Tag: Due Diligence
Cognosec AB (publ) (“Cognosec” or “The Company”), (Nasdaq: COGS), a leading supplier of cyber security solutions with operations in Europe, Africa and the Middle East, has signed an exclusive agreement with A-tek Distribution, a UK-based company specialising in the sale and digital distribution via innovative portal technologies of cyber security solutions, products and services.
The acquisition is in line with Cognosec’s strategy to expand business areas to cover the sale and distribution of software technologies over the internet.
This press release includes inside information of Cognosec AB (publ) (“Cognosec” or “The Company”) that has been subject to postponement of disclosure.
The disclosure of inside information was postponed on December 8, 2016 under Article 17 (4) of Regulation (EU) No 596/2014 (Market Abuse Regulation).
Cognosec AB today announces the signing of Heads of Terms of Agreement pursuant to the acquisition of A-tek Distribution, which is expected to close in Q1, 2017 subject to legal, financial and technology due diligence exercises.
A-tek Distribution was founded in 2009, and is a United Kingdom registered company.
The transaction will include the acquisition of 100% of outstanding shares for a consideration of approximately €275,000 comprised of €44,000 cash and €231,000 Cognosec AB new issue shares.
The transaction will be completed by Cognosec AB subsidiary, Credence Security.
There will be no other impact on Cognosec AB’s balance sheet.
A-tek Distribution is a specialist Digital Software Distribution Business, distributing cyber security solutions by portal and established by pioneers of digital software distribution who between them, possess over 85 man years of digital software distribution.
A-tek is positioned as a New Age Distribution Business, enabling global access to the vast SME markets with Pay-as-you-Use and Software-as-a-Service cyber security solutions.
The technology platform provides significant scalability and global advantages through innovative distribution methodologies.
A-tek Distribution recorded revenues of EUR101 510 2 in FY2016 and EBITDA of EUR 48 5602.
The acquisition of A-tek improves Cognosec’s competitive advantage for both vendors and customers alike.
This addition also expands Credence Security’s current product portfolio to incorporate cyber security solutions for secure operation centers, network operation centers, datacenters, mobile platforms, virtualised environments as well as providing critical fraud prevention solutions into the technology, media, telecommunications, financial and public sectors.
Commenting on the acquisition of the business by Cognosec AB, Robert Hall, A-tek Distribution’s Co-founder, says that - “It will allow the Company to fast track the overview above, whilst working together with a globally recognised provider of cyber security excellence to secure additional distribution agreements giving our current and future partners tremendous platforms for future growth, productivity and profitability."
Robert Brown, CEO of Cognosec AB commented – “We are delighted to broaden and deepen our business in line with our strategies through the acquisition of A-tek, a highly respected and experienced team.
Through A-tek, Cognosec will be extending its customer base with the addition of web-based digital distribution portals covering existing and new segments of this growing market.
Cognosec recognises the expansion of distribution of cyber security software through innovative portal solutions providing products and services with a strong emphasis on the SME markets as our strategic focus."
The transaction will complete in GBP so the approximation is for the GBP:EUR exchange rates which were taken at mid-market on 23rd January 2017, 1GBP=1.158EUR.
A-tek Distribution Limited uses GBP as reporting currency.
The approximation is for GBP:EUR exchange rates which were taken at mid-market on 23rd January 2017, 1GBP=1.158EUR.
Mangold Fondkommission AB is the Company’s Certified Adviser.
Telephone: +46 (0)8 5030 1550
FOR FURTHER INFORMATION, PLEASE CONTACT:
IR-contact, Cognosec AB
Aidan Murphy / Matthew Watkins
PR contacts, Finn Partners
Call: +44 (0)20 3217 7060
This information is information that Cognosec AB is obliged to make public, pursuant to the EU Market Abuse Regulation.
The information was submitted for publication, through the agency of the contact person set out above, on 24th January, 2017, at 15.00 CET.
Cognosec AB (publ) (Nasdaq: COGS) is engaged in the provision of cyber security solutions and conducts its operations through the Swedish parent company and through subsidiaries in South Africa, UK, Kenya, and the United Arab Emirates.
The Group delivers services and technology licences to enhance clients’ protection against unwanted intrusion and to prevent various forms of information theft.
