In a sign that pure equity financing is getting harder to come by, cybersecurity firm Arctic Wolf, which last July raised $150 million at triple its previous valuation ($4.3 billion), opted for all debt in its latest funding round. The company today announced that it secured $401 million in convertible notes from Owl Rock, with participation from new and existing investors Viking Global Investors, the Ontario Teachers’ Pension Plan and Neuberger Berman. Should an initial public offering (IPO) come to pass, as was at one point Arctic Wolf’s plan, the debt will convert to shares at a premium to the price.
The Information reported in late August that Arctic Wolf was in talks to raise $300 million, making this round a decided success in a punishing macroeconomic environment. While cybersecurity startups continue to attract funding (see: NetSPI’s $410 million growth round), with investments in the sector totaling close to $4 billion in Q2 2022, the deal flow and size of deals are starting to dip, Crunchbase reported in July. This week, Crunchbase further noted that while cyber startups saw more funding in H2 than all of 2020 ($8.9 billion), funding to VC-backed cybersecurity startups isn’t on pace to hit last year’s high (over $23 billion).
“We evaluated a number of different options, including traditional equity raise, but [debt] was the best for Arctic Wolf, for our stage of hyper-growth,” CEO Nick Schneider said via email. “In a turbulent economic environment, security will remain a top priority for companies. Being able to secure this amount of funding from both new and existing investors is a testament to what our team continues to accomplish and reflects the fact that Arctic Wolf continues to be perceived to be among the top performing private software-as-a-service companies by the investment community.”
The debt brings Arctic Wolf’s total raised to $900 million, $499 million of which is venture capital. Schneider tells TechCrunch that the debt will be put toward product development, strategic mergers and acquisitions investments and global expansion, with a particular focus on growing the company’s presence in the Asia-Pacific region and Australia and New Zealand.
Brian NeSmith and Kim Tremblay co-founded Arctic Wolf in 2012, spurred on by the belief that cybersecurity had an “effectiveness problem.” NeSmith, now executive chairman, was the company’s CEO until August 2021, when Schneider assumed the role after serving as Arctic Wolf’s president and chief revenue officer.
Eden Prairie, Minnesota-based Arctic Wolf originally built its solutions to target mid-size enterprises that couldn’t afford to staff dedicated security teams. But in the subsequent years, the company began pitching its products in larger enterprise markets, rolling out security awareness and training programs and launching a restructured partner program with tiered support services.
“Arctic Wolf [adopts an] operational approach to security through a cloud-native platform,” Schneider said. “Security isn’t solely a tools or staffing problem — it is an operational problem. It needs to be solved by a foundational and unifying platform that offers action-based intelligence. Unlike other industries like customer relationship management, which has Salesforce, or HR, which has Workday, this system-of-record platform has never been accomplished in cybersecurity — until Arctic Wolf.”
Arctic Wolf’s flagship software platform ingests data from a company’s endpoints, cloud environments and networks to provide a unified view of potential cybersecurity threats. Tools from Symantec, Cisco and startups like Rapid7 already accomplish this, but Schneider claims Arctic Wolf is differentiated by its concierge security teams. Consultants from the company monitor organizations’ data and learn their business, requirements and remediation steps, tailoring Arctic Wolf’s software for their particular environment.
For instance, to cut down on alert fatigue (it’s not uncommon for security teams to receive hundreds of alerts per day, most of which are false positives), Arctic Wolf uses machine learning to validate cybersecurity incidents. Schneider says that of the more than 2.5 trillion weekly observations taken in by the company’s platform, fewer than five are forwarded to the average customer each week.
“The biggest challenge that both security vendors and internal security teams face is that threat actors are working around the clock to find new ways to exploit and attack their victims,” Schneider said. “In many ways, the bar of innovation in cybersecurity is set from the outside, as our industry races to stay one step ahead of threat actors, creating an ever-present challenge for the cyber teams protecting businesses of all sizes.”
Arctic Wolf has over 3,000 customers worldwide, including more than 100 state and local government agencies in the U.S. Schneider declined to disclose current revenue — last September, Arctic Wolf reported $200 million in annual recurring revenue over the preceding 12-month period — but said the transition to hybrid work during the pandemic continues to bolster Arctic Wolf’s business growth as organizations grapple with protecting their data and systems remotely.
“[The pandemic] triggered a digital transformation trend that is a long-term driver for Arctic Wolf’s business and next-gen security spending in general,” Schneider added. “Additionally, the cybersecurity and broader enterprise industry face a massive skills shortage, as businesses clamor for in-house security talent to defend and mitigate these attacks.”
Artic Wolf’s embrace of debt comes as the broader VC market slows down. According to Crunchbase data, VC-backed startups in the U.S. raised close to $15.9 billion in debt through the first seven months of the year. Through the same period in 2021, startups had around $13.3 billion of debt.
But debt isn’t a death knell. For companies that have high recurring revenue and visibility into future performance, debt historically has been a huge asset. Loans can provide money to grow while preventing dilution; profitable, cash-flow positive, late-stage startups — e.g. Spotify, which raised $1 billion in convertible debt in 2016 ahead of its IPO — are prime candidates because defaulting on the loan risks pulling the company under.
Owl Rock’s David Jar and Ilan Aharoni expressed confidence in Arctic Wolf’s near-term growth trajectory, unsurprisingly — which might or might not include an IPO. Schneider hinted in January the firm might go public by the end of this year, but he’s toned down the talk in recent months.
“When we first invested in Arctic Wolf, we saw a massive market opportunity, a clear market leader and a phenomenal team to execute on the thesis,” Jar and Aharoni said. “While the team’s execution has been world-class, we believe the company is only in the early innings of its journey. Today, organizations of all sizes have neither the resources nor the expertise to appropriately secure themselves from cyber threats. Arctic Wolf fills that gap with its one-stop, cloud-native solution and its delivery model. We are thrilled to deepen our relationship with the company.”