Talent and capital are shifting cybersecurity investors’ focus away from Silicon Valley

Just when we thought things couldn’t get worse in 2020, we received the news on the SolarWinds hack and its impact on more than 18,000 businesses and potentially dozens of U.S. government agencies — including the departments of CommerceEnergy and Treasury.

We’re just beginning to understand the extent of their infiltration, but this story brings to light what the cybersecurity industry has already known: Solving the cybersecurity problem will take more time and resources than we are currently allocating.

Solving the cybersecurity problem will take more time and resources than we are currently allocating.

Adding to the challenge, COVID-19 has created fertile ground for the acceleration of cyberattacks that are more sophisticated, dangerous and prevalent. In this dire setting, cybersecurity has become even more competitive and a national security imperative and created higher demand for new solutions.

This is something we all — enterprises, startups, government and investors — need to work together to solve. So, from the venture capital perspective, where are cybersecurity investments being made, and where is the talent coming from to help stem the onslaught of hacks?

California’s Silicon Valley has traditionally been the epicenter of cybersecurity innovation. It’s home to some of the largest cybersecurity companies including McAfee, Palo Alto Networks and FireEye, as well as more recent high flyers such as CrowdStrike and Okta, providing a robust talent base for many willing venture investors.

However, that’s rapidly changing. Cybersecurity expertise is now budding in new regions where there is talent and a hands-on recognition of the need for innovative solutions. In particular we are seeing growth in areas such as the East Coast of the U.S. and in Europe, led by the United Kingdom.

Investment in Silicon Valley cybersecurity startups remained flat in 2020 as we are seeing record venture funding of cybersecurity companies in these emerging regions. And the reasons why may mean better solutions to solve current and future cyber needs.

The emergence of a new cybersecurity ecosystem

A new generation of cyber-experienced practitioners coming from government and financial services are becoming the next generation of entrepreneurs. Fueling new innovation, this newest breed of cybersecurity startups in emerging in cities like New York, Washington, D.C. and London, and away from Silicon Valley. East Coast businesses like IronNet*, founded by former NSA director General Keith Alexander, is one example of this growing trend of new leaders coming from federal government backgrounds.

These new cybersecurity leaders with front-line experience are developing solutions that fix the problems they faced as customers and, thanks to COVID-19, are hiring the best talent to join them regardless of their location. The pandemic has accelerated remote-working trends, increasing more flexible-location working opportunities in the cybersecurity industry. These companies are creating advantages over their West Coast counterparts in the ability to recruit better talent, lower costs and have closer proximity to customers and prospects.

As this expansion continues, it will inevitably dilute Silicon Valley’s domination of the cybersecurity sector. Now, new security companies flush with incredible talent and potential are attracting investors from around the world. To accurately understand this changing landscape, we scrutinized data on how the East Coast and Europe are currently shaping up against California, and the results clearly demonstrate a shifting landscape.

East Coast versus West Coast

Venture capital’s relentless search for alpha is shifting focus from California to other traditional venture-rich areas such as New York, Boston and the greater Baltimore-Washington, D.C. area. However venture investment is also growing in new emerging tech areas such as Ohio and Illinois. Several large investments have driven East Coast funding to record levels in 2020, including a $150 million fundraise by Snyk, a developer of security analysis tools located in Boston and a $83 million fundraise from Dragos, a Maryland-based rising industrial cybersecurity company. In 2020 YTD, there was a total of $849 million in venture capital investments across 53 companies on the East Coast, a 289% increase over 2019.

The East Coast is closing the gap on California in the number of early-stage cybersecurity companies being funded, with $1.14 billion invested into the Series A venture rounds of 101 companies versus $1.5 billion invested into 135 companies in California over the last five years. One reason is the region’s advantage in access to talent coming from the headquarters of multiple intelligence organizations and the most prestigious educational institutions providing cybersecurity education.

U.K./Europe growing with government support

Although smaller, the U.K. and Europe’s cybersecurity venture ecosystem is also rapidly growing as venture investors join government innovation programs across the continent, form startup hubs and attract funding from investors. Cybersecurity venture funding has increased in recent years and is showing even more potential for future growth with stronger growth in early-stage deals.

With only a few U.S.-based firms investing in Europe, growth has been largely driven by European-based venture capitalists or cross-regional funds like C5 Capital. Over the past five years, Europe has reported increasing numbers of Series A and Series B rounds, showing promise to be a new epicenter for cybersecurity innovation. Fueled by important financial hubs in Luxembourg and Switzerland, Europe received $391 million in funding across 20 deals in 2020, an increase of nearly 20% over 2019.

London has taken a significant lead in venture funding over other European cities, but other notable hubs include Berlin, Paris, Amsterdam, Barcelona, Madrid and Stockholm.

Delivering on the next generation of cyber innovation

Silicon Valley has been successful in making the big bets in later venture rounds to help startups rapidly scale once they have locked in their product-market fit. In other regions, especially in the U.K. and continental Europe, startups have often exited or reached a plateau without taking additional growth funding. This may be due, in part, to a founder’s lack of commercialization experience or the availability of capital.

What has been missing in these regions is smart growth-stage capital to drive further innovation and scale. Late-stage cybersecurity investments, such as Series C funding rounds, pay off for both companies and investors, with annualized returns nearly as high as riskier Series A rounds.

With better access to capital and worldwide talent, there will be further opportunities outside Silicon Valley to scale and create a new wave of solutions to solve today’s cybersecurity problems. In 2021, expect to see an increase in cybersecurity funding for companies in these new regions that have strong, innovative and unique offerings to help ensure a much-needed, secure digital future.

  • C5 Capital has a financial interest in IronNet.