RSA-Related Cybersecurity Investing Trends
With thousands of cybersecurity operators, practitioners, entrepreneurs, researchers, and investors converging on the Moscone Center in just a few weeks’ time, we thought it would be appropriate to analyze VC investment trends in cybersecurity by geographic region. And, as many people who have attended RSA over the years know, RSA is often the time when blockbuster acquisitions are announced. So we thought it would be interesting to investigate how much cash some of the largest publicly-traded cybersecurity companies had in their war chests.
Consistent with our previous post, we’re seeing a strong upward trend in VC investment in cybersecurity companies globally with the West Coast leading the way with close to $2.5 billion in funding. While the investment in West Coast cybersecurity companies over the years is more pronounced with distinct peaks and valleys, the East Coast and Rest of World investment steadily increases at a more moderate pace. These trends in West Coast investments are primarily driven by “mega-deals” (deals over $100 million). West Coast “mega-deals” by year were:
This is starkly contrasted with a steadier, but slower pace of growth of investment on the East Coast. Whereas the West Coast had 18 “mega-deals”, the East Coast had just two over this period (BlueVoyant, formerly BlueteamGlobal, which was a bit less of a VC deal anyway), and Cybereason.
The average deal size per region generally follows the amount of investment per region. These metrics seem to back what we have been seeing, stylistically, from investors in these regions. The West Coast tends to put more money to work (and more money earlier) than the East Coast. The West Coast also sees more and bigger exits than the East Coast. Our perspective is that neither approach is necessarily better than the other. Some companies aren’t able to sustain the growth expectations that huge amounts of capital injections require. On the other hand, some are able to not only sustain that growth, but even accelerate it with large capital injections.
As is shown in the first chart, VC investment in cybersecurity companies outside of the US has been steadily increasing, keeping pace with the East Coast. Much of this investment outside of the US has been driven by China, the UK, and Israel. This may come as no surprise to those in the industry. Each has tons of highly-technical security talent, often honing those skills within government agencies before moving on to start their own companies. And, of course, there is significant access to capital in these developed economies, both private and government.
Heading into RSA 2019, we pulled the cash and short-term investment balances of more than 30 publicly-traded cybersecurity companies over a 5-year period. As you can see, this aggregate balance has nearly doubled over this period of time and is on a steep upward trajectory. Of course, not all of this cash will be used for acquisition purposes, but a significant portion may. Additionally, keep in mind that this does not include large security businesses which are divisions of major firms such as Microsoft, Cisco, IBM, EMC (RSA), HP, Intel (McAfee). Additionally, this does not include private equity firms that have invested significantly in cybersecurity companies of late. This trend is great news for cybersecurity start-ups and investors alike, as it is potentially indicative of acquisitions in the future.
As we can see in the above chart, this trend is mostly driven by major incumbents that are adding significant cash to their balance sheets as their businesses grow, become more profitable, and more stable (with some exceptions). One major incumbent, Palo Alto Networks ended 2014 with approximately $675 million in cash. They ended 2018 with over $3.2 billion as they were able to borrow $1.7 billion in convertible notes in 2018. VMware (not included in the above chart as it is a significant outlier) grew its cash balance from $7 billion to $13.5 billion over the same period. Though they just announced an $11 billion cash dividend in late 2018. Juniper Networks grew its cash balance from almost $2 billion to over $3.5 billion during this period. These companies are mounting significant war chests and are looking for opportunities to augment (in some cases) single digit growth rates with high-growth, next-generation cybersecurity products.
Generally speaking, VC investment in cybersecurity has been occurring at a grueling pace, particularly on the West Coast and in Israel. I think while the exits keep coming, as they have in the past few years and the IPO markets are open and generally healthy, we think we’ll continue to see investment in this space. We also believe that the cybersecurity market is ripe for M&A in the coming years as publicly-traded cybersecurity companies are building up their balance sheets, looking to start-ups to drive innovation, and looking for a wider breadth of products to offer CISOs that are tired of deploying and maintaining new one-off solutions.
Notes:
- When fiscal years did not match calendar years, we used the closest reporting period possible.
- If the company has not reported earnings as of the time of this analysis, we used the most recent quarter’s financial results.
