The cybersecurity investment landscape is evolving as the sector adjusts to shifting market dynamics and investor priorities. But what factors will influence valuations, risk management and deal flow in 2024?
Valuation trends reflect market maturity
Valuations in the cybersecurity sector, which surged to unsustainable levels during the technology boom of 2021 and early 2022, have since stabilised. According to William Lin, CEO and co-founder of AKA Identity, the cooling off has been noticeable, particularly in early-stage startups. “We’ve seen more reasonable valuations, especially for early-stage startups, and that’s a welcome change for investors,” he said in a panel discussion at GITEX 2024. This correction follows a period when venture capital firms were caught in a frenzy of high valuations and inflated expectations, particularly in emerging sectors like artificial intelligence (AI).
Lin pointed to a broader trend in venture capital where companies are increasingly valued based on future rounds of capital rather than their immediate financials. “We’re not using discounted cash flow analysis but looking at what they might be worth in the next round of capital,” Lin explained.
He emphasised that this speculative approach can lead to volatility, particularly when investors try to predict a company’s trajectory based on market trends rather than current financial performance.
Fernando Martins, Investment Director at Bright Pixel Capital, echoed Lin’s observations, pointing to a significant increase in deal activity in the first half of 2024, with 129 deals completed and 39 additional transactions in progress.
He referenced Google’s failed $23 billion acquisition attempt as an example of outlier valuations that continue to surface in the market. “Even though the deal didn’t go through, putting $23 billion on the table was remarkable,” Martins said. He noted that while large deals attract attention, the overall trend is toward more measured valuations.
Expertise is key in cybersecurity investments
Investing in cybersecurity, particularly in the early stages, requires deep expertise in both technology and market needs. Dr Chenxi Wang, who leads Rain Capital, a Silicon Valley-based early-stage investment fund, emphasised the importance of understanding the specific problem a company is solving. “You have to assess if this is a good area to focus on, and if the team has the right expertise to execute,” she said. This is especially crucial in cybersecurity, where technical knowledge and market timing are critical to a company’s success.
Dr Wang’s remarks highlight a common theme in cybersecurity investing: the need for investors to have a solid grasp of both the technological landscape and the evolving threat environment.
Unlike other sectors where product-market fit might be sufficient for early-stage funding, cybersecurity requires a more nuanced approach, considering the complex interplay between innovation and emerging security threats.
Martins, whose firm invests from seed to Series B, underscored the role of the founding team in determining a company’s potential for success. “We tend to invest in second-time founders, people who have already been through the process. It doesn’t guarantee success, but it’s a key factor we look for,” he said. Martins’ focus on team quality reflects a broader trend in venture capital, where investors are increasingly betting on experienced founders to mitigate the risks associated with early-stage ventures.
Managing risk and allocating capital
The panellists also discussed the strategies investors use to manage risk in a volatile sector like cybersecurity. Lin explained that venture firms must diversify their portfolios to avoid overexposure to any one technology or market trend. “If you over-index on something like cloud security, and the cloud industry takes a downturn, you’re in trouble,” he said. Diversification across different cybersecurity sub-sectors, such as identity management, cloud security and network protection, allows investors to spread risk and capture opportunities in emerging areas.
Martins highlighted the different risk profiles across funding stages, noting that early-stage investments are inherently more speculative. “At the seed stage, you have little visibility and few data points, so you’re operating on a power law—investing broadly and hoping a few will succeed,” he said. By the time companies reach Series A or B, investors have more visibility into the business, allowing for more targeted bets on companies with proven traction. “As you get more data, you can be more selective and take less risk,” he added.
Lin expanded on this, explaining how venture capital firms manage their exposure to high-growth companies. “You should double down on the companies that are doing well,” he said. By increasing investments in successful companies, venture firms can maximise returns and build a portfolio of high-value assets. “It’s about making sure you have more skin in the game with the winners.”
The risk of overvaluation
The conversation also touched on the challenges of overvaluation, particularly in fast-growing sectors like AI. Lin recalled a conversation with a founder who raised capital at a $500 million valuation. While the founder celebrated the high valuation, it also created new challenges. “He was stressed because he’s no longer a candidate for M&A. At that valuation, he either has to become a multi-billion-dollar company or go public,” Lin said.
This binary outcome—either scaling to an IPO or becoming an acquisition target—creates pressure for founders and investors alike. Dr Wang pointed out that investors must consider whether a company can secure funding in future rounds. “If the valuation is too high, it puts pressure on the next round, and if the next round doesn’t come through, the company could face a down round,” she said.
The future outlook for cybersecurity investments
Despite the challenges, the panellists expressed optimism about the future of cybersecurity investments. Lin noted that after a downturn in early 2024, the market has shown signs of recovery, partly driven by stabilising interest rates and renewed investor confidence. “The second half of 2024 has looked healthier, and that’s encouraging,” he said.
Dr Wang emphasised that the growing demand for cybersecurity solutions ensures a steady pipeline of opportunities for both startups and investors. “The need for cybersecurity expertise isn’t going away, and that creates a strong market for innovation and investment,” she said.
As cybersecurity continues to evolve, investors are increasingly focusing on companies with strong technical teams, clear market fit and sustainable growth strategies. While valuations may fluctuate, the underlying demand for robust cybersecurity solutions provides a solid foundation for long-term growth in the sector.