The parent company is domiciled in Stockholm, Sweden.
Cognosec employs 110 people and had revenues of EUR 16.8 million in 2015. Please visit www.cognosec.se for more information.
This goes above and beyond normal due diligence in warding off malware.
It includes a proper appreciation of the work and risks involved in handling malware infections, and acquiring a toolkit of repair and cleanup tools to complement protective measures involved in exercising due diligence.
It should also include at least two forms of insurance – one literal, the other metaphorical – that can help avert or cover an organization against costs and liabilities that malware could otherwise force the organization to incur. Due diligence to defend against malware When it comes to exercising due diligence to fend off or protect against malware, four elements are necessarily involved: Monitoring for threats and vulnerabilities in an IT infrastructure: This involves the consumption and analysis of relevant intelligence about threats and vulnerabilities and acting on warnings, workarounds and other mitigation techniques to reduce related risks.
A VPN is typically a paid service that keeps your web browsing secure and private over public Wi-Fi hotspots.
VPNs can also get past regional restrictions for video- and music-streaming sites and help you evade government censorship restrictions—though that last one is especially tricky. The best way to think of a VPN is as a secure tunnel between your PC and destinations you visit on the internet. Your PC connects to a VPN server, which can be located in the United States or a foreign country like the United Kingdom, France, Sweden, or Thailand. Your web traffic then passes back and forth through that server.
The end result: As far as most websites are concerned, you’re browsing from that server’s geographical location, not your computer’s location. We’ll get to the implications of a VPN’s location in a moment, but first, let’s get back to our secure tunnel example. Once you’re connected to the VPN and are “inside the tunnel,” it becomes very difficult for anyone else to spy on your web-browsing activity.
The only people who will know what you’re up to are you, the VPN provider (usually an HTTPS connection can mitigate this), and the website you’re visiting. A VPN is like a secure tunnel for a web traffic. When you’re on public Wi-Fi at an airport or café, that means hackers will have a harder time stealing your login credentials or redirecting your PC to a phony banking site. Your Internet service provider (ISP), or anyone else trying to spy on you, will also have a near impossible time figuring out which websites you’re visiting. On top of all that, you get the benefits of spoofing your location.
If you’re in Los Angeles, for example, and the VPN server is in the U.K., it will look to most websites that you’re browsing from there, not southern California. This is why many regionally restricted websites and online services such as BBC’s iPlayer or Sling TV can be fooled by a VPN.
I say “most” services because some, most notably Netflix, are fighting against VPN (ab)use to prevent people from getting access to, say, the American version of Netflix when they’re really in Australia. For the most part, however, if you’re visiting Belgium and connect to a U.S.
VPN server, you should get access to most American sites and services just as if you were sitting at a Starbucks in Chicago. What a VPN can’t do While VPNs are an important tool, they are far from foolproof. Let’s say you live in an oppressive country and want to evade censorship in order to access the unrestricted web.
A VPN would have limited use.
If you’re trying to evade government restrictions and access sites like Facebook and Twitter, a VPN might be useful.
Even then, you’d have to be somewhat dependent on the government’s willingness to look the other way. Anything more serious than that, such as mission-critical anonymity, is far more difficult to achieve—even with a VPN. Privacy against passive surveillance? No problem. Protection against an active and hostile government? Probably not. HideMyAss A VPN service provider such as HideMyAss can protect your privacy by ensuring your internet connection is encrypted. The problem with anonymity is there are so many issues to consider—most of which are beyond the scope of this article. Has the government surreptitiously installed malware on your PC in order to monitor your activity, for example? Does the VPN you want to use have any issues with data leakage or weak encryption that could expose your web browsing? How much information does your VPN provider log about your activity, and would that information be accessible to the government? Are you using an anonymous identity online on a PC that you never use in conjunction with your actual identity? Anonymity online is a very difficult goal to achieve.
If, however, you are trying to remain private from prying eyes or evade NSA-style bulk data collection as a matter of principle, a reputable VPN will probably be good enough. Beyond surveillance, a VPN also won’t do much to keep advertisers from tracking you online. Remember that the website you visit is aware of what you do on its site and that applies equally to advertisers serving ads on that site. To prevent online tracking by advertisers and websites you’ll still need browser add-ons like Ghostery, Privacy Badger, and HTTPS Everywhere. How to choose a VPN provider There was a time when using a VPN required users to know about the built-in VPN client for Windows or universal open-source solutions such as OpenVPN. Nowadays, however, nearly every VPN provider has their own one-click client that gets you up and running in seconds.
