Money pours in for anti-hacking firms

Breaches have fuelled concerns among companies and governments. PHOTO: ST FILE

(NYTIMES) - As cyber attacks proliferated this year, Mr Sanjay Beri, chief executive of Netskope, received a phone call. Then an e-mail. Then more messages.

All were from venture capitalists who wanted to invest in his company. Given the ransomware attacks and nation-state hacks that were making headlines, they told him, companies that made security products had a bigger market and mission than before.

"We weren't looking for capital," said Mr Beri, who founded the cloud security start-up in 2012, but the cyber attacks "definitely increased their interest."

After bids from seven investors, Netskope raised US$300 million (S$407 million) recently at a valuation of US$7.5 billion, up from a US$2.8 billion valuation last year.

Recent global cyber attacks have taken down operations at oil pipelines, hospitals and grocery chains, and potentially compromised some intelligence agencies. But they have been a bonanza for one group: cyber-security start-ups.

Investors have poured more than US$12.2 billion into start-ups that sell products and services such as cloud security, identify verification and privacy protection so far this year. That exceeds the US$10.4 billion that cyber-security companies raised in all of 2020 and is more than double the US$4.8 billion raised in 2016, according to the research firm PitchBook, which tracks funding. Since 2019, the rise in cyber-security funding has outpaced the increase in overall venture funding.

The surge follows a slew of high-profile ransomware attacks, including against Colonial Pipeline, software maker Kaseya and meat processor JBS.

The breaches have fuelled concerns among companies and governments, leading to increased spending on security products. Worldwide spending on information security and related services is expected to reach US$150 billion this year, up 12 per cent from a year ago, according to the research company Gartner.

All of this is set to drive business for cyber-security companies, creating a potential windfall that has excited investors. The average valuation of cyber-security companies raising funds this year has more than doubled to US$524 million from $222 million last year.

The funding frenzy has been building for months. The Covid-19 pandemic provided momentum when companies shifted to remote work, which required securing those remote-access systems, investors and executives said.

The ransomware attacks have given the funding wave a further boost.

In January, Lacework, a cloud security start-up in San Jose, California, garnered US$525 million in funding. Investors reached out because of Lacework's products, which use artificial intelligence to identify threats, said Mr Andy Byron, the company's chief resource officer. In total, Lacework has raised US$625 million since it was founded in 2015.

Mr Mike Speiser, a venture capitalist at Sutter Hill Ventures, which led Lacework's January financing, had no problem getting other investors to participate, he said.

"I called the five people that I thought were the best investors and asked them if they were interested. They were all interested, and within 48 hours we had a deal," he said. "One hundred per cent of the people I called said they wanted in. We could have raised well over US$1 billion."

Netskope's Mr Beri said that with cyber-security threats mounting, the funding boom was likely to continue. "Many investors are not security-savvy," he said. "But when your next-door neighbours go, 'Hey, what's up with this ransomware stuff', then you know that it's reached public consciousness. From an investor's perspective, when something hits the average person's mind, they realise: 'Wow. This is here to stay'."

Join ST's Telegram channel and get the latest breaking news delivered to you.