Embed Size (px)
Citation preview
Creating IT-Security Start-Ups
Benjamin Rohé, Founding Managing Director
Sorry for the Layout
• It had to be that way !
Market, Predictions and Examples
Investors Perspective
Cyber Security Startups? Cyber Security Startup!!
• Generations of Cyber Security 1993: Mosaic and the rise of the commercial Internet (FUD* 1.0)
• 2000: dot-com bubble burst (double-digit security spend as %IT) - 2002: inflection point (FUD* 1.5)
• 2005: consumer Internet distraction & 2008: economic crash • 2011: media focus on all things cyber (FUD* 2.0) • 2013: Snowden and the fragility of the Internet (anti-FUD*?) • 2015: ? • 2020: ??? • * Acronym for fear, uncertainty and doubt. It is a marketing term that is often used to cast a shadow over a competitor's product when your own is unable to
compete. FUD is a technique used by larger companies who have a large market share. The FUD acronym was first freely defined by Gene Amdahl after he left IBM to found his own company, Amdahl Corp, with this statement: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering Amdahl products."
No crystal ball is required to predict that high-profile security breaches
will continue to make the news in 2015
Two Real Cyber Security Drivers
• Governments and corporations are under attack from cyber hacks (no longer simply a nuisance)
• IT budgets are being freed up for products and services to strengthen digital defenses (convergence of risk)
Businesses Under Fire • Hackers are stealing around $250B/year in IP - NSA
Director, Gen. Keith Alexander, calls these attacks "the greatest wealth transfer in history“
� "Significant YoY increases in cyber attacks DHS reported a 68% increase in cyber attacks in 2012 at federal agencies, government partners, and against critical infrastructure -Symantec reported attacks on companies rose 42% in 2012
• U.S. government is increasing spending in Cyber Security (despite cuts elsewhere)
Business Under Fire
Money Follows Problems • Driving investment in innovative technologies
- $391M in just 16 companies between Jan 2012 and Sep 2013:
• Cyber Security market is in a renaissance: - – $1B invested in Cyber Security startups in 2012 – up 5% over 2011 (vs. overall venture funding down 10% YoY) – 2011 Cyber Security funding was up 94% over 2010
Security Predictions For 2015
Security predictions from: Blue Coat, Damballa, FireEye, Fortinet, Forrester, Gartner, IDC, ImmuniWeb, Kaspersky Lab, Lancope, McAfee, Neohapsis, Sophos, Symantec, Trend Micro, Varonis Systems, Websense. Image: Charles McLellan/ZDNet
Exit Opportunities for Founders and Investors
• Mergers and Acquisitions (M&A) – Cisco <- Sourcefire ($2.7B or ~10x annual revenue) – IBM <- Trusteer ($800M or ~10x annual revenue)
• Initial Public Offerings (IPOs)
• Private Equity etc
Intelligence Services: Key Investors1
• 106 Startups Who Received Investment from the C.I.A* Since 1999 In-Q-Tel has been strategically investing in startup companies that are used by the intelligence community.
• Today, these companies have amassed more than $3.2 Billion in venture funding, and employ more than 7,000 people.
Case-Study: One Of The Most Prominent Intelligence Financed Startups
As of 2013, Palantir was used by at least 12 groups within the US Government including the CIA, DHS, NSA, FBI, the CDC, the
Marine Corps, the Air Force, Special Operations Command, West Point, the Joint IED-defeat organization and Allies, the Recovery Accountability and Transparency Board and the National Center
for Missing and Exploited Children.
https://www.youtube.com/watch?v=VJFk8oGTEs4
Palantir Facts • Founded in 2004 by Peter Thiel, Joe Lonsdale, Alex Karp, Stephen Cohen,
Nathan Gettings; 1.500+ employees; • Palantir Gotham is used by counter-terrorism analysts at offices in the
United States Intelligence Community and United States Department of Defense, fraud investigators at the Recovery Accountability and Transparency Board, and cyber analysts at Information Warfare Monitor. Palantir Metropolis is used by hedge funds, banks, and financial services firms.
