority stake in BlueCat Networks, a New York and Toronto-based infrastructure software provider. Financial terms were not disclosed.
– Auxo Investment Partners acquired Breyden Products, a Columbia City, Ind.-based braided lacing tapes, twines, cords, and sleeving manufacturer for the electric motor, defense, and aerospace markets. Financial terms were not disclosed.
– Cornell Capital agreed to acquire Advantek, an Eden Prairie, Minn.-based engineered carrier tape and associated protective packaging products provider, from Tinicum. Per terms of the deal, Tinicum will retain a minority stake. Financial terms were not disclosed.
– Florida Food Products, backed by Ardian and MidOcean Partners, agreed to acquire Javo Beverage Company, a Vista, Calif.-based natural extractor of coffee, tea, and botanicals. Financial terms were not disclosed.
– ICG acquired Seaway Plastics Engineering, a Port Richey, Fla.-based provider of injection-molded and engineered components to the medical device, health care, specialty industrial, A&D, and other markets. Financial terms were not disclosed.
– Hewlett Packard Pathfinder acquired a minority stake in TruEra, a Redwood City, Calif.-based management solutions provider for managing model performance, explainability, and societal impact. Financial terms were not disclosed.
– Nuveen and Maj Invest Financial Inclusion Fund acquired a majority stake in GloboKasNet, a Santiago de Surco, Peru-based multi-bank payment network. Financial terms were not disclosed.
– OceanSound Partners acquired a majority stake in Lynx Software Technologies, a San Jose-based open architecture software solutions provider for embedded systems. Financial terms were not disclosed.
– Sheridan Capital Partners acquired a majority stake in RS&A, a Rural Hall, N.C.-based medical device independent service provider. Financial terms were not disclosed.
– Kaseya acquired Vista Equity Partners’ 69% stake in Datto, a Norwalk, Conn.-based security and cloud-based software solutions provider. A deal values the company at $6.2 billion.
– BC Partners acquired Havea, a France-based natural health care group, from 3i Group, for between $1.05-$1.16 billion, according to Reuters.
– Atkore acquired United Poly Systems Holdings, an Albuquerque, N.Mex and Springfield, Mo.-based high-density polyethylene pressure pipe manufacturer, from Industrial Opportunity Partners.
– Levine Leichtman Capital Partners acquired Technical Safety Services, a La Jolla, Calif.-based testing, inspection, certification, and calibration services provider to customers in the pharmaceutical, biotechnology, health care and other life sciences markets, from The Edgewater Funds and JZ Partners. Financial terms were not disclosed.
– Material Bank acquired Architizer, a New York-based digital architecture information platform. Financial terms were not disclosed.
– Planview acquired Enrich, a Los Gatos, Calif.-based product portfolio analytics company. Financial terms were not disclosed.
– Starburst acquired Varada, a Tel Aviv, Israel-based data lake analytics accelerator. Financial terms were not disclosed.
– Closed Loop Partners, a New York-based investment firm, hired Matt Parker as CFO and managing director. Formerly, he was with Greycroft.
– Inspired Capital, a New York-based venture fund, promoted Kamran Ali to principal.
– SK Capital Partners, a New York-based private investment firm, hired Asim Bhatia as director, business development. Formerly, he was with DuPont de Nemours.