San Francisco: Cyber security start-ups are worried that their valuations are at risk, as venture capitalists become more cautious about funding them.
Mike DeCesare, head of start-up of internet of things security company ForeScout, said he felt like the “guy in the movie that slides right under the [closing] door”, as his company announced it had raised $76 million at a $1 billion valuation. “It is a very precarious investment environment right now,” he said.
The investment was led by fund manager Wellington, and closed a month ago. But DeCesare said that investors were much less bullish than they were six months ago.
“Even people considering relatively small investments of $5 million are asking for five or 10 due diligence meetings to understand the assets,” he said. “I’ve never heard investors challenge the path to profitability.”
Venture capital has poured into the cyber security industry in recent years, as investors anticipated heightened demand for a new generation of products to protect companies.
But the latest generation of antivirus products and firewalls have been hit by a number of high-profile failures, with attacks on organisations ranging from Target and Sony Pictures to Anthem Healthcare and the US Office of Personnel Management. DeCesare said about half $30 billion industry was in a “very precarious position” because it sold antivirus software and firewalls.
Referring to his company hitting a valuation of $1 billion, known in the technology industry as becoming a “unicorn”, he said: “I look at us as the anti-unicorn. We have the valuation of a unicorn but we’re doing it with very reasonable financials.”
ForeScout increased revenue 77 per cent last year to $125 million and is almost profitable, he said. FireEye, the most prominent name in the current crop of security start-ups, used falling valuations to its advantage to buy iSights, a threat intelligence start-up.
Dave DeWalt, chief executive, said it was the “best time to buy”.
iSight partners, which DeWalt credited with predicting the wave of attacks on US retailers in 2013 and 2014, was trying to raise funds from venture capitalists at a $1 billion valuation in the autumn. But it ended up settling for a price of $200 million plus $75 million in performance-related payments in the deal with FireEye.
Both DeWalt and DeCesare described the high valuations in the cyber security sector last year as “crazy”.
“There are companies with $100 million plus in the bank [in fund-raising] but their product is barely out the door,” said DeCesare.
DeWalt added that the fall in valuations had gone too low, including those of public companies such as FireEye, where shares have fallen 31 per cent so far this year.
Another cyber security start-up also announced it had raised money in a round that closed in December. Malwarebytes, which is moving from protecting consumers to safeguarding companies from malicious software, raised $50 million in an investment from fund manager Fidelity.
Marcin Kleczynski founded the company in 2008, when he was in his late teens, after “fiddling around” with how to solve the problem of malware from age 12. Malwarebytes has 350 employees and revenue grew by more than 120 per cent to over $100 million in annualised billings in 2015.
Kleczynski said he did not envy investors trying to tell the difference between security companies in such a busy market. “It is a mess out there,” he said. “There is a lot of noise in the security industry.”
— Financial Times
