Cybersecurity: A Short History, Modern Category Growth and Deal Environment

by | Jul 9, 2024

Cybersecurity is the practice that systematically employs advanced products and skilled personnel to safeguard sensitive data across various industries, including financial records in banking, HIPAA records in healthcare, and classified contracts in government sectors. In 2024, the total global investment in cybersecurity approaches $182 billion, with the majority (95%) of this expenditure driven by government or enterprise cyber spending.

That market – growing 12.7% annually – is expanding in line with the threat landscape. This year, the exploitation of vulnerabilities as an initial point of entry accounted for 14% of all breaches, almost tripling from 2023 to 2024. According to a press release from Verizon, ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches this year. The remaining (68%) involve a person making an error or falling prey to a social engineering attack.

Even the government has cybersecurity on the front burner. In February 2024, Biden issued the most significant executive action ever taken by a President to protect Americans’ data security. The Executive Order empowers the Attorney General to block the large-scale transfer of Americans’ personal data to countries of concern. It also establishes safeguards for other activities that could grant these countries access to Americans’ sensitive data.

According to IBM, the average cost of a data breach in 2023 was $4.45M

A short, technical history

Cybersecurity encompasses various specialized areas, each with its own set of challenges and opportunities. To understand the opportunities today, it is necessary to evaluate each field independently and to know about how network security practices have evolved over the years.

Firewalls, Threat detection, Anti-Virus: What are the holes?

At the dawn of digitization, companies used firewalls to secure their network data centers. A firewall acts as a gatekeeper, delineating who receives access and functioning in the binary: one person is granted access to come in, another person is not. But different businesses have different environments so the trifecta of firewall, threat detection, and anti-virus software is not necessarily enough. Effective cybersecurity goes beyond a CISO-led purchase of SaaS products. It demands the expertise of cybersecurity professionals. It is easy for organizations to put their hand in the sand and think that they have done enough but “set-it-and-forget-it” security solutions don’t work today – if they ever did.

The rise of the Managed Security Service Provider (MSSP)

An MSSP is a company that remotely services a customer’s IT infrastructure and end-user systems to protect against cyber threats. MSSPs leverage a number of strategies including continuous monitoring of networks, incident response to security incidents and breaches, vulnerability management, threat intelligence on emerging attack vectors, compliance management, security assessments and maintenance of devices such as firewalls and intrusion detection / prevention systems (IDS/IPS) systems. MSSPs also provide a 24/7 monitored Security Operations Center (SOC).

Covid: Connectivity for a remote workforce

Firewalls, threat detection systems, and a 24/7 Security Operations Center (SOC) manned by analysts provide robust perimeter-based security. However, challenges arise when we take users outside the perimeter of that network and connect them in through a VPN. Each internet-facing firewall – whether in a data center, cloud, or branch office –becomes an attack surface vulnerable to exploitation. When Covid spurred the movement toward remote work, the challenges associated with existing security architecture became far more pervasive.

Employees working from home networks are significantly less secure than those on corporate networks, making them more susceptible to ransomware attacks. If one member of a household is compromised, attackers can potentially infiltrate the entire home network. Once inside, they move laterally, targeting high-value assets for ransomware and other malicious activities. Attackers often leverage SaaS, IaaS, and PaaS to establish backchannels and exfiltrate data. On average, for every 100 employees there are 5+ active keys found leaked in the cloud.

 

 

The number of employees using cloud collaboration tools increased by 44% in the first year of the pandemic

Cyber Deal Environment

The cybersecurity market sentiment as of late has been robust, with climbing transaction counts and recovering valuations. May 2024 saw a total of 22 M&A cyberspace transactions with a total disclosed deal volume of $8.9B. Some prominent deals last month included HG’s acquisition of AuditBoard for $3.0B, Clearlake Capital and Francisco Partners’ acquisition of Synopsys’ Software Integrity Business for $2.1B, and CyberArk’s acquisition of Venafi for $1.5B. In sum, M&A deal count increased 5% YoY in May while the dollar deal volume increased 648% YoY. This month also saw a total of 68 financing transactions with a dollar deal volume of $1.8B. Notable deals include Wiz’s $1.0B Series E raise, Alkira’s $100M Series C raise, and Babylon Chain’s $70M Early Stage raise. Overall financing deal count increased 5% YoY in May while dollar deal volume was up 415% YoY.

Cloud, IoT and AI have exploded the sample set of problem spaces but also birthed some of their most interesting solutions. Below are seven of the most topical developments in cyber today:

 1. Cloud Security:

a. Cloud Security Posture Management (CSPM)

b. Cloud Detection & Response / Cloud Investigation and Response Automation (CDR/CIRA)

2. Identity & Access Management (IAM):

a. Human identity access & management (MFA / SSO / Biometrics / Passwordless)

b. Non-Human Identity (NHI)

3. Security in the World of AI:

a. Automated security

b. LLM security

c. Deepfake detection

4. Network Security & SecOps:

a. Network security

b. Zero-trust frameworks

c. SecOps

5. App Security:

a. Web-app firewalls

b. API protection

c. Kubernetes management

6. IoT and Endpoint Security:

a. IoT protection

b. Endpoint protection

7. Data Protection / Data Loss Prevention (DLP):

a. Data lakes

b. DLP SaaS

Where are we heading? 

Category creation and growth is further evidenced by investor sentiment. The general consensus at RSA this year was that overall cyber funding levels are healthy and sustainable. This year, despite a handful of down and flat rounds, there has been a noticeable uptick in investor interest and actual investment. Cybersecurity makes up 5% of what businesses spend, is growing at a 12% CAGR and shows no signs of slowing: The advent of LLMs (and their resulting infrastructural complexity) will be a watershed moment for CISO budget expansion.

—–

We at Lotus are incredibly excited by the tech that fuels Cybersecurity. If you are an investor, researcher, or founder in the space: reach out at ayla.j@thelotuscapital.com – I would love to chat with you.