A recent revelation within the tech industry has sprung up, and it can appear to be somewhat alarming at first glance. It looks as though the once booming cybersecurity sector, which grew a staggering 235% between 2010 and 2015, has reached a point of saturation. Venture capital firms invested $3.1 billion in cybersecurity companies during 2016 — a $600 million drop from the previous year. The outlook for cybersecurity startups is looking particularly bleak, with investment share for firms at seed/angel stage making up for 31% of the total number in 2016, showing a marked decrease from 2015’s 37% and the 35% of 2014.
Operatix VP Dan Seabrook provides an insight into what may be causing this general VC investment decline within the IT security market. “The slowing down of VC investments in IT security is, in my opinion, down to the vendors simply not selling as much as they used to.”
He continues to explain the reasons for this decline in sales, “take endpoint security for example. There are 8 to 10 well-known vendors doing more or less exactly the same thing with minor variations . It’s because of this saturation that these companies aren’t selling as much as they should be. The huge amount of competition in the cybersecurity sector has led to longer sales cycles, lower average deal values and a lower volume of sales.”
“VCs are now beginning to see this pattern too. They have been investing millions but they haven’t been seeing the ROI that they were expecting in terms of sales, pipeline, or even the potential to make sales.” It appears that as a direct result of this, VCs are winding their necks in when it comes to investment in startup cybersecurity companies.
Dan also mentions that cybersecurity startups aren’t able to reach the right level of persona within the companies they’re trying to sell to. “It’s very difficult for vendors to be able to get in front of the decision-makers within a targeted company. This is mainly because CISOs now have hundreds of vendors vying to sell to them at any given time.” Such difficulty in getting face-to-face with high-level, high-budget persona has led to vendors selling their products to lower levels of persona at a lower volume and price. In turn, this has contributed to the growingly tentative attitude that venture capital firms are taking with their investments.
Despite what may initially seem like a burst in the cybersecurity bubble, it certainly isn’t all doom and gloom. These companies are now needed more than ever before. In 2016, over 4.2 billion records were exposed through data breaches — a truly gargantuan increase from the next highest yearly total of 1.1 billion records exposed in 2013. It’s estimated that in 2021, cybercrime will cost the world $6 trillion. The ever-adapting tactics of attackers and data-thieves means that innovation and new solutions will always be needed.
Operatix’s Dan Seabrook points out that “VCs are still investing, but they’re doing so in smaller monetary amounts with a higher degree of scrutiny than before”. Hard stats can visualise Dan’s observation: the total value of venture capital investment in cybersecurity was down $600 million year-on-year for 2016, as mentioned before, but the number of individual investment deals made was at a record high of 404 — a 6.4% increase on the previous year.
What can be done to improve this situation?
Ensure marketing and sales are working together effectively on inbound activity.
Far too often you find that marketing and sales departments are at each other’s throats, rather than working together to produce results. A good way to spark a collaborative relationship between the two departments is by making sure they have a clearly defined service level agreement between them. The marketing team should be handing over solid leads that have been well scrutinized on the size of the account and level of persona involved, whilst the sales team should be following up in a quick and concise manner; statistics show that you’re 9 times more likely to convert a lead into a sale if you follow up inside the first 5 minutes.
Create a disciplined and streamlined approach to outbound activity.
When it comes to outbound activity, your messaging should be as good as it can possibly be. Cybersecurity firms regularly fall into the trap of yammering on about the technical specifications of their product. Dan’s advice to cybersecurity vendors discusses this point. “It’s key to remember that your sales tactics should revolve around research into the potential buyer — make sure you focus on their needs and how your product can provide for those needs.” CISOs don’t often come from a technical background. They’re business-minded folk, and as such, are more likely to be receptive to a value-based sales approach. You should also try to avoid FUD (fear, uncertainty, doubt) as a sales tactic. CISOs are generally unreceptive to a life-insurance-like, fear-based approach to selling
With such a massive amount of competition for the largest accounts, there’s also no shame in aiming for mid-market companies. Selling to these companies at a higher volume but lower average deal value can be an excellent tool in providing ROI for your VC investor.
Develop a clear and robust channel strategy.
At times, it can be a tough gig to get your channel partners to revenue. They’re more than happy to take on new vendors, but they can be difficult to motivate without a proper plan in place. Dan mentions that there are certain questions you should be asking yourself with regards to your channel strategy: Will you be going for a wide arsenal of channel partners selling at lower average deal values? Or will you be looking at utilizing a lower volume of boutique-type partners? Once you’ve developed a network of channel partners, how will you go about driving the right kind of behavior and educating them in order to enable revenue to be achieved as fast as possible?