• CEO Alex Karp announced in 2013 that the company would not be pursuing an IPO, as going public would make “running a company like ours very difficult.”
• As of early 2014 the company was valued at $9 billion, according to Forbes, with the magazine further explaining that the valuation made Palantir "among Silicon Valley’s most valuable private technology companies.
Global Cyber Security Spending to Reach $76.9 Billion in 2015: Gartner
• According to the IT research and advisory firm, global IT security spending reached $71.1 billion in 2014 year, an increase of 7.9% compared to 2013. 2015, spending will grow even more, reaching $76.9 billion (+8,2%)
• By 2015, approximately 10% of the security controls deployed by organizations will be cloud-based, particularly when it comes to small and midsize businesses.
J.P. Morgan CEO: Cyber-Security Spending To Double!
• J.P. Morgan Chase & Co. Chairman and Chief Executive James Dimon said the bank would double spending on cyber security over the next five years.
3 Solid Tips From Founders Of a Security Startup2
• To scale a startup too early or grow too quickly is not necessarily a good thing, especially for enterprise startups. Things will go wrong, bugs will be revealed, and the unexpected will always surprise you at the most inconvenient of times. Being slow and steady at first allows time to optimise the advertising funnel and learn how to push customers down the funnel effectively with a small budget. Don’t ramp up the model until the conversion is consistently great.
• When attending business meetups and events, seek to build business relationships, and genuinely help people to ‘pay it forward’. Many startup founders meet to sell their idea, or to pitch. No one will be interested in buying from you or use your product if you directly sell to them when meeting the first time.
• At the end of the day, a startup is a business, so think of revenue early and have a solid business model, not just to build something cool or change the world. Don’t run out of cash, because the longer the business can survive, the greater its chance of succeeding and ultimately changing the world.
Reaching Out to the Growing Community (Examples)
https://angel.co/cyber-security
2014 surveys and annual reports Publisher Title
Appriver Global Security Report: End-of-year report 2014
Cisco 2015 Annual Security Report
CyberEdge Group 2014 Cyberthreat Defense Report
Damballa/Ponemon The Cost of Malware Containment
EY Global Information Security Survey 2014: Get Ahead of Cybercrime
Forrester Understand the State of Network Security: 2014 to 2015
HP/Ponemon 2014 Global Report on the Cost of Cyber Crime
Lumension/Ponemon State of the Endpoint Report 2015
Radware Global Application and Security Report 2014
SafeNet/Ponemon The Challenges of Cloud Information Governance: A Global Data Security Study
Symantec 2014 Internet Security Report
Tripwire/Atomic Enterprise of Things
http://www.zdnet.com/article/cybersecurity-in-2015-what-to-expect/
Case Study: Steganos
4 Key Products …
.. For a Post-Snowden World
Growing a Cyber Security Company with Success
• B2C: – PR: own the subject
(steganos: snowden/data privacy)
– Affiliate Marketing (blogs, (software)publisher, software review magazines)
• B2B: Partner distribution & bundles; bottom-up approach (used at the bottom of the organization, becomes “standard” within the entire organization)
Affiliate Marketing (B2C)
http://www.startupnation.com/articles/affiliate-marketing-101-understanding-the-basics/
Closing the Loop
• Expertise Counts – Domain expertise is key (for investors and buyers) – Does the team really know its vertical market?
Closing the Loop
• Government Cyberwarfare & CIP – More than 80 companies work with the NSA on
cyberwarfare and surveillance (Der Spiegel) – Claims that U.S. National Security Agency is
funding “digital Blackwater” and “cyber Raytheon”
Final Remarks • Security still a reflex reaction to an attack • IT infrastructure security still a one-time, ad hoc effort • Security as a broad collection of technologies • Cyber Security never gets solved
Like an antibiotic-resistant bacteria: attackers adapt to defenses and render them obsolete (David Cowen, Partner at Bessemer Ventures)
References
1. https://mattermark.com/106-startups-who-received-investment-from-the-c-i-a-most-frequent-in-q-tel-co-investors/
2. http://fromlittlethings.co/2013/10/09/three-solid-tips-from-founders-of-security-startup-authopay/
