Israel’s cybersecurity startups post another record year in 2021

Over the past decade, the Israeli cybersecurity industry has secured its place as a formidable wellspring of technological innovation. No longer famous only for its high level of human technological capital born and bred in elite army intelligence units, the Israeli industry has matured into a veritable ecosystem of its own. With enough capital in this booming ecosystem to grow massive category leaders and cultivate internal M&A, Israeli startups are now major players in the global cybersecurity industry.

In last year’s recap of the Israeli cybersecurity ecosystem, we anticipated that the record-breaking rounds of 2020 and marked-up valuations would continue in 2021, but upon collecting and assessing this past year’s data, we were taken aback by the magnitude. Israeli cybersecurity startups in 2021 raised a stunning $8.84 billion, more than triple the amount in 2020 ($2.75 billion). Investments last year were distributed across 135 rounds, up from 109 in 2020, with 15 startups raising more than one funding round last year.

The cybersecurity market today has limited patience, and a “go big or go home” mindset has permeated as founders focus on laying the groundwork for reaching unicorn status, building multibillion-dollar companies, going public and more. Cybersecurity in Israel has become a polarized market that accepts only two types of startups: potential unicorns and actual unicorns.

With such early and constantly growing investments, the industry has taken on a new approach that favors the survival of the fittest. It quickly becomes clear who will stay the course and catapult to growth and success, and who will look for the nearest exit with no time to linger in limbo.

Off to a running start

In order to achieve this growth, founders are making their goals distinctly clear in investment board rooms. They require more funding for a strong head start and later on for entering the unicorn club at record speed. Fortunately, such sizable amounts of capital are readily available.

The total amount raised in seed rounds last year increased slightly to $233 million from $203 million in 2020, but Series A rounds surged 140% to a whopping $693 million from $288 million a year earlier. At the other end of the spectrum, growth rounds (Series C and above) rose 300% to an astounding $6.46 billion in 2021 from $1.63 billion in 2020.

“As entrepreneurs, [2021] has drastically changed the industry’s rules,” says Assaf Hefetz, co-founder of Snyk, an Israeli cloud-native application security unicorn. “As threats abound and with skyrocketing demand for innovative solutions, Israeli cybersecurity startups now have an invaluable opportunity to grow big and grow fast. The table stakes are higher [ … ] and in such a competitive arena you have to stand out, or fold.”

The average seed round increased by 35% to $7 million from $5.2 million. As investments rise, so does the bar for entry into the market. Only 58 new startups were founded in 2021 compared with 2020’s 64, a testament to the competitive and highly ambitious landscape.

Another interesting trend we’ve seen over the past two years is that approximately 25 startups raised large seed or even Series A rounds and recruited dozens of employees while remaining in stealth mode. Some of these startups prefer to wait and merge their seed and Series A rounds in order to have a strong showing straight out of the gate.

Notable Israeli exits and unicorns

With larger growth rounds and the rush to reach massive valuations, unicorns are crowned earlier each year. Nine Israeli cybersecurity startups achieved unicorn status in 2021 — Aqua Security, At-Bay, Axonius, Claroty, Fireblocks, Noname Security, Orca Security, Transmit Security and Wiz — compared with 2020’s five. These mega-startups cut their time-to-unicorn by 23%, gaining their title in only four years as opposed to 5.2 years for unicorns in 2020.

The “go big or go home” mindset brought about quicker, smaller exits last year, as startups took advantage of the opportunities inherent in joining forces to establish rapid market leadership. The average acquisition declined remarkably last year, dropping by 50% to only $201 million from $401 million in 2020.

On average, startups that were acquired in 2021 raised 27% less capital prior to their acquisition compared to last year — from an average of $37 million in 2020 to $27 million last year. This dichotomy was further exemplified in the exit of five startups last year before they raised their Series A round, and two startups were acquired only six months after founding and before raising even a single dollar in seed funding.

In 2022, we foresee the continuation and acceleration of a related phenomenon worth noting — established Israeli cybersecurity heavyweights acquiring and merging with other cybersecurity startups to become industry giants, as we saw in 2021 with Claroty’s acquisition of Medigate, Aqua’s acquisition of Argon, Check Point’s acquisition of Avanan and Checkmarx’s acquisition of Dustico.