There are usually mobile apps as well to keep your Android or iOS device secure over public Wi-Fi. Of course that brings up another problem.
Since there are so many services to choose from, how can you tell which ones are worth using, and what are the criteria to judge them by? First, let’s get the big question out of the way.
The bad news for anyone used to free services is that it pays to pay when it comes to a VPN.
There are tons of free options from reputable companies, but these are usually a poor substitute for the paid options.
Free services usually allow a limited amount of bandwidth usage per month or offer a slower service.
Some companies disallow torrents completely, some are totally fine with them, while others won’t stop torrents but officially disallow them. We aren’t here to advise pirates, but anyone looking to use a VPN should understand what is and is not okay to do on their provider’s network. Finally, does the VPN provider offer their own application that you can download and install? Unless you’re a power user who wants to mess with OpenVPN, a customized VPN program is really the way to go.
It’s simple to use and doesn’t require any great technical knowledge or the need to adjust any significant settings. Using a VPN You’ve done your due diligence, checked out your VPN’s logging policies, and found a service with a great price and a customized application. Now, for the easy part: connecting to the VPN. Here’s a look at a few examples of VPN desktop applications. TunnelBear, which is currently my VPN of choice, has a very simple interface—if a little skeuomorphic. With Tunnel Bear, all you need to do is select the country you want to be virtually present in, click the dial to the “on” position, and wait for a connection-confirmation message. SaferVPN works similarly.
From the left-hand side you select the country you’d like to use—the more common choices such as the U.S., Germany, and the U.K. are at the top. Once that’s done, hit the big Connect button and wait once again for the confirmation message. SaferVPN With SaferVPN, all you need to do is choose the country you wish to have a virtual presence in. HMA Pro is a VPN I’ll be reviewing in the next few days.
This interface is slightly more complicated, but it’s far from difficult to understand.
If you want to select your desired virtual location click the Location mode tab, click on the location name, and then choose your preferred location from the list. Once that’s done click the slider button that says Disconnected. Once it flips to Connected,you’re ready to roll. There are numerous VPN services out there, and they all have different interfaces; but they are all similar enough that if you can successfully use one, you’ll be able to use the others. That’s all there is to using a VPN.
The hard part is figuring out which service to use. Once that’s done, connecting to a VPN for added privacy or to stream your favorite TV shows while abroad is just a click away. This story, "How—and why—you should use a VPN any time you hop on the internet" was originally published by TechHive.
I know that our legal team would look into this and examine, but they aren’t going to take a lot of my time on something they don’t think is credible." Based on reports from journalists in the audience at the Dallas trial, ZeniMax lawyers tried to press the case that Facebook didn't do enough due diligence to detect any alleged IP theft between Oculus and ZeniMax before purchasing the VR company for $2 billion in 2014. To support that argument, ZeniMax presented into evidence a text message to Zuckerberg from Amin Zoufounoun, Facebook's vice president of corporate development, saying that "there are things [Oculus] told us that are simply not true." In response, Zuckerberg texted back that he should "keep pushing forward until we have something we can sign on a moment’s notice, then we can figure out how long we wait for diligence," according to a courtroom report from Gizmodo's William Turton. On the stand, Zuckerberg also confirmed ZeniMax's incredulous assertion that Facebook's "plan was to begin legal diligence on Friday and sign the deal on Monday." In a followup, Zuckerberg suggested that Oculus was a smaller company at the time and didn't need as much time for due diligence as other large Facebook acquisitions, such as WhatsApp. ZeniMax's lawyers established that Zuckerberg was not aware of an earlier non-disclosure agreement outlining the collaboration between Carmack and Oculus founder Palmer Luckey until 2016, when he was told about it by lawyers involved in the case. The prosecution presented other evidence to show how eager Facebook was to get in on VR through an Oculus acquisition. "I wanted to just give him all my money on the spot," venture capitalist and Facebook board member Marc Andreessen reportedly said of John Carmack in introducing Zuckerberg to the idea of an Oculus purchase.
