Friday, 11 September 2015

‘Do you guys actually make money?’: the cybersecurity boom cools

David, left, and Orion Hindawi at the offices of Tanium, their cybersecurity start-up, in Emeryville, California on Aug. 31, 2015. A sudden dose of skepticism from investors about cybersecurity start-ups, like Tanium, which as a group recorded record investments last year, may be a harbinger of change across the entire technology sector.

A funny thing happened to Orion Hindawi while he was raising $120 million (all figures $US) for his cybersecurity startup in August: Investors asked him about profits.

A year ago, Hindawi raised $90 million, followed by an additional $52 million this year from the venture firm Andreessen Horowitz. Investors were willing to place a $900 million valuation on his company, called Tanium, without so much as a glance at revenue or profit margin.

This time, not so. As he made the rounds with investors like Institutional Venture Partners and T. Rowe Price, Hindawi said, he was asked to show profits and sales margins. “A lot of the funders we spoke with are starting to get really scared,” he said. “This time the questions were, ‘Is this a sustainable business? Do you guys actually make money?’”

That sudden dose of skepticism about cybersecurity startups, which as a group recorded record investments last year, may be a harbinger of change across the entire technology sector. With global stock markets struggling, investors may be ready to move away from the focus on growth over profits of the last few years.

If that shift proves to be more than a blip, it will represent a dramatic turnabout. Cybersecurity entrepreneurs in recent years have had an easy time raising money as breaches at companies and U.S. government agencies have become front-page news.

In 2014, U.S. venture capitalists poured $1.77 billion, a record amount, into private security startups, topping the previous record of $1.62 billion invested in 2000, at the height of the dot-com bubble, according to Dow Jones VentureSource.

“There was a big rush to fund cyber companies over the past 12-24 months,” said David Cowan, a partner at Bessemer Venture Partners. “But now there’s a sense that there are many, many out there already and a good story is not enough to attract capital anymore.”

And there are too many companies trying to do the same thing: identify “anomalous” behavior on computer networks and respond to attacks in real time, Cowan said.

“That pretty much sums up 95 percent of the companies raising money at the RSA show,” he said, referring to the giant RSA cybersecurity conference held in San Francisco in April. “If that’s what you’re promising and you think you’ve found a really sexy value proposition, guess what — it’s not that sexy when the room is full of people just like you.”

If interest from venture firms is any indication, Tanium must still be sexy. The Emeryville, California, company’s technology can test the millions of computers that are attached to corporate networks, ask them questions, and patch them or shut them down in seconds, if need be.

Tanium has been profitable since shortly after it started working with customers in 2012 (it was founded in 2007). Hindawi and his father, David, were not initially interested in raising venture capital, but the value Andreessen Horowitz was willing to put on their company and the business connections the venture firm could provide were too good to ignore.

Still, Hindawi said he was surprised that venture capitalists were willing to place a $900 million valuation on a young company without so much as a glance at revenue or margin.

“Up until a year ago, nobody cared that we were cash flow positive,” he said. “None of those things factored in. They basically said, ‘We don’t really care. What’s the growth rate?’”

The diligence he encountered during the company’s latest funding round was almost a relief, he said, maybe an indication that some semblance of sobriety had returned to tech funding.

But it may be just a semblance. Hindawi turned away $400 million in cash offers in the latest round. The investors who made the cut — Institutional Venture Partners, TPG Growth and T. Rowe Price — valued Tanium at $3.5 billion, nearly four times the $900 million valuation it received last year, according to two people familiar with the deal who spoke on the condition of anonymity because the terms were confidential.

Tanium did not need the cash, Hindawi conceded, but he chose to raise money now, in part, because word that he had recently turned down an acquisition offer sent investors flocking to the company’s door — and a quarter-billion dollars in the bank would help it survive if a downturn hit.

“I never want to raise money again,” Hindawi said. “If there’s a market downturn or a ‘black swan’ occurs, I want to make sure we cross that bar.”

With the risk of a downturn growing, Tanium is not the only security startup putting money away for a rainy day. Crowdstrike, which runs cyberthreats through a powerful cloud computing system, received $100 million from Google Capital in July, for example.

George Kurtz, the company’s chief executive, said the investors from Google were not just throwing money around. They spent a lot of time with Crowdstrike’s customers, to understand the technology before investing.

Kurtz said he learned from the dot-com crash that it is better to give up a little ownership stake in return for investment dollars that can turn into a safety cushion if business turns bad.

“I’ve never seen a company go out of business from dilution, but I have seen companies go out of business because they didn’t raise enough money,” he said.

View the original content and more from this author here: http://ift.tt/1JZPiy1



from cyber security caucus http://ift.tt/1Nt5aPF
via IFTTT

No comments:

Post a Comment