
Cyber threat holds silver lining for investors

In the second part of our cyber security series, Amy King looks at the investment opportunities awarded by this thriving sector - for established brands and newcomers alike.
Read the first part of our analysis here
The persistent and pernicious threat of a cyber attack has fostered a growing number of cyber security companies and a new target for private equity investment. Combined with the relatively lacklustre uptake of heightened cyber security measures among corporates, potential for growth is huge. Indeed, cash is being ploughed into the space. According to unquote" data, investment in the cyber security segment reached a five-year peak in 2013.
"Although it's important, cyber security isn't given as much attention as it could or should be," says Alex van Someren, managing partner of early-stage funds at Amadeus. "And of course, that's an incentive for me to invest in the space, because when there are relatively few sources of capital, one can potentially get involved in the most interesting field. I'm sure that won't be an advantage we hold forever though."
The VC's latest fund, Amadeus IV Early Stage, includes cyber security among its focus. And while generalist VCs are launching sector-focused vehicles across the globe, such as Jerusalem Venture Partners' seventh fund, new entrants are coming into the market with a sole focus on cyber security. Earlier this month, C5 Capital completed its second investment, committing $8m to IT security systems provider BalaBit. Launched by Nazo Moosa, a former member of Carlyle's European tech team, the vehicle has a target of $125m and is raising funds from high-net-worth individuals and family offices across the US, Europe and the Middle East, sidestepping institutional investors and focusing on a relatively small vehicle.
Moosa came to London in 2000, the year Carlyle closed its first European tech fund on $730m. "At the time, it was one of the first dedicated tech funds in Europe and Carlyle had a strong defence and security focus then," says Moosa. "Our view was that security is a really tricky area to invest in. Security has always been one of the most dynamic aspects of the tech market – if you're going to invest in the segment, you have to take a specialist rather than generalist approach."
Cue the birth of C5 Capital, which, interestingly, was born from LP demand. "They decided to pool their capital and look for the right person and strategy," says Moosa. "They really believed there needed to be a dedicated European fund focused on security, and they were willing to put their money behind it." From LPs to GPs, appetite is strong for cyber security.
Every cloud
"The market is ripe for change and investment," says Marcos Battisti, managing director for western Europe and Israel and vice president at Intel Capital. "Market trends are driving the need for security. Take the Internet of Things for example, where you have sensors in your house. That's a positive, but it's also a threat as you're opening everything up. There's a need for really robust security."
Add to that the threat of cyber attacks on corporates, as explored in yesterday's analysis, and the hunger for cyber security start-ups is strong. "More importantly, this is all on the back of the fact that big, traditional security players all have platforms that need complementing, because they were not prepared for the threats they are starting to come across," says Battisti. And given the reduced spending on R&D and acquisitions that came to define the corporate landscape during the recession, exit routes are open. "It's a perfect storm," he says.
Furthermore, the breadth of the cyber security space gives it an arguably more attractive risk profile. "From a risk perspective, some of the funds that have historically been single-sector focused have had difficulty because the private equity industry is very cyclical," says Moosa. "And then when you add the cyclicality of another industry, that makes it quite risky as the issue is compounded. But business security is not a single sector; it draws on business services, technology, aerospace, defence... there is no single dependence."
Stoking the firewall
It is clear to see the bait that is luring in investors. But is the market becoming overcrowded? "If you look at cyber security, there are some players, us included, that have traditionally invested in the security software space," admits Battisti. "They took their foot off the pedal a bit after the Palo Alto Networks exit, because it drove valuations up drastically and drove a lot of new players coming in," he says, referring to the listing of firewall maker Palo Alto Networks in 2012. Backed by investors including Sequoia Capital and Greylock Partners, the company's listing gave it a $2.8bn market cap. Founded in 2005, the company's share price jumped 26% on the first day of trading on the New York Stock Exchange, closing on $53 per share. "The question is – are they coming in on the back of an exit without necessarily having the core expertise and just driving prices up?" asks Battisti.
Valuations in Europe certainly are not as overheated as they are in the US – where Tanium recently raised $90m in a series-A round from Andreessen Horowitz, marking the San Francisco-based start-up's first injection of institutional money – though they are creeping up. According to Moosa: "Europe is very different from the US, where you have companies that raise $100m in series-A capital and trade at more than 20x revenue on the Nasdaq. The European environment is very different. In Europe you clearly don't have the same volume of transactions, so it's more about finding those deals as opposed to competing in overheated auction processes."
While investors with an existing track record may benefit from an established brand that opens doors into later-stage, less risky investments, extensive knowledge of the sector is key if smaller VCs are to source the right deals and avoid overheated auctions. "It's extremely valuable to have some background and experience as it is quite a complicated field. The challenges of maintaining freshness are considerable, frankly," says van Someren, founder of nCipher – a developer of internet security products that raised £14m in venture capital funding before listing on the LSE in 2000 at a £350m valuation. From big brands to new outfits, knowledge is power in the cyber security sector. Will David or Goliath win the deals?
Latest News
Stonehage Fleming raises USD 130m for largest fund to date, eyes 2024 programme
Multi-family office has seen strong appetite, with investor base growing since 2016 to more than 90 family offices, Meiping Yap told Unquote
Permira to take Ergomed private for GBP 703m
Sponsor deploys Permira VIII to ride new wave of take-privates; Blackstone commits GBP 200m in financing for UK-based CRO
Partners Group to release IMs for Civica sale in mid-September
Sponsor acquired the public software group in July 2017 via the same-year vintage Partners Group Global Value 2017
Change of mind: Sponsors take to de-listing their own assets
EQT and Cinven seen as bellweather for funds to reassess options for listed assets trading underwater