After seeing Oculus' technology in action, Zuckerberg wrote in an e-mail that the company was "miles ahead" of the competition. ZeniMax also tried to make some legal hay of Facebook's longstanding motto "move fast and break things," suggesting that Facebook may have "broken" some things in quickly signing the Oculus deal. Zuckerberg joked that the motto has changed and that Facebook now tries to "move fast and build stable infrastructure" (a modification Facebook has publicized at least since 2014). Aside from the questions about IP ownership, Zuckerberg also revealed in the trial that in addition to the $2 billion purchase price, Facebook had to spend an additional $700 million to retain key Oculus team members and another $300 million in deliverable milestone bonuses. In a statement provided to the press, Oculus said, "We're disappointed that another company is using wasteful litigation to attempt to take credit for technology that it did not have the vision, expertise, or patience to build."
This is thought to be the largest and most widespread theft of personal information in the brief history of the internet.The breach is different and twice as large as the hack Yahoo admitted to suffering last September, one the company said happened in 2014--and was at the time the largest breach in the world.
So much for world records.The newly disclosed security intrusion from Dec. 14 apparently took place in 2013 and involved a substantial amount of personal information, including passwords and the answers to security questions. Yahoo is trying to harden all its systems and requiring all its users to change passwords, and it is automatically invalidating the security questions. Former User: 'Went Over to My Gmail Account' In a typical reaction, a Yahoo user interviewed on the street Dec. 14 on Bay Area television news simply said: "How does the Yahoo breach affect me? Simple.
I just went to my Yahoo account, closed it and went over to my Gmail account."That in one statement shows the main problem web services like Yahoo's face on a 24/7 basis: Credibility in safeguarding personal information.
To be fair, this could happen to anybody, and it does on a regular basis; the public just doesn't become aware of all the breaches.Yahoo had agreed earlier this year to sell its core businesses to Verizon Communications for $4.8 billion.
Verizon said that it might seek to renegotiate the terms of the transaction after the first hacking was discovered.
It's not known how the Dec. 14 hack attack will affect the purchase, which is still in process. No matter what, this news isn't going to help Yahoo's side of the negotiation.As one might expect, eWEEK was inundated with reactions from IT folks far and wide after the news broke two days ago.
The self-serving, "I told you so" statements were easily remedied by the delete button.Others are legitimate observations based on industry experience and perspective--information from which Yahoo and others can learn. We include some of the more cogent ones here.Jason Rose, Senior Vice President of Customer Identity Management Provider, Gigya"The biggest casualty is consumer's loss of trust in Yahoo, which will, ultimately, erode the company's value for pending acquirer Verizon.
Trust is earned in drips and lost in buckets.
In the online world, customers need to share their identity: email addresses, personal preferences, credit card numbers, etc., in order to connect with the businesses that provide them goods and services.
If customers can't rely on a business to protect that data, then trust is lost.
In other words, identity is the currency of trust."James Maude, Senior Software Engineer, Avecto: "One in six people globally have now had their data breached thanks to Yahoo. With a breach on such an unprecedented scale, users should be concerned about how a behemoth of the internet failed to notice this for such a long period of time.
This is especially concerning as recent reports have shown that around this time Yahoo was busy undermining its own security by installing backdoors in their own infrastructure for government agencies.
There is the worrying possibility that this undisclosed backdoor served as cover for the data breaches, as employees deliberately ignored or hid these back channels. "Initial reports suggest that the attackers manipulated cookies, which are normally used to authenticate or track users; however, in this case the attackers changed them to bypass logins without requiring a password. Using this technique, attackers could have logged into accounts at will and monitored them for great lengths of time. With such negligence questions must be asked as to what was going on at Yahoo to allow this to happen."Craig A. Newman, head of Privacy & Data Security Practice, Patterson Belknap LLP: "Not only is this a big deal in the context of the proposed sale to Verizon, but it raises obvious questions about Yahoo's overall data security protocols, particularly if 1 billion accounts were hacked more than 3 years ago and we're just finding out about it now.
Surely, it ups the stakes in the proposed deal and gives Verizon a lot more leverage either to renegotiate the purchase price or walk from the deal. While it also underscores the important of cybersecurity due diligence in an M&A transaction and its direct link to valuation, it begs the broader question of reputational risk and what this is really going to cost in terms of litigation and regulatory investigations."
