The report, dated 21 October and which is based on data publicly available on the firm's venture capital database, reveals that corporate investors have participated in over 140 financial deals totalling over £850 million (US$ 1.37 billion) to cyber security companies since 2010.
Significantly, the firm says that cyber security funding this financial year (FY2014) has risen some 29 percent year-on-year over 2013 and over double (129 percent) compared to deals completed in 2012.
Some say that this is an impressive finding considering there are still two months remaining in a year which has already seen big rounds of funding for the likes of Skyhigh Networks, Centrify and Ionic Security, as well as companies that specialise in authentication, cyber intelligence and encrypting web browser traffic.
The report indicates that the majority of these deals have been at ‘early' or ‘mid-stage' with the majority of US-led funding (57 percent) going to the US Silicon Valley – home of many technology companies old and new, including OpenDNS and Lastline.
Massachusetts and New York rounded out the top three in the US but both saw less than a ten percent share each, with Israel the most active non-US market.
As far as VCs are concerned, Intel Capital remains the most active corporate investor and with the most cyber security exits (an exit strategy is where an investor tries to “cash out” on their investment), with Google Ventures and Qualcomm Ventures also in the top three. Other prevalent buyers included Juniper Networks, Citrix Systems, Samsung Ventures and Symantec.
Brian Honan, managing director and consultant at BH Consulting, told SCMagazineUK.com that it is good to see the market continuing to grow.
“It is welcome to see this level of investment in the cyber security field as it demonstrates that security is now becoming a major area companies, both as consumers of that technology and also as investors,” he said by email.
“However, my concerns are that this large increase is coming from a fairly low starting point. Many companies have not invested properly in cyber security in the past and as a result are now playing catch-up. The recent major security breaches against large US retailers, major vulnerability announcements such as Heartbleed and Shellshock, and the allegations from Edward Snowden on how vulnerabilities in the systems we use in our daily lives have been exploited, demonstrate how insecure our infrastructure and systems have been.”
He added: “Recently we have seen a large number of new companies and providers in the security space emerge with innovative solutions. The investments in this companies and in traditional firms is something that hopefully will continue to encourage more development in our defensive capabilities and improve the security for us all.”
Bob Tarzey, director and analyst for IT consultancy Quocirca Group, agreed with Honan that the report is good news for the security industry, adding that VCs are pumping their money in on the presumption that the backed security companies will be able to attract consumer and business money.
“Ultimately, they're betting on the fact that they're all going to spend more money on cyber security,” he told SC.
On the origin of the investment, Tarzey said that it depended on the focus and geography of each VC but said that the US and Israel were traditionally strong in the security space, with Europe and the UK not far behind.
Citing the likes of Sophos, MessageLabs (now part of Symantec), Scan Safe (Cisco) and Surf Control (Websense), he added: “The UK software development market has a strong focus on security and it's going to get a slice of the pie too.”
The analyst added that authentication was a natural point of call for VCs with Quocirca's own research indicating that 70 percent of businesses are interacting with their customers online, leading to a ‘nervousness' around fraud in particular.
“I've been covering security as an analyst for more than ten years and I've never seen so many companies getting VC funding so it's very real. There will be successes and failures, but that's just the way things go.”
PA Consulting cyber security expert Edward Savage added in an email to SC: “Many of the acquisitions have been of smaller companies with great IP that can add significant value to the bigger players. I also believe some acquisitions have been about reducing competition in what is a competitive market. Whilst the definition of ‘cyber' seems something of a moving feast, by any measure it is a significant and growing market, and companies have been looking to both broaden and deepen their capabilities.
Meanwhile, Malwarebytes CEO Marcin Kleczynski said that the investment is running in parallel with an advancing threat landscape.
"Investment in cyber security is rocketing because the threat landscape is advancing at a furious pace. Cyber-criminals and other malicious actors are now using techniques that leave traditional AV trailing far in their wake. This has already severely impacted the financial and reputational value of some of the largest companies on earth."
He added: "The knock-on effect is that IT budgets have had to increase sharply in response, and the smart money is reacting to this change by seeking to invest in advanced countermeasures from focused and innovative companies."