IPO Corner: Cybersecurity Is Hotter Than Ever

As of 2021, the cybersecurity market was valued at $179.96 billion, and the space is projected to more than double to $372.04 billion by 2028. With that type of market size and growth, it is important to keep a close eye on new companies entering the space that could grab a large share of the market.

Currently, there are about three times as many companies in the space as there were just three years ago. With major changes in the way we work and a rise in cyberattacks, the space shows no signs of slowing down anytime soon. In fact, security teams are finding that they are increasingly faced with the problem of not having the right solution to combat cyberattacks that seem to grow in sophistication and number almost daily. Cybersecurity companies must continue to evolve and grow to meet ever-increasing demand and an ever-evolving threat landscape, and that means that the market is ripe with possibilities.

What Is Cybersecurity, Really?

Briefly, let’s look at what cybersecurity technology is and who some of the players in the space are. The cybersecurity space is comprised of a wide suite of products, so we’ll just go over a few. Cybersecurity technology includes firewalls (firewalls watch and filter incoming and outgoing traffic on a network), Intrusion Detection and Prevention Systems (called IDPS, these check for malware and alert network admins when there is a potential breach), Virtual Private Networks (called VPNs, these act as virtual access points that connect users securely to servers), antivirus and antimalware (these detect and remove viruses and malware), and Network Access Control (called NAC, these manage access to networks through policies, security checks, audits, and management of users on a network).

Cybersecurity tools are used in all sectors, but some good use cases to think about to help understand them are in spaces like finance, where they keep institutional and customer data protected from malicious actors, and in healthcare, where personal data and the patients associated with that data can mean life or death, both in terms of accurate record keeping and in the continuity of business when it comes to patient care (think here of keeping ventilators functioning).

Some top performers in the space that you may have heard of are Okta (OKTA), CrowdStrike (CRWD), Fortinet (FTNT), VMware (VMW), Intel (INTC) and Japan-based Trend Micro. It’s a crowded and highly competitive space, with more venture-capital-funded hopefuls hitting the market every year.

Risks Are Rising

Cyber warfare and cyber attacks are increasing, especially in the United States. According to recent research from password management firm Specops Software, the U.S. has had three times the amount of significant cyber attacks in the past 14 years as any other country. To be categorized as “significant”, an attack must meet the criteria of being an attack on a government agency, defense, a high-tech company, or be an economic crime with losses that equate to over a million dollars.

In response, lawmakers have been making pushes to enhance U.S. cybersecurity controls, including a recent proposal that would create a position in government that would act as a top advisor to the President in the cybersecurity space. And lawmakers from both sides of the isle have been applying pressure to Homeland Security Secretary Alejandro Mayorkas on the U.S.’s readiness for possible attacks, with a group of 22 senators recently penning a letter to Mayorkas asking for a Department of Homeland Security (DHS) briefing on “efforts to protect the United States homeland from Russian government cyber and disinformation threats in the wake of Russia’s violent and unprovoked invasion of Ukraine.”

Of particular concern to lawmakers is the possible Russian use of cyber and disinformation campaigns against the United States in retaliation for ongoing sanctions. And they have a right to be worried, Vladimir Putin’s regime is notorious for fighting dirty, engaging in activities like espionage, cyberattacks, malicious cyber activities, IP theft, propaganda, and disinformation… if you recall, they were behind the 2020 SolarWinds attack, which led to a series of data breaches within federal agencies. In light of all this, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a “Shields Up” alert for American organizations.

Last month, Biden released a statement on the nation’s cybersecurity in which he highlighted the need for the U.S. to improve domestic cybersecurity and bolster national resilience. He cited evolving intelligence that points to Russia exploring its options for attacking the U.S. and has mandated extensive measures for both the Federal Government and critical infrastructure sectors (most critical infrastructure in the U.S. is privately owned), creating private-public partnerships to accomplish these goals.

Infrastructure In The Crosshairs

In recent statements, FBI Director Christopher Wray has stated that the agency is “concerned’ with the possibility of Russian cyberattacks against critical U.S. infrastructure. According to the FBI, they’ve noticed specific preparatory activities (which means they have witnessed the conducting of research and scanning of vulnerabilities on potential victims) on five U.S. energy companies in recent weeks and months. The agency says they are working closely with partners abroad and the private sector here at home to continue to monitor and prevent possible attacks, but that there is ongoing cause for concern and a need for organizations to strengthen their security postures as much as possible.

These sentiments have been echoed by the Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuburger, saying that the government has stepped up preparations for a cyberattack. Federal agencies have recently convened with over 100 companies to share intelligence, as well as tools and resources to help companies harden their security. And Homeland Security Secretary Alejandro Mayorkas and the Cybersecurity and Infrastructure Security Agency Director Jenn Easterly have both reiterated that DHS has resources to combat cyberattacks for private businesses and urged companies to protect themselves.

Get Ready For More IPOs

Both established players and newcomers to the space are ramping up in order to keep up with the evolving threat landscape and are offering ever more sophisticated and capable products to help protect against cyberattacks. We’re watching intently and expect several heavy hitters to IPO sometime this year, so let’s talk about a few of them. They include Optilan, Netskope, Snyk and Cybereason.

Optilan, a subsidiary of DarkPulse, is a communications and security services provider dealing in cutting-edge technology in telecommunications, alternative energy, oil and gas, power, and rail. With over 30 years of experience, the company helps increase operational efficiencies across industries with advanced security and communication solutions. DarkPulse announced plans for an IPO of Optilan on the NYSE sometime mid-year. The move will create a separate publicly traded company, allowing Optilan to expand, and the plan is to list 20% of shares while retaining 80% ownership.

Though not confirmed, it’s very likely that Netskope will IPO sometime this year. Netskope has made a name for itself by building a comprehensive Zero Trust platform and fits generally into the Cloud Security domain. Among its offerings, Netskope is most well-known for its Cloud Access Security Broker (CASB) product. The company has been a consistent leader in Gartner’s Magic Quadrant for CASB and ranks high in adjacent domains. Essentially, Netskope dominates the CASB market. The company’s valuation is $7.5 billion, which is much higher than many cybersecurity companies that have already gone public, making Netskope one of the world’s most valuable private tech companies.

Snyk, a start-up in the cybersecurity space valued at $8.6 billion as of last year, is working with Goldman Sachs and Morgan Stanley in preparation for an IPO. The company is a developer security platform that performs real-time scans of source code to identify and fix security issues and was recognized as a visionary in the 2021 Gartner Magic Quadrant for application security testing. This is particularly impressive since there are much more seasoned companies in this space who have been in the game for much longer. Snyk is leading the pack in the application security testing category, and the company has become a favorite among developers.

Cybereason, a security software vendor backed by SoftBank and Alphabet’s Google cloud unit, ranked number 32 on last year’s CNBC Disruptor 50 list. According to Reuters, the company has confidentially filed for a stock market listing in the U.S., with a reported $5 billion valuation. The company, which was founded in Israel, but has since moved to Boston, is blossoming in the endpoint protection space. The company helps secure large-scale corporate and government networks and network devices.

It’s exciting to witness the growth happening in this space, and we’ll keep an eye out to see whether these companies take the plunge as expected this year or not. Be sure to stay tuned for more information and if these IPOs make it to my Buy List.