Where VCs Are Investing in Cybersecurity

Between a plunging stock market, rising interest rates and a slumping economy, raising venture capital has not been easy this year. This has even been the case for high-priority categories like cybersecurity.

According to data from PitchBook, venture capital investments have reached about $13.66 billion so far this year, down significantly from $26.52 billion in 2021.

Then again, this year has still fared quite well compared to 2020, when the venture capital haul was about $11.47 billion.

So despite the slowdown, there’s still some venture investment going on. Where are VCs focusing nowadays? Let’s take a look at some recent standout deals and see if there’s a pattern.

See the Top Cybersecurity Startups

Cymulate

IT talent is particularly troublesome for the cybersecurity industry, with a persistent talent shortage that has continued to grow despite the down economy.

But for Cymulate, this has been a favorable trend. The company develops software that helps organizations of any size get an accurate security exposure risk assessment. This makes it so that a team can focus on priorities with more efficiency and speed.

Cymulate’s system continuously validates potential threat exposures, whether in the cloud or on-premises. This is done by using native security technology and analytics that allow for attack surface management, continuous red teaming, breach & attack simulation and advanced purple teaming. Customers see a nearly 50% reduction in cyber risk within the first three months of use.

In early September, Cymulate announced a Series D round of $70 million. The lead investor was One Peak and other investors included Susquehanna Growth Equity, Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital.

“It’s no secret that the performance expectations of raising money have increased significantly in today’s climate,” said Eyal Wachsman, CEO of Cymulate. “However, investors remain interested when you have a great product and your revenue growth is outpacing the market. In 2021, Cymulate demonstrated 100% year-over-year growth, and the market opportunity for security validation products is estimated to be over $5 billion. Our current investors saw the continued opportunity and decided to increase their investments.”

Cymulate was also one of the winners of eSecurity Planet’s 2022 Cybersecurity Product Awards.

Theom

The founders of Theom – which include Navindra Yadav (CEO), Supreeth Rao (CTO) and Ravi Sankuratri (COO) – focused on helping customers answer this question: “Is my data really secure?” This came about from extensive experience handling cybersecurity for various companies of huge scale. The founders realized that solutions often were ineffective, especially with the cloud.

Theom CEO Navindra Yadav calls his platform a “data bodyguard.” It generates insights about high-value assets. What is being protected? What is exposed? Theom provides visibility across cloud data stores, data lakes, and data warehouses.

Next, the Theom platform prioritizes the risks. This is done without taking the data out of the customer environment. The data is protected at rest and in transit. “Theom ensures that data is protected wherever it is stored, copied, or moved,” said Yadav.

In mid-September, Theom raised $16.4 million in venture capital, which was led by Ridge Ventures. There was also participation from M12, which is Microsoft’s venture fund.

“The VCs believed in our vision of being the ‘data bodyguard for the cloud’ and were impressed that we had already built a product that was in production,” said Yadav. “As a result of the interest in the sector, and our unique vision for a new approach to cloud data security, the round was oversubscribed.”

Talon Cyber Security

The browser can be a major security vulnerability. “Recognizing this gap, we identified the opportunity to create a browser that combines enterprise-grade security features with the user experience that workers know and expect,” said Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security. “By doing so, we enable organizations to embrace distributed work by delivering secure access back to the business, no matter a worker’s location, device, or operating system.”

The Talon browser is based on Chromium, which is the same for Chrome and Edge. The result is that users get the same kind of user experience they are used to.

The strategy has seen early traction. The browser won the Innovation Sandbox at RSA. There have also been partnerships with CrowdStrike and Microsoft, along with large customer wins.

In early August, Talon Cyber Security announced a $100 million Series A funding. The lead was Evolution Equity Partners. Other investors included Ballistic Ventures, CrowdStrike’s Falcon Fund, and Merlin Ventures.

“Cybersecurity startups can raise funding and have been, but they need to understand that investors are going to be more selective in who they invest in at this point in time,” said Ben-Noon. “Those looking to raise funds should take on what they need to provide the business with the stability to achieve the growth goals that they set for themselves. The key from my perspective is to plan ahead and partner with strategic investors that will not only provide you with cash, but help you grow your business and build your brand in the community.”

Coro

Before Coro, the four founders of the company had built two other successful startups. “We specialize in taking complex, inaccessible enterprise services and bringing them to the mid-market to make them available to everyone,” said Guy Moskowitz, CEO and cofounder, Coro.

This strategy has proven quite impactful for the cybersecurity space. The fact is that the mid-market has been underserved. But of course, the customers have significant needs for affordable and effective cybersecurity solutions.

“Coro has seen 300% year-over-year growth for the past three years and 125% quarter over quarter growth so far this year,” said Moskowitz. “We’re exceeding our goals across all fronts.”

The Coro platform is an all-in-one solution, which covers all endpoints and protects users, cloud applications, email, devices and data. Next, the technology relies on sophisticated AI, which helps to automate processes.

A few months ago, Coro announced a $60 million Series C round. The lead was Balderton Capital.

“Currently we are seeing many of the venture capital funds preserving cash for follow-on investments in portfolio companies,” said Moskowitz. “This is a pretty regular pattern we saw in previous downturns and recessions. We do see significant investments made in companies that are outliers – like Coro. Companies that can show hyper-growth despite the recession, that demonstrate the ability to execute, and that have exceptional product-market fit.”

Bitwarden

Bitwarden, which was founded in 2015, operates an open source platform that provides password management services for enterprises and consumers. The company competes against rivals like 1Password and LastPass.

Bitwarden’s software is fairly straightforward. A user can easily create a hard-to-crack password and store it securely. With the growth of the cloud and remote working, the service has seen tremendous growth. In terms of the business model, Bitwarden sells premium modules, such as for single sign-on integrations for enterprises.

The open source approach has been another key. Customers better evaluate the security infrastructure. There is also the flexibility of building extensions to the project.

In early September, the company announced a funding round of $100 million. The lead was PSG, with participation from Battery Ventures.

Bitwarden is also one of our picks for Best Password Managers.

Axio

In 2016, Scott Kannry and Dave White co-founded Axio.They recognized the challenges for companies to make the right decisions about their cybersecurity investments.

“We started Axio to provide business and security leaders with the visibility they need to align on a source of truth about their organization’s cyber exposure,” said Kannry, who is the CEO. “We want them speaking about cyber risk with the common language of dollars and cents so they can better prioritize initiatives and investments. When a high-profile attack like SolarWinds happens, security and business leaders use our platform to answer the question of ‘What would this attack cost if this happens to us?’”

The company’s platform is called Axio360. It provides benefits to a wide array of personas and stakeholders like boards, CEOs, IT administrators, auditors and compliance staff.

As a testament to Axio’s technology and growth, the company recently announced a Series B investment round of $23 million. The lead investor was ISTARI, a global cybersecurity firm. Other backers included Distributed Ventures, IA Capital Group, and Bob Dudley, who is the former CEO of BP.

Read next: The Top VC Firms in Cybersecurity

Tom Taulli
Tom Taulli
Tom Taulli is the author of Artificial Intelligence Basics: A Non-Technical Introduction, The Robotic Process Automation Handbook: A Guide to Implementing RPA Systems and Modern Mainframe Development: COBOL, Databases, and Next-Generation Approaches (will be published in February). He also teaches online courses for Pluralsight.

Top Products

Related articles