Cybersecurity: A Short History, Modern Category Growth and Deal Environment
Cybersecurity is the practice that systematically employs advanced products and skilled personnel to safeguard sensitive data across various industries, including financial records in banking, HIPAA records in healthcare, and classified contracts in government sectors. In 2024, the total global investment in cybersecurity approaches $182 billion, with the majority (95%) of this expenditure driven by government or enterprise cyber spending.
That market – growing 12.7% annually – is expanding in line with the threat landscape. This year, the exploitation of vulnerabilities as an initial point of entry accounted for 14% of all breaches, almost tripling from 2023 to 2024. According to a press release from Verizon, ransomware and the meteoric rise of extortion techniques accounted for a third (32%) of all breaches this year. The remaining (68%) involve a person making an error or falling prey to a social engineering attack.
Even the government has cybersecurity on the front burner. In February 2024, Biden issued the most significant executive action ever taken by a President to protect Americans’ data security. The Executive Order empowers the Attorney General to block the large-scale transfer of Americans’ personal data to countries of concern. It also establishes safeguards for other activities that could grant these countries access to Americans’ sensitive data.
According to IBM, the average cost of a data breach in 2023 was $4.45M
A short, technical history
Cybersecurity encompasses various specialized areas, each with its own set of challenges and opportunities. To understand the opportunities today, it is necessary to evaluate each field independently and to know about how network security practices have evolved over the years.
Firewalls, Threat detection, Anti-Virus: What are the holes?
At the dawn of digitization, companies used firewalls to secure their network data centers. A firewall acts as a gatekeeper, delineating who receives access and functioning in the binary: one person is granted access to come in, another person is not. But different businesses have different environments so the trifecta of firewall, threat detection, and anti-virus software is not necessarily enough. Effective cybersecurity goes beyond a CISO-led purchase of SaaS products. It demands the expertise of cybersecurity professionals. It is easy for organizations to put their hand in the sand and think that they have done enough but “set-it-and-forget-it” security solutions don’t work today – if they ever did.
The rise of the Managed Security Service Provider (MSSP)
An MSSP is a company that remotely services a customer’s IT infrastructure and end-user systems to protect against cyber threats. MSSPs leverage a number of strategies including continuous monitoring of networks, incident response to security incidents and breaches, vulnerability management, threat intelligence on emerging attack vectors, compliance management, security assessments and maintenance of devices such as firewalls and intrusion detection / prevention systems (IDS/IPS) systems. MSSPs also provide a 24/7 monitored Security Operations Center (SOC).
Covid: Connectivity for a remote workforce
Firewalls, threat detection systems, and a 24/7 Security Operations Center (SOC) manned by analysts provide robust perimeter-based security. However, challenges arise when we take users outside the perimeter of that network and connect them in through a VPN. Each internet-facing firewall – whether in a data center, cloud, or branch office –becomes an attack surface vulnerable to exploitation. When Covid spurred the movement toward remote work, the challenges associated with existing security architecture became far more pervasive.
Employees working from home networks are significantly less secure than those on corporate networks, making them more susceptible to ransomware attacks. If one member of a household is compromised, attackers can potentially infiltrate the entire home network. Once inside, they move laterally, targeting high-value assets for ransomware and other malicious activities. Attackers often leverage SaaS, IaaS, and PaaS to establish backchannels and exfiltrate data. On average, for every 100 employees there are 5+ active keys found leaked in the cloud.
The number of employees using cloud collaboration tools increased by 44% in the first year of the pandemic
Cyber Deal Environment
The cybersecurity market sentiment as of late has been robust, with climbing transaction counts and recovering valuations. May 2024 saw a total of 22 M&A cyberspace transactions with a total disclosed deal volume of $8.9B. Some prominent deals last month included HG’s acquisition of AuditBoard for $3.0B, Clearlake Capital and Francisco Partners’ acquisition of Synopsys’ Software Integrity Business for $2.1B, and CyberArk’s acquisition of Venafi for $1.5B. In sum, M&A deal count increased 5% YoY in May while the dollar deal volume increased 648% YoY. This month also saw a total of 68 financing transactions with a dollar deal volume of $1.8B. Notable deals include Wiz’s $1.0B Series E raise, Alkira’s $100M Series C raise, and Babylon Chain’s $70M Early Stage raise. Overall financing deal count increased 5% YoY in May while dollar deal volume was up 415% YoY.