Another trend that began in 2020 and gained traction in 2021 was the increase of non-cybersecurity companies entering the sector by acquiring cybersecurity startups. Non-cybersecurity companies made 12 acquisitions in 2021 compared to only eight in 2020. Security is no longer solely the concern of CISOs and security teams, and the industry’s boom is attracting the attention of large companies that are not focused only on cybersecurity.

Notable exits last year include XM Cyber (acquired by Schwarz Group for $700 million), Guardicore (acquired by Akamai for $600 million), IntSights (acquired by Rapid7 for $400 million, in the company’s second acquisition in Israel in 2021, after acquiring Alcide in January), Medigate (acquired by Claroty for $400 million) and Vdoo (acquired by JFrog for $300 million).

2021’s hot spaces

The majority of seed funding flowed to the “hot spaces” of 2021: Application security, data security and privacy, and the consistently thriving sectors of cloud security, SaaS security, and vulnerability and risk management.

Application security remained at the top of the charts once again, garnering attention due to the Log4Shell vulnerability found in the Log4j open source library. With such continuously growing sophistication, attacks in this space have made the security of the software development life cycle (SDLC) an organizational priority.

As security teams are increasingly outnumbered by developers, application security posture management also became a growing trend within this sector. Startups such as Enso Security, founded in late 2020, develop platforms and solutions to increase appsec teams’ visibility and control.

Examples of successful startups that raised significant rounds in the application security space last year include Cycode (raising a total of $76 million after a Series A and B last year), Salt Security ($70 million Series C in 2021), Noname Security (Series B and C last year, totaling $195M in funding) and Snyk, (Series F funding of $530 million). As security gets even more developer-centric, we anticipate the application security sector to continue to evolve and thrive in 2022.

Data security and privacy were top of mind for both users and decision-makers last year. Several notable startups in this space reached benchmarks in 2021: Piiano launched and raised a $9 million seed round in late 2021; Satori Cyber raised a $20 million Series A; and Duality Technologies raised a $30 million Series B. Next year should prove to be quite eventful.

“With more data in the cloud, spreading across dispersed business workflows and locations, control becomes a critical issue for enterprises,” said Liat Hayun, CEO and co-founder of a stealth cybersecurity startup and previously VP of product management at Palo Alto Networks. “Cyberattacks in this field will accelerate, targeting data as the number one asset and creating lucrative opportunities for attackers on one end, and entrepreneurs on the other.”

Cloud security continues to dominate the industry. Cloud-based security solutions had to quickly adapt in order to secure critical organizational assets in a new and constantly growing environment. Cloud security market leaders such as Orca Security and Wiz are examples of companies that transformed the cloud security domain, introducing comprehensive solutions that gained an edge over incumbent solutions.

The continued investment in SaaS security, as evidenced by 2021 funding rounds for rapidly growing startups like Adaptive Shield (Series A of $30 million), Grip Security (seed and Series A rounds totaling $25 million) and Valence Security (seed round of $7 million), is hardly surprising in light of the evolution in the modern business environment and the scale of SaaS adoption.

Final forecast

The Israeli cybersecurity industry has matured significantly. With large investments, even larger gains and fewer startups in the field, there is ample opportunity for innovation to revolutionize existing markets. For strong startups, fast growth will be their only concern from day one, with shorter transition times between stages and benchmarks. As innovative solutions continue to saturate the market, category leaders in hot spaces will need to work harder to define their “secret sauce,” and security decision-makers will prefer a consolidation of security offerings instead of a bevy of new tools, swallowing up smaller startups that focus on point solutions.

Recent headlines tout the 2021 global cybersecurity boom as a “bubble” that will inevitably burst. This is hardly the case. While valuations may have been nearing the limit of reason in 2021, we don’t foresee a collapse; instead we expect the market to adapt naturally to the characteristics and threats of the new reality. There are real, concrete and concerning security needs throughout all types of organizations as malicious actors grow more sophisticated. Organizations will continue investing increasingly larger amounts of capital to meet these needs and ensure the security of their assets, leading to more innovation and growing security budgets.

This is a far cry from a purely money-based and unsubstantiated “bubble.” As capital continues to sweep this increasingly innovative and high-paced market, we will surely see the impact of the trends and shifts described above reverberate through 2022.

Disclaimer: Cycode, Enso Security, Grip Security, Orca Security, Piiano, Satori and Valence Security are YL Ventures portfolio companies. YL Ventures was an investor in Axonius and Medigate since their seed rounds.