Over the coming months, we’ll be taking a deeper dive into sectors, trends, and technologies that we believe represent compelling investment opportunities. In this edition, Alberto Gómez, Managing Partner, walks us through Adara’s perspective on cybersecurity, one of the key pillars of the firm’s investment thesis.
Cybersecurity remains a top priority for enterprises and governments around the world as the frequency and cost of attacks rise and potential risks turn into reality. Although the EU is working on a variety of initiatives to fight cybercrime and protect critical infrastructure, recent attacks like those on JBS, Kesaya, Accenture, and the Log4j flaw have revealed massive security gaps that still exist, and geopolitical rivalries only complicate addressing threats in a globally unified front.
Organisations are turning to the latest generation of cybersecurity technology to help them take a more proactive approach to cybersecurity, implementing solutions that provide long-term stability and interoperability over short-term fixes. In 2021, an unprecedented $21.8 billion in venture capital was poured into cybersecurity companies globally, with Q4 2021 setting a new quarterly record ($7.8 billion), smashing the previous record set in Q2 2021 ($5.3 billion) according to Crunchbase data.
While budget allocations and top executive attention remain high, a major shift in the cybersecurity industry is taking place, and enterprises are facing unprecedented challenges:
- Increasingly sophisticated attacks – Cybercriminals are getting smarter, increasing the need to protect new vulnerabilities constantly
- Expanding attack surface – Processes continue shifting to the cloud with an exploding number of web applications and interconnected devices alongside remote work arrangements, which are expanding the number and importance of vulnerabilities
- Cybersecurity vendor overload – Businesses are struggling to keep up with the onslaught of disparate solutions, driving demand for a more holistic approach to cybersecurity
- Shortage of cybersecurity talent – Facing a shortage of cybersecurity talent and the impact of the pandemic, organisations are seeking external expertise
We interpret the first two challenges (“1″ and “2”) as representing market opportunities for innovative offerings and disruptive technologies, and this informs where we seek to invest:
- Security awareness and training that produces real changes in user behaviour
- Protecting APIs, the top attack vector, with specialised and sophisticated security solutions
- Unifying the view and analysis of all external threats (deep and dark web included) to enable proactive digital risk management
- Leading edge threat intelligence tools to identify, profile, and manage sophisticated adversaries before a breach takes place
- Guaranteeing the security and governance of the increasing volume of processes developed and running on top of Low-Code SaaS platforms (e.g., Salesforce, ServiceNow, etc)
The other two trends (“3” and “4”) influence the business models and go-to-market strategies that may lead to success for such companies.
Increasingly sophisticated attacks & expanding attack surface
The opportunity: Increasing cybersecurity awareness training
Despite the advancements in cybersecurity technology, the “human factor” is still one of the primary vectors cybercriminals use to attack an organisation. According to IBM, 24% of data breaches are caused by human error, costing $3.9 million on average to remediate and 280 days to resolve. Common human errors that lead to data breaches include phishing scams, unauthorised access to corporate devices, and weak password protection.
Technology to detect these threats is improving; however, it’s still important that employees learn how to recognise and deal with them. There is a big opportunity for cybersecurity awareness solutions that can help organisations educate employees on the latest attack techniques and security best practices.
Italy-based Cyber Guru has developed a platform to educate employees around the dangers and pitfalls of information security. Companies that have employed Cyber Guru’s services report a 400% or more improvement in phishing resilience after only ten months of use.
The opportunity: Taking a more proactive vs reactive approach
As cyberattacks continue to grow in complexity and severity, there is an opportunity to take a more proactive approach overall, detecting threats before they happen.
With advanced analytics, deep human expertise, and the largest breach data collection on the planet (with over 100 billion attributes and 45 billion curated identity records spanning 125 countries and 53 languages), Constella Intelligence is one example of a company that is helping organisations anticipate digital risks and safeguard critical business interests. Constella Intelligence is already providing protection for more than 25 million users and over 100 organisations worldwide.
For the CISO seeking a more offensive approach, platforms such as CounterCraft provide deception techniques that force threat actors to reveal themselves during “pre-attack” phases of attack planning and reconnaissance, or during the internal lateral movement phase. This real-time threat intelligence can then be used to manipulate adversarial behaviour.
The opportunity: Protecting against API attacks
In addition to the “human factor,” APIs are set to become a top attack vector in 2022. With 83% of all internet traffic now occurring via API, and data leaks on the rise from faulty API security, the need for API-focused security solutions has never been greater. Most traditional firewall approaches are simply not adapted to cope with the specific threats that APIs create, and many companies still lack API-specific security measures.
There is a massive opportunity for startups to help companies secure their API and app ecosystems. For example, UK-based 42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection.
Cybersecurity vendor overload & talent shortage
The opportunity: Reducing security tool fatigue
One of the biggest challenges facing enterprises today is cybersecurity vendor overload. According to IBM estimates, enterprises are using as many as 80 different security products from 40 vendors.
With each new security product also comes an additional layer of processes and people to manage the solution. Many enterprises simply can’t keep up with the amount of effort it takes to integrate and control everything. Not to mention, the shortage of cybersecurity talent makes it difficult to hire and scale an organisation’s internal security team.
It has become an unscalable approach that doesn’t truly help companies reach the next level of threat defense. There is an opportunity for cloud-based, automated solutions that can help simplify cybersecurity management while maintaining the sophistication of individual security tools.
The opportunity: Maximising MSSP efficiency
As demand for digital risk protection, threat intelligence, and application security services continues to rise, we are likely to see demand for outsourced expertise increase with it. For many resource-strapped organisations, outsourcing security to Managed Service Providers (MSPs) offers clear advantages. While MSPs deliver general network and IT support, Managed Security Service Providers (MSSPs) focus on providing security services, which often include round-the-clock security monitoring and incident response.
MSSPs can provide the latest solutions and expertise to help protect organisations at a fraction of the cost of maintaining the same level of protection in-house. However, MSSPs are also dealing with an increasingly complex web of security tools and associated recurring costs. Margins are already thin, and MSSPs that can deliver more for less are in high demand. There are growing opportunities for solutions that can help manage this complexity and integrate seamlessly with existing tools to help give back time to MSSPs.
Partnering with the next-generation of cybersecurity startups
Over the past 15 years, we have partnered with great cyber teams running companies that have gone through pivots and critical decisions that transformed them into global leaders.
We believe this will be a truly transformational decade, and we’re ready to play our part in building it. We understand the challenges of growing, and we are always on the lookout for opportunities to help exceptional founders take the next steps. We provide startups with tangible tools to support networking and relationship-building, talent recruitment, and much more.
Building something great in cyber? Get in touch with us.