Is The Cybersecurity Bubble About To Burst?

Cybersecurity stocks are way down in 2016 so far, but venture capital money still flows.

The stock markets in general have been delivering a lot of bloody noses in the year to date, but one of the particularly big surprises in this downward slide has been the absolute beating cybersecurity companies are taking. In this age of data breach fears and increasing security spend, these firms have long been vaunted as recession-proof. But the industrys notable public firms are looking worse for the wear in 2016.
So, the question is, have we reached peak cyber?
On one hand, the cybersecurity startup world experienced an explosion in financing in 2015, and a number of announcements in the last month and a half have shown that venture capital (VC) still continues to flow. But on the other, theres the aforementioned fact that the already established players have been hit hard. Whats more, rumblings are growing louder of cybersecurity startups being overvalued. Word on the street is that VC scrutiny prior to financing has ratcheted up, even if the cash flow itself hasnt been cut off just yet.
The Good
First for the positive signs. Last year was a landmark in financing for cybersecurity, with deals totaling $3.8 billion, according to CB Insights analysis. Thats a 235% growth rate over the last five years. According to Steve Morgan, CEO with
Cybersecurity Ventures
, the VCs have done the math around cybercrime and it seems theyve concluded theres a huge upside in the cybersecurity sector, in spite of poor public cybersecurity performance at the moment.
I think the requirements are largely the same as theyve always been - VCs look for strong founders with proven track records, strong management teams, fully developed technology platforms and products in large addressable markets, and ultimately a vision towards a liquidity event IPO, merger, acquisition that will pay dividends on their investment, Morgan says. Theres a lot of cybersecurity companies who line up to this criteria--and thus why we are seeing so much money flowing into startups and emerging players in cyber.
The 2016 continuation of that narrative has been backed by a slew of big VC deal announcements in the past month. ForeScout garnered $76 million and Shape Security
scored $25 million
in late stage funding in late January. Meanwhile a new name to the market is Fireglass, an Israeli firm in stealth mode with plans to launch at RSA, which
announced $20 million in Series A funding
. And Digital Shadows, which has been amassing a heavy-hitting roster of security veterans to its leadership ranks just Tuesday announced it picked up
$14 million in Series B funding this week
.
The question is, at what point does the market reach saturation? As one VC told Mahendra Ramsinghani, founder of Silicon Valley cybersecurity seed fund Secure Octane, for a
piece recently in TechCrunch
, “I have seen at least 40 FireEye killers in the past 12 months.”
In spite of that, Morgan points to the 126% growth of security spend predicted by analysts with MarketsandMarkets, combined with 1 million current cybersecurity job openings as evidence that the industry still has plenty of room to grow.
At some point all markets saturate - but I dont think we are anywhere near a saturation point. IBM grew their security business by 12% last year, or by another half billion dollars, he says. Ciscos security business saw similar growth. Dell is spinning out its SecureWorks business as an IPO. The large players do a lot of their own market research and theyve made very calculated moves in to cybersecurity - because they recognize cyber is one of the fastest growing markets in the tech industry.
The Bad
Nevertheless, there are signs showing that 2015 likely was the peak for the time being for cybersecurity funding. It could be that the recently announced funding rounds may be the tail end of the feeding frenzy. Last month,
Mike DeCesare, CEO of ForeScout told
Financial Times
that he felt his firm barely squeaked through with its funding round before less optimistic investors really tightened the screws on cybersecurity funding, reporting that the investment environment has tightened up considerably in the last six months.
Even people considering relatively small investments of [$5 million] are asking for five or 10 due diligence meetings to understand the assets,” he told
FT
. “I’ve never heard investors challenge the path to profitability.”
And for its part, Forescout is also
holding tight on long-held IPO plans
due to worries that its $1 billion valuation would not hold its value if it went public at the moment.
These valuation concerns are likely what eventually drove iSight Partners
into the arms of FireEye
for $200 million in January. That was less than a quarter of its previous valuation. Back in August 2015, then-CEO John Watters
told Bloomberg
that the firm was planning a late 2016 IPO but that it wouldnt do so at anything less than a $1 billion valuation.
The Ugly
And then lets look at those who have already made their exits or are part of the security old guard. Here are some of the ugly stock losses in the year to date:
·      Imperva: -46.44%
·      Barracuda -44.57%
·      Fireeye -42.04%
·      Rapid7 -37.48%
·      Fortinet -23.52%
·      Cyberark -22.09%
Bullish folks might say this cant be looked at in isolation.
I think we are seeing a normalizing of the market, not a crash or anything like that. There was not an isolated fallout in the cybersecurity sector, Morgan says. Rather, cyber stocks came down with the rest of the tech industry - and I expect that cyber will be the cream that rises to the top of tech when the market rebounds.
Those like Morgan believe the cybersecurity losses are a function of a painful correction the market is experiencing as a whole. However, the current numbers tell that story with a twist.
Even as they drown in red ink, the markets overall are outperforming cybersecurity stocks. The NYSE composite is down only by 9.44% for the year and even the tech-heavy NASDAQ composite is only down by 14.76%. Thats a brutal stat but nothing compared to the likes of Imperva, Barracuda, FireEye, and Rapid7, which more than double the losses. Things are looking badly enough at Barracuda--which has declined in value by 69% in the last 12 months--that it
may be looking for buyers
with the help of Morgan Stanley.
Cybersecurity stocks are also faring more poorly than the general tech sector. Using some of the popular tech sector ETFs as a benchmark, the losses are averaging around 10% to 15% at the moment.
These are numbers that cant be ignored and may affect the way public companies--as well as late-stage privates approaching their exits--make their management and go-to-market decisions. Meanwhile, if venture capital does drop off, those less mature start-ups may not have as much capital to make good on the product roadmaps promised to their early customers.
Ultimately, in a volatile market like this one, its caveat emptor for security decision makers as due diligence plays an even more important role than ever in products and services acquisition.
Find out more about
security industry trends
at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas.
Register today
and receive an early bird discount of $200.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps