Article originally published in TechCrunch.
Just when we thought things couldn’t get worse in 2020, we received the news on the SolarWinds hack and its impact on more than 18,000 businesses and potentially dozens of US government agencies — including the departments of Commerce, Energy and Treasury. We’re just beginning to understand the extent of their infiltration, but this story brings to light what the cybersecurity industry has already known: solving the cybersecurity problem will take more time and resources than we are currently allocating.
Adding to the challenge, COVID-19 has created ground fertile ground for the acceleration of cyberattacks that are more sophisticated, dangerous, and prevalent. In this dire setting, cybersecurity has become even more of a competitive and a national security imperative and created higher demand for new solutions. This is something we all, enterprises, startups, government, and investors, need to work together to solve. So, from the venture capital perspective, where are cybersecurity investments being made, and where is the talent coming from to help stem the onslaught of hacks?
California’s Silicon Valley has traditionally been the epicenter of cybersecurity innovation. It’s home to some of the largest cybersecurity companies including MacAfee, Palo Alto Networks, and FireEye, as well as more recent highflyers such as CrowdStrike and Okta, providing a robust talent base for many willing venture investors.
However, that’s rapidly changing. Cybersecurity expertise is now budding in new regions where there is talent and a hands-on recognition of the need for innovative solutions. In particular we are seeing growth in areas such as the East Coast of the US and in Europe, led by the United Kingdom. Investment in Silicon Valley cybersecurity startups remained flat in 2020 as we are seeing record venture funding of cybersecurity companies in these emerging regions. And the reasons why may mean better solutions to solve current and future cyber needs.
The Emergence of a New Cybersecurity Ecosystem
A new generation of cyber-experienced practitioners coming from government and financial services are becoming the next generation of entrepreneurs. Fueling new innovation, this newest breed of cybersecurity startups in emerging in cities like New York, Washington DC, and London, and away from Silicon Valley. East Coast businesses like IronNet, founded by former NSA director General Keith Alexander, is one example of this growing trend of new leaders coming from federal government backgrounds.
These new cybersecurity leaders with front-line experience are developing solutions that fix the problems they faced as customers and, thanks to COVID-19, are hiring the best talent to join them regardless of their location. The pandemic has accelerated remote working trends, increasing more flexible location working opportunities in the cybersecurity industry. These companies are creating advantages over their West Coast counterparts in the ability to recruit better talent, lower costs, and closer proximity to customers and prospects.
As this expansion continues, it will inevitably dilute Silicon Valley’s domination of the cybersecurity sector. Now, new security companies flush with incredible talent and potential are attracting investors from around the world. To accurately understand this changing landscape, we scrutinized data on how the East Coast and Europe are currently shaping up against California, and the results clearly demonstrate a shifting landscape.
US - East Coast vs West Coast
Venture capital’s relentless search for alpha is shifting focus from California to other traditional venture-rich areas such as New York, Boston and the greater Baltimore - Washington DC area. However venture investment is also growing in new emerging tech areas such as Ohio and Illinois. Several large investments have driven East Coast funding to record levels in 2020, including a $150M fundraise by Snyk, a developer of security analysis tools located in Boston and a $83M fundraise from Dragos, a Maryland-based rising industrial cybersecurity company. In 2020 YTD, there was a total of $849M in venture capital investments across 53 companies on the East Coast, a 289% increase over 2019.
The East Coast is closing the gap on California in the number of early-stage cybersecurity companies being funded, with $1.14B invested into the Series A venture rounds of 101 companies vs. $1.5B invested into 135 companies in California over the last five years. One reason is the region’s advantage in access to talent coming from the headquarters of multiple intelligence organizations and the most prestigious educational institutions providing cybersecurity education.
UK/Europe Growing with Government Support
Although smaller, the UK and Europe’s cybersecurity venture ecosystem is also rapidly growing as venture investors join government innovation programs across the continent initiatives, form startup hubs, and attract funding from investors. Cybersecurity venture funding has increased in recent years, and is showing even more potential for future growth with stronger growth in early-stage deals.
With only a few US-based firms investing in Europe, growth has been largely driven by European-based venture capitalists or cross-regional funds like C5 Capital. Over the past five years, Europe has reported increasing numbers of Series A and Series B rounds, showing promise to be a new epicenter for cybersecurity innovation. Fueled by important financial hubs in Luxembourg and Switzerland, Europe received $391M in funding across 20 deals in 2020, an increase of nearly 20% over 2019.
London has taken a significant lead in venture funding over other European cities, but other notable hubs include Berlin, Paris, Amsterdam, Barcelona, Madrid, and Stockholm.
Delivering on the Next Generation of Cyber Innovation
Silicon Valley has been successful in making the big bets in later venture rounds to help startups rapidly scale once they have locked in their product-market fit. In other regions, especially in the UK and continental Europe, startups have often exited or reached a plateau without taking additional growth funding. This may be due, in part, to a founder’s lack of commercialization experience, or the availability of capital.
What has been missing in these regions is smart growth stage capital to drive further innovation and scale. Late-stage cybersecurity investments, such as Series C funding rounds, pay off for both companies and investors, with annualized returns nearly as high as riskier Series A rounds. With better access to capital and worldwide talent, there will be further opportunities outside Silicon Valley to scale and create a new wave of solutions to solve today’s cybersecurity problems. In 2021, expect to see an increase in cybersecurity funding for companies in these new regions that have strong, innovative and unique offering to help ensure a much-needed, secure digital future.
About William Kilmer
William Kilmer is managing partner with C5 Capital, a venture capital fund investing in the secure data ecosystem. He was formerly an Operating Partner at Mercato Growth Partners and served as CEO and Chairman of PublicEngines (Acquired by Motorola), and Avinti (merged with M86 Security) and serviced as Chief Marketing Officer / Chief Strategy Officer of M86 Security (Acquired by Trustwave). He previously worked as the Managing Director of Intel Capital Europe, based in London.