VWV Volumes #16: VP of Recruitment Herbert Traub'22 on The Business of Cybersecurity
The Problem
In an increasingly digital world, companies are performing more tasks, serving more customers, and storing more data on cloud-based servers. These behaviors make firms more susceptible to cyberattacks, especially when companies are faced with the pressing need to digitize in a remote post-Covid environment. Jumping headfirst into new digital workstreams and using a blank-check approach to spending on cybersecurity, has only made firms more vulnerable as endpoint security becomes more complicated. On average, firms employ 10 distinct cybersecurity agents for each given endpoint in their network, but are met with only a 59% compliance rate. Add to that a powerful work-from-anywhere movement, where “anywhere” usually doesn’t have strict cybersecurity measures in place (how secure is your at-home Wi-Fi network, really?). The global business world is in critical danger.
Why This Is a Business Problem
In 2015, cybercrime cost the world $3 trillion. In 2021, this figure doubled to $6 trillion, and by 2025, cyberattacks are projected to cost the business world over $10.5 trillion (for comparison, the 2020 GDP of the US is $21 trillion). This increase in the prevalence of cyberattacks has driven companies to create cybersecurity jobs. But are these positions filled? The short answer is no. Cybersecurity Ventures predicts that by the end of 2021, there will be “3.5 million unfilled cybersecurity jobs globally.” In the US, 50% of the nearly 1 million cybersecurity jobs remain unfilled, and many potential candidates simply lack the certification required to competently do the job.
The Business of Cybercrime
As with any exploitable market, professionals are finding ways to make money in the industry. From Black Friday deals on the Dark Web for stolen credit card information to Ransomware as a Service (RaaS) allowing your everyday tech user to become an online criminal, cybercrime is becoming a business. In this newly fledged capitalist market, hackers have begun to create logos, offer holiday sales, and rebrand their “company” when business is slow. In particular, the fastest growing sector of cybercrime is ransomware, which claims a new victim every 5 seconds and represents $20 billion in damages, a value 57x what it was in 2015. The world is clearly facing a problem, and innovators are setting out to fix it.
Possible Solutions and Innovations
Given the excess demand for cybersecurity professionals, Microsoft, Google, IBM, Apple, and Amazon, among others, have committed to teaching cybersecurity to K-12 and college students. Some of the world’s largest technology companies have committed to educating the public on cybersecurity, hoping more professionals will join the workforce. It will, however, take more than upskilling a workforce to solve the cybercrime problem. Below are a few examples of innovative technologies disrupting the cybersecurity space:
Zero Trust Frameworks
Like the name suggests, Zero Trust frameworks are security systems that fundamentally distrust every user on a system. They require authentication at multiple steps throughout the system, not just on its perimeter (for example, only requiring a password to log in and then letting a user have complete access). Crowdstrike is a market leader in implementing Zero Trust frameworks.
Passwordless Authentication
While this idea might sound contradictory at first, not using a password to log into a system simply means a password cannot be stolen by a hacker. So, in theory, no one but the intended user can log into a system. Instead of traditional login methods, passwordless authentication grants access to a user through separate authenticators, including biometric scanners and links or codes sent to a mobile device or email. Beyond Identity is a lead innovator in this space.
Connections to VC and Closing Thoughts
By August 2021, VCs had pumped $11.5 billion into the cybersecurity industry, 2.4x as much as they had invested during the same time period in 2020. Following a similar trend, M&A activity also grew massively, from $9.8 billion split across 93 transactions in the first half of 2020 to $39.5 billion split across 163 transactions in the first half of 2021.
Huge funding rounds show conviction in the strength of this market. For example, Insight Partners recently led a $543 million Series A round for Transmit Security, a passwordless authentication startup. A $525 million Series D round raised by Lacework, a cloud security startup, is simply another poignant example of massive funds flowing into the cybersecurity space.
Quite clearly, there is a large market for cybersecurity (think $6 trillion in damages). If startups can create innovative solutions to help mitigate these astronomical costs, they will make significant returns while doing social good.
Want to Learn More?
Check out these articles: