It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated.
Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey, which found that private cybersecurity company funding grew by 9.4% to $26.9 billion between September 2021 and September 2022.
Mergers and acquisitions were also robust. In the third quarter, there were 62 deals totalling about $8.9 billion.
There have been a number of impressive funding rounds this year for cybersecurity startups. Just today, security and compliance automation platform Drata announced a $200 million Series C funding round that brings the company’s valuation to $2 billion, doubling its $1 billion valuation from its Series B round last year. This latest round was co-led by GGV Capital and ICONIQ Growth, who respectively led Drata’s Series A and B rounds.
The strength in private funding isn’t too surprising when you consider that cybersecurity remains top-of-mind. According to a recent Gartner survey, security is the top priority for CIOs. About 66% of respondents said they planned to increase spending on cybersecurity.
So what are some of the security trends to keep an eye on for next year? Where will the dollars go? Here’s how some top VCs see the cybersecurity market unfolding in the year ahead.
See our picks for the Top Cybersecurity Startups
Data Compliance and Protection
Vaibhav Narayanam, who is the Director of Corporate Development & Venture Investments at ServiceNow, invests in a variety of technologies. But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection.
“With data continuing to explode both in volume and in its role throughout the enterprise, more and more business processes and stakeholders need to leverage data to run critical operations and innovate,” said Narayanam. “Against this backdrop, it becomes harder for organizations to comply with growing regulations and protect against breaches. We continue to look for technologies that foster secure and compliant use of data at the operational speed today’s businesses require.”
One of the firm’s investments in this category is Immuta. In June, the company announced a $100 million Series E round of funding. Immuta’s technology helps with secure data in the cloud at a granular level and allows for enforcing data security policies.
Developer Tools and SDKs
Stephen Lee is Vice President of Technical Strategy & Partnerships at Okta. His role is focused on technical strategy for partnerships, M&A, and Okta Ventures. He has over 20 years experience in identity and security.
“Developer tools and SDKs are becoming more important with cybersecurity,” said Lee. “There are many issues like API security, authentication, data residency, privacy and compliance. A developer should not spend their valuable time on building their own solutions.”
Lee says that developers are implementing security much earlier in the process. This is both for SaaS applications and internal enterprise solutions.
Ockam is one of Okta’s portfolio companies that focuses on developer-first tools. The startup manages an open source project for key management, authorization enforcement policies, and end-to-end encryption.
In early 2022, Ockam raised $12.5 million in a Series A funding round.
See the Top Code Debugging and Code Security Tools
New Era for Work and Security
Jake Seid is founding partner of Ballistic Ventures. The firm only invests in cybersecurity startups. A major theme for his fund is the trend of security for the modern workforce.
“This is built around the idea that the way we work has dramatically changed – and the days of trading off cybersecurity for ease of use is a thing of the past,” said Seid. “These days, people will find and use whatever tools appear to be best and most frictionless for the jobs they’re performing – whether the tools are approved by their organizations or not. The same notion applies for third parties, like contractors and business partners.”
This means that there are a rapidly growing number of exposures. This helps to explain the rise of social engineering attacks, especially with phishing.
Earlier this year, Ballistic Ventures invested $7 million in Nudge Security because of its focus on the modern workforce. This startup takes an interesting approach to security. It uses behavioral methods – or “nudges” – to get employees to adopt best practices.
See the Top Employee Security Awareness Training Tools
Kubernetes Security and Observability
Ashish Kakran is a principal at Thomvest Ventures. Before that, he was a founding engineer at eJonesPulse.
An area that Kakran is bullish on for 2023 is Kubernetes security and observability. For the most part, solutions will be critical for enterprise adoption. “At scale, teams struggle to connect Kubernetes clusters, enforce security policies, and observe events so that teams can fix performance issues,” Kakran said.
A portfolio company in the space for Thomvest Ventures is Isovalent. The company helps to solve the Kubernetes’ issues with the BPF and Cilium open source projects. In September, Isovalent announced a $40 million Series B funding. Thomvest Ventures led the deal, which included other investors like M12 (Microsoft’s Venture Fund), Google, Cisco and Andreessen Horowitz.
Also read: Top Container Security Solutions
Ransomware
Deepak Jeevankumar is a managing director at Dell Technologies Capital. He has spent more than two decades investing in early-stage startups. Some of his bets include RedLock (acquired by Palo Alto Networks), Jask (acquired by SumoLogic) and Humio (acquired by CrowdStrike).
Looking at 2023, he says that ransomware solutions will be a hot category. “There is an opportunity for startups, especially those that can easily automate the process for SMEs,” said Jeevankumar. “Smaller orgs don’t have the capacity and resources to mitigate these types of attacks.”
In light of this, Dell Technologies Capital invested in Calamu’s $16.5 million Series A round earlier this year. The company’s technology makes any data captured useless for the hacker. There is also automatic self-healing of the breached systems. This provides a balance between an organization’s protection and immediate access to data.
Also read: Ransomware Prevention: How to Protect Against Ransomware
GRC and risk measurement
Ofer Schreiber is a senior partner and head of the Israeli Office at YL Ventures, which manages over $800 million and specializes in cybersecurity. He notes that a top trend for 2023 is for GRC (Governance, Risk, and Compliance) and risk measurement.
“C-suite executives have come to terms with the reality that security risks equal business risks,” said Schreiber. “Therefore, it has become acutely important for security teams to have proper GRC and risk measurement tools to help them govern their security program, measure cybersecurity risks and adjust their security portfolio over time. In 2023, we will see this trend coinciding with the growing demand for transparency and accountability in security, and more and more tools providing risk assessment capabilities and using data-driven insights to inform decision-makers.”
One of his bets in the category is Piiano. The startup provides PII (Personally identifiable information) protection and management for cloud native applications. The technology is a code scanner and vault that allows for streamlined visibility and segregation. Last year, the company raised $9 million.
Read next: Top GRC Tools & Software