From COVID-19’s curve to election polls, public temperature checks to stimulus checks, 2020 was dominated by numbers — the guiding compass of any self-respecting venture capital investor.
As a VC exclusively focused on investments in Israeli cybersecurity, the numbers that guide us have become some of the most interesting to watch over the course of the past year.
The start of a new year presents the perfect opportunity to reflect on the annual performance of Israel’s cybersecurity ecosystem and prepare for what the next twelve months of innovation will bring. With the global cybersecurity market outperforming this year’s panic-stricken expectations, we carefully combed through the figures to see how Israel’s market, its strongest performer, compared — and predict what it has in store.
The cybersecurity market continues to draw the confidence of investors, who appear to recognize its heightened importance during times of crisis.
The “cyber nation” not only remained strong throughout the pandemic, but even saw a rise in fundraising, especially around application and cloud security, following the emergence of remote workflow security gaps brought on by social distancing. Encouraged by this, investors have demonstrated committed enthusiasm to its growth and M&A landscape.
Emboldened by the sector’s overall strength and new opportunities, today’s Israeli visionaries are developing stronger convictions to build larger companies; many of them, already successful entrepreneurs, are making their own bets in the industry as serial entrepreneurs and angel investors.
The numbers also reveal how investors are increasingly concentrating their funds on larger seed rounds for serial entrepreneurs and the foremost industry trends. More than $2.75 billion was poured into the industry this year to back companies across all stages, a 97% increase from last year’s $1.39 billion. If its long-term slope is any indication, we can only expect it to continue to grow.
However, though they clearly indicate progress, the numbers still make the need for a demographic reset clear. Like the rest of the industry, Israel’s cybersecurity ecosystem must adapt to the pace of change set out by this year’s social movements, and the time has long passed for true diversity and gender representation in cybersecurity leadership.
Seed rounds reveal fascinating shifts
As the market’s biggest leaders garner experience and expertise, the bar for entry to Israel’s cybersecurity startup ecosystem has gradually risen over the years. However, this did not appear to impact this year’s entrepreneurial breakthroughs. 58% of Israel’s newly founded cybersecurity companies received seed rounds this year, totaling 64 seeded companies in 2020 compared with last year’s 61. The total number of newly founded companies increased by 5%, reversing last year’s downward trend.
The amount invested at seed hit an all-time high as average deal size in 2020 increased by 11%, amounting to an average of $5.2 million per deal. This continues an upward trend in average seed rounds, which have surged over the last four years due to sizable year-on-year increases. It also provides further support for a shift toward higher caliber seed rounds with a strategically focused and “all-in” approach. In other words, founders that meet the new bar for entry are raising bigger rounds for more ambitious visions.
Where is the money going?
2020 proved an exceptional year for application security and cloud security startups. Perhaps the runaway successes of Snyk and Checkmarx left strong impressions. This year saw an explosive 140% increase in application security company seed investments (such as Enso Security, build.security and CloudEssence), as well as a whopping 200% increase in cloud security seed investments (like Solvo and DoControl), from last year.
Software long ago ate the world and produced a long-expected trend; more companies are becoming dependent on application development, rendering code a larger attack surface that requires security. Nonetheless, the accelerated pace of cloud security’s rise was rather abrupt. This is largely explained as another possible COVID-19 byproduct — the rise in remote workforces and their need to remotely use infrastructure, applications and services, resulted in unprecedented challenges around enterprise scalability, as well as new attack vectors.
Seed investment patterns have also demonstrated an overwhelming investor preference for serial entrepreneurs. In 2020, 36% of newly founded companies were established by founders with prior experience in building cybersecurity startups, and 30% of seeded companies in 2020 were founded by serial entrepreneurs. Increasingly, even first-time founders are amassing a few years of private sector experience following their army discharge.
As more and more founders return to cybersecurity entrepreneurship with growing initial backing, it remains clear that ample opportunity remains in the sector for those who know how to find it. This further supports earlier findings indicating a more careful and selective investment style — founder experience has become a key factor in investor confidence as today’s entrepreneurs accumulate years of technical, customer-facing, business and leadership experience.
Many of them have gained this experience at the helm of their own successful venture, bringing valuable knowledge to their next endeavor. In fact, these same founders are making increasingly larger waves as investors themselves. 23% of this year’s seed rounds involved the participation of a successful cybersecurity entrepreneur as angel investor.
“Entrepreneurship is a career path. Founding a startup has a deep impact on your life, family, friends and sleep, but nothing’s as rewarding as leading in a category or knowing that something you’ve built is being used all over the world,” said Dan Amiga, CTO and co-founder of Zero Abstraction, an angel investor in Israeli cybersecurity startups like Cycode and build.security.
He also shares how Israel’s cyber ecosystem has evolved, “Older generations of cyber innovation commercialized military cybersecurity processes and techniques and placed a heavy focus on ‘cyber.’ Today’s companies, led by second-timers, have refined their understanding of commercial security gaps and customer service and are far more focused on terms like ‘enterprise’, ‘cloud’ and ‘digitalization.’ They’re also reaching out to other founders they’ve worked with for partnerships and angel investments, creating ‘super teams’ of top-tier talent.”
