Nofar Schnider.

Analysis
Will the cybersecurity party come to an end in 2023?

"Enterprises now seek to rationalize their large and often overlapping security stacks and expect cybersecurity startups to provide them with quantifiable ROI. This can be challenging for early-stage companies - especially given the abundance of similar solutions," writes Nofar Schnider of StageOne Ventures

The market slowdown continues to hit funding, and this bears out in Q1 2023 reports. Yet as cyberthreats grow alongside legal and regulatory requirements for cyber protection, we will probably continue to see incredible cybersecurity startups form and grow all over the world. The cyber market will continue to flourish despite fallout from the rocky global economic climate.
As we move into Q2 2023, I thought it would be an excellent time to take stock of where the cybersecurity market currently is, how we got here, and where we’re headed.
1 View gallery
Nofar Schnider
Nofar Schnider
Nofar Schnider.
(David Garb)
Cybersecurity funding slowed, yet confidence remains high
While the global cybersecurity market cooled down in 2022 along with the rest of the global economy, it remains a multi-trillion-dollar force to be reckoned with. According to McKinsey’s survey from October 2022, the cybersecurity market reached $150 billion and is growing by 12.4% annually.
Total global investment in cybersecurity bears out this strength. Cybersecurity funding hit an all-time high in 2021 with $22.8 billion invested globally, then dropped by a third in 2022. Despite this, the 2022 venture total still represents a 68% increase from 2020 — which was the high watermark for venture funding in the industry until 2021.
The U.S. remains far and away the largest investment geography, with nearly $57 billion invested from Q1 2017 through Q4 2022. Further down the scale, investors entrusted $6.7 billion to Israeli cybersecurity companies during that period and $5.5 billion in Chinese ventures. The UK and France trailed behind, with $3.7 billion and $0.8 billion, respectively.
Investment in Israeli cybersecurity
The Israeli cybersecurity market tracked global investment and economic trends, with cybersecurity investments peaking in 2021 at $2.8 billion (over 10% of global funding during that year!) yet declining QoQ during H1 2022 by some 25%.
Despite this, investor confidence in Israeli cybersecurity ventures remained strong in 2022. While overall investment amounts were lower, early-stage deal share rose to 75% in H1 2022, compared to 59% in 2021 – indicating the resilience of Israeli cybersecurity as a whole. Late-stage deal share during this period dropped dramatically – aligning with the weak state of public markets.
In line with trends in investment, Israeli cybersecurity unicorns grew at an unprecedented rate during 2021 – with a total of 36 by the end of that year, up from just 6 in 2021. By H1 2022, however, the number of new Israeli unicorns had reached just over half the total of 2021, indicating more conservative valuations alongside the slowdown in new late-stage investments.
Exits – Fewer IPOs, more M&As
The decade from 2011 to 2020 saw significant growth in cybersecurity M&A activity, as technology and cybersecurity companies bought smaller cybersecurity companies to expand their offerings and customer base.
Total exit deal value peaked in 2018 at $15.1 billion, then dropped through 2020 to $6.8 billion. Similarly, cybersecurity IPOs peaked in 2016 at nine offerings, then dropped to just two in 2020.
Experts expect the IPO window to remain more or less closed for cybersecurity companies until public markets fully recover, in late 2023 at the earliest. That said, exits in the form of M&A – which fell in H1 2022 to 26, the lowest level since 2020 – are expected to rise as valuations of cybersecurity companies decline.
Trends: Where are we headed?
In recent years, we’ve seen a few cybersecurity trends form:
  • As remote work became common, organizations shifted to consider the expansion of the attack surface - covering use cases they never had to deal with before.
  • There has been increasing emphasis on identity security, as misuse of credentials became a primary attack vector.
  • Organizations are starting to treat developments and deployments as business critical and use DevSecOps techniques. This includes the adoption of enhanced objective-driven SecOps automation - alert pipeline management, threat intelligence, ticketing and workflow, and threat detection systems.
  • Companies are focusing on digital supply chain risk – especially for in-house and external code and libraries, as attacks on software supply chains escalate.
  • Customers are looking to buy unified cybersecurity platforms and solutions instead of acquiring several solutions where possible - with a single console, integrated ML, orchestration, automation, and third-party integrations.
Also, enterprises now seek to rationalize their large and often overlapping security stacks and expect cybersecurity startups to provide them with quantifiable ROI. This can be challenging for early-stage companies - especially given the abundance of similar solutions. Today’s cybersecurity startups need to work harder to differentiate themselves. They also need to offer more holistic solutions in light of the significant drive towards security stack consolidation among large-scale cybersecurity customers.
Nofar Schnider is a Principal at StageOne Ventures