Gartner warns that simply looking at the size of security spending - even in comparison to other firms in the same sector - is potentially misleading. "Clients want to know if what they are spending on information security is equivalent to others in their industry, geography and size of business in order to evaluate whether they are practicing due diligence in security and related programmes," explained Rob McMillan, research director at Gartner. "But general comparisons to generic industry averages don't tell you much about your state of security. You could be spending at the same level as your peer group, but you could be spending on the wrong things and be extremely vulnerable.” “Alternatively, you may be spending appropriately but have a different risk appetite from your peers,” he added. According to Gartner, the majority of organisations will continue to misuse average IT security spending figures as a measure of security program maturity, at least in the short to medium term.
Business requirements and risk tolerance need to be brought into the equation when evaluating whether or not and organisation has set its security budget at the right level, Gartner advises. Security features are being incorporated into hardware, software, activities or initiatives not specifically dedicated to security.
And staff who have a security role often have other duties. Gartner's experience is that many organisations simply do not know their security budget. “This is partly because few cost accounting systems break out security as a separate line item, and many security-relevant processes are carried out by staff who are not devoted full-time to security, making it impossible to accurately account for security personnel,” according to Gartner. “In most instances, the chief information security officer (CISO) does not have insight into security spending throughout the enterprise.” Deciding what to spend that budget on is a different and even trickier proposition.
Security spending is generally split among hardware, software, services (outsourcing and consulting) and personnel. According to Gartner, secure organisations can sometimes spend less than average on security as a percentage of the IT budget.
The lowest-spending organisations fall into two divergent camps: Unsecure organisations that underspend, and secure organisations that have implemented best practices for IT operations and security that reduce the overall IT complexity. Gartner reckons that enterprises should be spending between 4 and 7 per cent of their IT budgets on IT security: lower in the range if they have mature systems, higher if they are wide open and at risk.
This represents the budget under the control and responsibility of the CISO, and not the "real" or total budget. Gartner clients can read more in the report, Identifying the Real Information Security Budget. ® Sponsored: Customer Identity and Access Management
Federal investigators say they need Coinbase's records to be able to identify some Bitcoin wallets and to check against tax records to make sure Coinbase's users are paying any and all proper taxes on their Bitcoin-related income. In a two-page court order, US Magistrate Judge Jacqueline Scott Corley agreed that the IRS can serve the San Francisco-based company with a form that would require disclosure of essentially all personal data of all Coinbase users who conducted a transaction between 2013 and 2015. (Full disclosure: such records would include this reporter, who briefly possessed a small amount of bitcoins in 2014 and sold them as part of our Arscoin story.) The IRS will now require Coinbase to provide, among other information: Account/wallet/vault registration records for each account/wallet/vault owned or controlled by the user during the period stated above including, but not limited to, complete user profile, history of changes to user profile from account inception, complete user preferences, complete user security settings and history (including confirmed devices and account activity), complete user payment methods, and any other information related to the funding sources for the account/wallet/vault, regardless of date. Any other records of Know-Your-Customer due diligence performed with respect to the user not included in paragraph 1, above. David Farmer, a Coinbase spokesman, told Ars that the company plans to fight the order in court.
The government's request so far has been ex parte, or one-sided—Coinbase has not been formally invited to court to challenge the IRS. “We are aware of, and expected, the Court’s ex parte order today,” the company said in a statement provided by Farmer on Wednesday afternoon. “We look forward to opposing the DOJ’s request in court after Coinbase is served with a subpoena.
As we previously stated, we remain concerned with our US customers’ legitimate privacy rights in the face of the government’s sweeping request.” A case management conference has been scheduled for February 16, 2017 at 1:30pm PT.
Assured cloud services provider also adopts Cloud Security Alliance CAIQ framework
LONDON – November 17th 2016 – UKCloud, the easy to adopt, easy to use and easy to leave assured cloud services company, today announced that it has achieved Level 1 certification against the Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR), a comprehensive assertion of the security of a cloud service provider.
CSA Star logo
The CSA STAR programme records compliance levels against a comprehensive framework of cloud-based security control objectives, which allow cloud service providers from around the world to assess and communicate their security posture to potential customers. As a listed CSA STAR provider on the programme’s publically accessible Registry, this adds an even greater level of transparency of UKCloud’s industry leading security capabilities.
