Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, April 28, 2011

VCs and IT Security Firms: Not Much Love in the Air

Although security breaches make the headlines regularly and Washington has plans to upgrade the security of the United States’ national infrastructure, up-and-coming IT security companies are having difficulty securing investment funds.  “It seems there’s been a general shift among venture capitalists away from security,” Jim Pflaging, director and managing principal at SINET, stated at a private lunch at the 2011 IT Security Entrepreneurs’ Forum (ITSEF), held in Palo Alto recently.

“In any space there are some large outcomes, and that’s true for security as well, but you’re not going to see tons and tons of them,” Asheem Chandna, a partner at Greylock Partners, stated at the ITSEF lunch.

The vast majority of the 950 companies in the security industry in the United States are capitalized under US$5 million, and there are probably “fewer than 5 or 10 percent of them that are above $50 million,” said Maria Kussmaul, a founding partner at America’s Growth Capital.

Venture capitalists are putting their money in other areas such as social networking, mobile and green technology because they can get a higher possible rate of return, SINET’s Pflaging told TechNewsWorld.  As proof, they point to fewer homeruns and the fact that many IT security firms plateau at $20 million to $30 million, Pflaging added.

“To me, the bigger issue, which hasn’t been well-discussed, is the trend towards more security M&A from the system integrator community, especially those SI companies with a government focus,” SINET’s Pflaging stated.  Large IT manufacturers such as HP (NYSE: HPQ), IBM (NYSE: IBM), Cisco (Nasdaq: CSCO) and Dell (Nasdaq: DELL) will battle their former government channel partners such as SAIC and Raytheon to provide IT security to the government sector, he said.  “As someone who sits as a trusted advisor to many in the security space, I can say that the M&A activity in 2010 and a greater awareness of the importance of cybersecurity at the national level has created more interest in finding the next generation of breakout security companies,” Pflaging remarked.

Investment in security technology is beginning to grow because of a combination of major platform shifts, the increasingly sophisticated threat landscape, and increased regulatory compliance being demanded by governments.

“VCs are beginning to move aggressively to invest in the sector given the high-profile cases of intellectual property theft such as the RSA hack and Aurora, cyber attacks such as Stuxnet, identity theft such as those that hit Heartland Payments and TJ Maxx, and cyberwarfare such as the Georgia conflict,” Yepez stated.  “We are going from about 2.5 billion devices connected to the Internet today to about 50 billion by 2020, and this “translates directly in vulnerabilities and IT security-related risks,” he explained.

Posted on 04/28