However, it is paramount to note that only 3.16% of newly founded companies in 2020 were led by a woman. The industry will never be able to fully celebrate or claim the success laid out above until it can rectify this outdated imbalance. Though the underrepresentation of women in STEM is hardly unique to the cyber nation, a solution singular to Israel is readily available in the IDF. A vital catalyst in the early professional development of its population, the Israeli defense force’s dedicated diversification efforts represent promising and important opportunities to boost the number of women working in tech.
Follow-on rounds continue to break records
2020 was a record year. This includes the number of funding rounds across all stages (109 rounds), overall funding received across all stages ($2.75 billion), and year-on-year growth in overall funding (97%). This is a particularly interesting outcome considering the pandemic’s toll on the rest of the economy, further compounded by the fact that 2020 bounced back from 2019’s slump (decreased to 71 rounds). The cybersecurity market continues to draw the confidence of investors, who appear to recognize its heightened importance during times of crisis.
The records particularly benefited application and cloud security here as well, as both saw enthusiastic follow-on funding throughout 2020. This included a massive increase in funding rounds for application security companies due to a jump from two firms in 2019 to 19 in 2020. These companies claimed 17.4% of everything invested across all funding rounds. Meanwhile, cloud security saw a 325% increase in round numbers that still claimed an impressive 15.6% of everything invested in the ecosystem this year. Data protection, privacy and compliance also performed well, with a 50% year-over-year increase in companies claiming 8.3% of investments.
According to Avi Shua, CEO and co-founder of cloud security innovator Orca Security, “Digital transformation has heightened the need for bleeding edge cloud security technology. Enterprises are consequently turning to innovators for solutions as their needs outpace the offerings of cybersecurity’s incumbents. Moreover, a growing number of cybersecurity solutions are now available as SaaS, making it significantly easier for new startups to penetrate the market. In this democratized space, companies like Orca see a clear path to becoming a market leader, leading us to structure ourselves for growth and a future IPO, and opt for large financing rounds that fuel this growth.”
Shira Shamban, CEO and co-founder of Solvo also anticipates more action in the cloud security space, adding that “There is also little question that the rising awareness of privacy and security have also stoked cloud security’s growth. Hindsight is making many inherent vulnerabilities of the cloud clear, and users now have the maturity to better understand their security needs in this space.”
Notable rounds and exits
Israel is bidding farewell to 2020 with four more cybersecurity unicorns under its belt (SentinelOne, Snyk, Cato Networks and BigID). It also saw multiple funding rounds for familiar names including SentinelOne’s $200 million E and $267 million F rounds; Snyk’s $150 million C and $200 million D rounds; Cato Networks’ $77 million D and $130 million E rounds; BigID’s $50 million C and $70 million D rounds and Orca Security’s $20 million A and $55 million B rounds.
2020 saw a downward trend in the number of exits taking place — specifically, 20% fewer than in 2019. As with the rest of the market, COVID-19 may have very well played a role here as well. However, when taking its other exit parameters into account, a more promising picture emerges.
Israeli cybersecurity exit sizes grew beyond precedent this year to an average of $401 million per exit, whereas there has been an overall decline in the number of exits. Israeli cybersecurity entrepreneurs have developed grander ambitions and, encouraged by investors as the average round size grows, are focused on building out mature and robust companies with fully developed platforms and go-to-market organizations. The average Israeli cybersecurity startup is now 5.9 years old at exit and raises an average of $37 million prior to acquisition.
Over the last few years, we have consistently noted private equity firms’ growing presence as acquirers in Israel’s cybersecurity ecosystem. Nonetheless, 2020 was still an outlier — private equity firms acquired significantly more Israeli cybersecurity companies in 2020 compared with the prior year. Further, 2020’s biggest exits were to PE firms.
Last year’s report noted that “private equity activity … will likely shake up the current order in the coming years.” Keen to play their hand, they are heavily betting on companies despite marked-up valuations. This trend is certain to keep the landscape exciting for the next few years to come and is yet another testament to the promise of cybersecurity in these uncertain times.
Israel’s cyber landscape not only withstood the market’s curve balls this year, but even managed to strengthen its position as cybersecurity becomes a maturing, C-suite priority. Emboldened by this, entrepreneurs are increasingly determined to build large companies and second-timers are keen to invest themselves. This has perpetuated a cycle of positive growth as venture capitalists and private equity funds hold convictions, reinforced by the market’s numbers, in the industry’s capacity to produce unicorns.
We believe that the number of founded companies will continue to stabilize as the bar for entry rises and more serial entrepreneurs invest longer stretches of time into their ventures. Barring another pandemic, we will see the emergence of billion-plus dollar company valuations as later-stage investors develop even more faith in the market. We expect this growing number of Israeli unicorns to generate more “blue and white” acquisitions of their smaller compatriots in the coming year.
These good tidings are timely, as the cybersecurity threatscape shows no signs of retreat as enterprises continue to adapt to the new normal’s security gaps. If recent headlines have been any indication, attacks, as well as the attackers themselves, are only growing more powerful, sophisticated and devastating. With enterprises facing off against everything from talented, self-taught hackers, to organized cyber criminals and state-actors. Israel’s ecosystem is poised to take on this ongoing challenge as its ambitious entrepreneurs gain the experience, confidence and backing they require to build out powerful solutions.
Cycode, build.security, Enso Security and Orca Security are YL Ventures portfolio companies.