UKCloud has an unparalleled heritage of achieving the highest levels of independent validation of its security controls. In addition to industry standards such as ISO27001, UKCloud was amongst the very few to achieve and retain Pan Government Accreditation by the UK Government’s National Cyber Security Centre (NCSC) at the highest level available to cloud providers, and is approved as a service provider on both the Public Services Network (PSN) and the NHS National Network (N3). UKCloud provides a wealth of assurance information to its customers through independent evidence of its accreditations, certifications and detailed descriptions about the security characteristics of each of its cloud services.
“In an increasingly competitive marketplace, we have found that some of our UK public sector customers are now referring to additional governance frameworks when assessing the suitability of their cloud providers,” said John Godwin, Director of Compliance and IA and UKCloud.
“UKCloud has always been able to demonstrate the security credentials of our cloud services through formal accreditations, such as NCSC Pan Government Accreditation, compliance with standards such as ISO27001 and ISO27018, and by co-operating with our public sector customers as they undertake their own due diligence activities. As such, we are pleased to adopt and populate the Cloud Security Alliance CAIQ (Consensus Assessments Initiative Questionnaire) framework, so that we can more easily support those customers who may choose to use this as part of their formal assessment programme. UKCloud’s completed response, which is publically available to download via CSA STAR, has already been used as the basis for a successful customer assessment of our cloud services.”
UKCloud is the industry’s most highly accredited and certified cloud service providers. It provides a full range of secure network connectivity options to meet its UK public sector customers’ requirements; furthermore, its multiple UK data centres ensures that customer data is never subject to foreign data privacy issues.
UKCloud’s assured cloud services are specifically designed to meet the needs of the UK public sector, delivering UK sovereign solutions, with genuine and flexible pay-by-the-hour consumption models.
For more information regarding UKCloud’s CSA certification, please visit: https://cloudsecurityalliance.org/star-registrant/ukcloud-ltd/
- ends -
UKCloud is dedicated to the UK Public Sector. We provide assured, agile and value-based true public cloud that enable our customers to deliver enhanced performance through technology.
We’re focused on cloud. Delivering a true cloud platform that is scalable, flexible, assured and cost-effective.
We’re open. You are never locked in. Using industry standards and open source software we enable flexibility and choice across multiple cloud solutions.
Dedicated to the UK Public Sector. Our business is designed specifically to serve and understand the needs of public sector organisations.
We develop communities. We bring together communities of users that are able to share datasets, reuse code, test ideas and solve problems.
Customer engagement. We will only be successful if our customers are successful. We embody this in the promise: Easy to adopt. Easy to use. Easy to leave.
UKCloud. The power behind public sector technology.
Caitlin Mullally/Charlotte Martin
+44 (0)20 3217 7060
Talk of bubbles, dying unicorns, and austerity can surge for weeks following a negative report.
In response, many entrepreneurs hit pause on their dreams, believing they should wait for more favorable conditions.
That approach is often misguided. In our work as venture capital investors, we see this dynamic in the cybersecurity market today.
In July, tech market analysts at CB Insights predicted that 2016 will see $3B in cybersecurity funding with over 300 deals.
A year earlier, in 2015, analysts saw $3.75B invested in 336 cybersecurity deals.
Barring some miracle, investments will continue to decline year over year. When we drilled into the CB Insights data, we found an important discrepancy.
The relative volumes of Series A, B, C, D, and E+ rounds have not changed significantly in 2016.
In fact, the deal share of Series A rounds increased three percent.
Conversely, ‘Seed’ and ‘Angel’ deals declined from 37 percent to 31 percent, a five-year low.
This trend suggests that incumbents have doubled down in crowded niches, and would-be founders have hesitated. Counterintuitively, the downturn in funding could offer ideal conditions for entrepreneurs.
To find out, let’s begin with a question: What’s behind this decrease in early-stage investments? There are several factors: Known Areas of Security Became Crowded with Strong PlayersEstablished verticals like endpoint protection and network security are oversaturated.
Even newer markets like SCADA security and cyber deception have at least 10 to 20 vendors each.
VCs prefer not to support new startups in red oceans.
