Venture capital

Tomorrow’s top trends in cybersecurity, according to VCs

Cyber insurance and anomaly detection are key investment areas, thanks to a spike in cyberattacks and a new hybrid workforce.
article cover

Francis Scialabba

5 min read

As the cybersecurity world changes rapidly, VCs are placing bets on what they think will be the most important cyberdefenses of tomorrow.

Funding in the space hit a record-high $26.6 billion in 2021, according to data from CB Insights—and although the pace of investment is slowing from last year, VCs had still poured nearly $11 billion into the sector as of Q2 this year.

Cybersecurity startups are popular, in part, thanks to a spike in cyberattacks. Last year may have been the biggest year for data compromises in US history per Statista, and nearly nine in 10 company boards now view cybersecurity as a “business risk” rather than solely a technical or IT issue, according to Gartner research.

“What’s happened over the last two, three years—which is Covid and [the] pandemic, as well as the war…as well as the ongoing threats from China—that has led to digitization and automation of every industry, which has completely, multifold, exposed our infrastructure to cybersecurity attacks,” Bilal Zuberi, a general partner at Lux Capital, told us. “The attack surface has become much, much larger.”

Here are three of the fastest-growing sectors in cybersecurity, according to VCs we spoke with.

Cyber insurance

One of today’s hottest cybersecurity investment categories is “managing cyber risk,” Shane Shook, venture partner at the cybersecurity-focused Forgepoint Capital, told us via a spokesperson. Shook described it as a “new emerging trend in cybersecurity, as corporate-governance mandates have changed in regulated and/or public organizations.”

It’s part of a larger trend: The cost of US cyber-insurance premiums has spiked as well—doubling from $1.6 billion in 2020 to $3.2 billion in 2021, according to data from Fitch Ratings.

To date, Forgepoint has invested more than $100 million in cyber insurance and cyber risk-related startups, Andrew McClure, another partner at the firm, told us via spokesperson. That includes three startups: Converge, SolCyber, and Surefire, which specialize in cybersecurity insurance, incident response, and prevention tools.

Then there are startups like CyberCube, which specializes in AI that works on behalf of cyber-insurance companies. These predictive machine learning models can help insurance companies underwrite policies, or help determine the potential risk of insuring a client before they make a decision, Alberto Yépez, managing director at Forgepoint, told us.

“Cybersecurity is becoming a SaaS offering, and many SaaS offerings…have found interesting financial applications to be built on top,” Zuberi told us in an email follow up. “Insurance falls into that bucket. It is indeed a growing field. We haven’t invested in the space yet but [are] actively looking and evaluating opportunities.”

Detecting anomalies

AI for anomaly detection is another one of today’s most popular investment sectors in cybersecurity, according to Zuberi and Yépez.

Keep up with the innovative tech transforming business

Tech Brew keeps business leaders up-to-date on the latest innovations, automation advances, policy shifts, and more, so they can make informed decisions about tech.

With an increased number of devices operating on-site and in the field, and those devices generating or handling more data than ever before, some companies are turning to AI to flag deviations.

That could mean anything from temperature and pressure inconsistencies with a factory motor, to consistently checking the way a machine learning model itself is operating and whether there’s been any drift.

“This is a high-importance category for us,” Zuberi said. “We are actively investing in this space in various ways to understand and protect devices at the edge.”

Lux has two portfolio companies in the space, Zuberi told us: Nozomi Networks, which specializes in cybersecurity protection for edge devices, and Zededa, which helps regularly update operating systems and software for edge networks.

Forgepoint has invested approximately $150 million across 17 portfolio companies in the space, Shook said, ranging from payment services fraud detection (like Verituity) to threat detection and response (like Huntress and IronNet).

Shook added that the sector is consolidating, pointing to exits in the past two quarters, including Cloudflare’s acquisition of Area 1 Security, SentinelOne’s acquisition of Attivo Networks, and LexisNexis’s acquisition of BehavioSec.

Managing cyber

Cybersecurity infrastructure for companies is another hot area, VCs told us.

Forgepoint has invested more than $200 million in the space over the past two years. The firm currently has 20 portfolio companies in the infrastructure category, Shook said, ranging from data protection (like Cyberhaven and Concourse Labs) to identity attack surface management (like BishopFox and Constella Intelligence) to cloud and enterprise endpoint protection, detection, and response (like NowSecure and Instabug).

And as the popularity of edge computing increases, cybersecurity infrastructure becomes even more important, per Zuberi.

“You could be talking about 20,000 machines that are sitting in oil fields spread across the country, or gas pipelines, or…distribution points in the grid,” Zuberi said. “How do you [make sure they’re] up to date and essentially have the latest versions of the software on them?”

Fifteen years ago, he added, people used to need to download the latest antivirus software, while nowadays, Apple can automatically do the same by pushing an update to your computer.

“So: How do you do that at the edge?” Zuberi asked, adding, “We’re investing in those areas.”

Keep up with the innovative tech transforming business

Tech Brew keeps business leaders up-to-date on the latest innovations, automation advances, policy shifts, and more, so they can make informed decisions about tech.

T
B