Cloud, IoT and AI have exploded the sample set of problem spaces but also birthed some of their most interesting solutions. Below are seven of the most topical developments in cyber today:
1. Cloud Security:
a. Cloud Security Posture Management (CSPM)
b. Cloud Detection & Response / Cloud Investigation and Response Automation (CDR/CIRA)
2. Identity & Access Management (IAM):
a. Human identity access & management (MFA / SSO / Biometrics / Passwordless)
b. Non-Human Identity (NHI)
3. Security in the World of AI:
a. Automated security
b. LLM security
c. Deepfake detection
4. Network Security & SecOps:
a. Network security
b. Zero-trust frameworks
c. SecOps
5. App Security:
a. Web-app firewalls
b. API protection
c. Kubernetes management
6. IoT and Endpoint Security:
a. IoT protection
b. Endpoint protection
7. Data Protection / Data Loss Prevention (DLP):
a. Data lakes
b. DLP SaaS
Where are we heading?
Category creation and growth is further evidenced by investor sentiment. The general consensus at RSA this year was that overall cyber funding levels are healthy and sustainable. This year, despite a handful of down and flat rounds, there has been a noticeable uptick in investor interest and actual investment. Cybersecurity makes up 5% of what businesses spend, is growing at a 12% CAGR and shows no signs of slowing: The advent of LLMs (and their resulting infrastructural complexity) will be a watershed moment for CISO budget expansion.
—–
We at Lotus are incredibly excited by the tech that fuels Cybersecurity. If you are an investor, researcher, or founder in the space: reach out at ayla.j@thelotuscapital.com – I would love to chat with you.
ABB Cobot
AI / ML Integration
Another trend is the use of AI / ML to make industrial robots smarter and more adaptable. AI-driven robots can now learn new tasks with minimal human intervention, reducing setup times and increasing operational flexibility. For example, Covariant is working on AI systems that allow robots to autonomously handle highly variable objects in warehouses and distribution centers, this can include examples like mixed packaging or sorting manufacturing parts. Customers like retailers and e-commerce warehouses can benefit from the limited manual intervention as a result of these systems. In Covariant’s funding exceeds $150 million, positioning it as a leader in AI-powered robotics .
Digital Twin Technology
Advances in digital twin technology are expected to play a key role in the next phase of industrial automation. Digital twins—virtual replicas of physical assets—allow manufacturers to simulate production processes, predict maintenance needs, and optimize workflows before changes are implemented in real life. This could dramatically reduce downtime and equipment failure rates. An example of digital twin technology can be seen in General Electric’s (GE) use of digital twins for their jet engines and gas turbines. GE creates a virtual model, or “digital twin,” of each physical engine that they manufacture. This virtual model is continuously updated with data from sensors embedded in the physical engine, capturing real-time performance metrics such as temperature, pressure, and vibration. Companies like Siemens are heavily investing in this area, integrating digital twins with their industrial automation solutions.
Autonomous Mobile Robots (AMR)
Finally, the future will see further integration of autonomous mobile robots (AMRs), particularly in logistics and supply chain automation. Startups like Seegrid are innovating in this space, developing AMRs that can navigate dynamic environments, such as warehouses and manufacturing plants, without requiring any external infrastructure. Seegrid has secured over $150 million in funding to advance its autonomous vehicle technology .
Industrial automation is transforming global production and supply chain processes. Automation is becoming essential for businesses seeking to remain competitive and the sector presents significant investment opportunities. The key takeaway is clear: industrial automation is not just a trend but a critical driver of the future economy, making it an attractive space for forward-thinking capital deployment.
—————————————–
If you are a builder, investor or researcher in the space and would like to have a chat – please reach out to me at amit.k@thelotuscapital.com