Thus, funding in these areas has and will continue to decline. CISOs Are Overwhelmed by the Variety of SolutionsThanks to the dense competition, chief information security officers (CISOs) are overwhelmed with options, and that affects funding.
Every day, cybersecurity startups bombard CISOs with dozens of similar products.
That creates an undue burden on CISOs who don’t have the time to evaluate, purchase, and maintain a basket of point solutions.
They’d rather choose broad platforms from established vendors.
Frankly, a brand-name cybersecurity platform is easier to justify to shareholders, board members, and fellow executives. With CISOs hesitant to choose early-stage startups, VCs have scaled back funding. Non-specialized investors wanted inPerhaps most tellingly, investors without cybersecurity experience entered the market when it was bullish. Lacking the expertise to evaluate cybersecurity technologies, they financed startups with minimal differentiation and questionable leadership.
The consequent bloating of valuations and over-saturation raised the costs of marketing, sales, and talent acquisition for everyone.
Funding has slowed, in part, because it peaked unnaturally.
Experienced cybersecurity investors want to let crowded cybersecurity markets fizzle. So, if you’re a wannabe entrepreneur on the fence of launching a cybersecurity startup, is now really the time to do it? Absolutely yes. Remember, funding conditions don’t change cybersecurity’s raison d'être.
Breaches happen daily, and cybercrime will cost businesses over $2 trillion annually by 2019, according to Juniper Research.
Think about what we expressed above: your would-be competitors are likely stuck in red oceans and might lack access to additional funding. Right now, you can choose a blue ocean and face less competition than you would in bullish conditions. Consider, too, that enterprises face a global shortage of cybersecurity talent.
According to Cisco, the world has 1 million unfilled cybersecurity jobs, and that number could reach 1.5 million by 2019. Peninsula Press estimates that the U.S. alone has 209,000 vacant roles. When we consult our network of high-caliber CISOs, they consistently voice demand for solutions that manage, orchestrate, and automate cybersecurity.
Enterprises can’t adopt new technologies and compensate for the talent deficit – not without advances in cybersecurity. Takeaways and Opportunities for the Security ProThat dilemma raises an interesting challenge for enterprise security professionals as new technologies spur the need for new and innovative security solutions. Cybersecurity almost always finds a new market two to three years after a disruptive technology emerges.
Virtual containers, autonomous vehicles, and drones, for instance, have created some of the latest and greatest opportunities in cybersecurity. Right now, someone is inventing a technology that will spawn massive security issues. Who better to spot it than you? Why not make your move while capital is tied down in yesterday’s cybersecurity solutions? Why not approach CISOs with technologies they haven’t seen? If you want to build the next great cybersecurity startup, we offer several suggestions: First, recognize that brilliant technology doesn’t equate to a great product or viable business model. Perform due diligence on the markets in which you see opportunities.
Build to sell, otherwise VCs will pass. Second, understand the thin line between an emerging space and a non-existent one.
The examples we mentioned – autonomous vehicles, virtual containers, and drones – they were nonexistent only a couple of years ago.
Their security was an afterthought, and afterthoughts can make billion-dollar businesses. However, if you create a technology before the market is ripe, you’ll spend precious capital educating the world on a problem that doesn’t exist.
And then, if that problem does come to fruition, the second wave of startups will reap the benefits of your spending and hard work. Third, build platforms, not features.
As mentioned, CISOs have had enough with point solutions, which are what startups initially make.
Even when you’re small, think big.
Initially, design your solution to integrate with common security portfolios.
In the long term, solve a set of interrelated problems.
Among CISOs, you want a reputation for handling all security dimensions of an indispensable technology. With the right team and point of view, entrepreneurs can thrive in cybersecurity, and tight funding can even provide a competitive edge because cybersecurity is not a fad, it’s a central problem of digital society.
If you’re on the fence, that notion should give you comfort. Let tough funding conditions be a source of opportunity, not paralysis. Iren Reznikov of YL Ventures also contributed to this article. Related Content: Yoav Leitersdorf and Ofer Schreiber are Managing Partner and Partner, respectively, at YL Ventures, which invests early in cybersecurity, cloud computing, big data, and software-as-a-service software companies, and accelerates their evolution via strategic advice and Silicon ...
View Full Bio More Insights