Earlier today TechCrunch covered the launch of a new, $450 million cybersecurity-focused fund, the second from venture group ForgePoint Capital.
The new vehicle, inventively named Fund II, will mostly focus on early-stage companies in the cybersecurity space. The fund’s timing is somewhat unsurprising. As we noted in our earlier coverage, the recent IPOs of Cloudflare (more here) and CrowdStrike (more here) have given cybsersecurity a halo, showing founders and investors alike that outsize returns are possible in the space. Such successes can’t hurt VCs looking for fresh capital.
To get a stronger grip on how ForgePoint sees the market, TechCrunch corresponded with the group, asking about fund mechanics (check sizes, investing pace), the cybersecurity sector itself (business models, valuations) and recent liquidity events (CrowdStrike in particular). ForgePoint’s Alberto Yépez, a co-founder and managing director at the group, answered our questions.
The following interview has been lightly edited for clarity and length. Let’s have some fun:
TechCrunch: The new fund is $150 million larger than its predecessor. Why raise 50% more for the new vehicle? What is the target number of checks per year? Will it be faster than the preceding fund?
ForgePoint Capital: We were one of the first investors to focus on cybersecurity when we raised our first fund. Since then, the cybersecurity market has grown by more than 50%, driven by the constantly evolving challenges facing businesses, governments and individuals. We’ve also doubled our investment team. Our team has a singular focus on the market, driving unparalleled domain expertise and insights into emerging industry trends.
We will continue to invest in six to ten new cybersecurity companies per year, and find great opportunities with leading entrepreneurs.
Putting capital to work in “early-stage and select growth companies” is delightfully flexible. What check size range is the fund targeting, and what is the target deal size for growth-oriented deals?
We target up to $25 million for early-stage ventures throughout the life of an investment, and up to $50 million for growth-oriented companies achieving considerable revenue growth.
How much did Crowdstrike’s successful IPO boost cybersecurity-focused startup valuations and fundraising last year?
A rising tide lifts all boats. In cybersecurity, as elsewhere, the market rewards rapid growth and valuations reflect [that]. We target companies with great teams building innovative solutions that are poised for high growth. While the Crowdstrike IPO certainly boosted attention on the market, over 90% of successful cybersecurity exits are through M&A. Strategic buyers and financial sponsors pay up for companies that can scale.
Does ForgePoint find early-stage cybersecurity valuations reasonable today? Data shows that startup valuations are setting records, making some investors presumably nervous.
Valuations remain competitive across the market, but seasoned entrepreneurs look for value-added partners. So we focus on our ability to help entrepreneurs build lasting companies of scale.
In many startup niches/sectors, competition between different venture capital players has led to aggressive inside rounds and other forms of pre-emption. Is the cybersecurity venture market similarly competitive?
We’ve found that building successful cybersecurity companies requires deep domain expertise. Unlike other sectors, there are fewer venture investors focused singularly on security. While the market is competitive, we often syndicate with other leading investors similarly focused on building value in the market.
Leading investors in cybersecurity include Bain Capital, In-Q-Tel, IVP, Kleiner Perkins, USVP and others like BGV, GGV, Paladin
Aside from the traditional SaaS model, what sorts of business models does ForgePoint find exciting inside of early-stage cybersecurity companies?
Almost all of our companies are subscription-driven; however, we’ve seen considerable demand from customers for product services. Given the shortage of security talent across the industry, managed services can help to bridge the gap. Our two most recent investments highlight this emerging trend, Cysiv and Huntress Labs.
Dell is selling off a security asset. Does the transaction have any import on how public market investors view maturing cybersecurity companies?
Dell is making a smart move by spinning out a mature cyber company with a large installed base. This will create an opportunity for the newly independent company to be more focused in the market or potentially acquire innovative, high-growth companies to drive value for shareholders. We see this trend continuing, having now spun-out two startups – CyberCube Analytics and, more recently, Cysiv – from larger public companies, Symantec and Trend Micro, respectively.
Increasingly, non-cybersecurity companies are layering security products on top of their other offerings. Box and Egnyte come to mind. Is that process putting price/sales pressure on pure-play cybersecurity companies?
Security needs to be embedded everywhere. This trend is just beginning, and enterprises need to build security by design. As they continue to focus on their core markets, and build trust with their customers, enterprises will augment or build in security with best in class cybersecurity solutions.