Investment in cybersecurity: an upturn?

The theme of the latest FIC Observatory Breakfast was « How to accelerate investment in cybersecurity ». An opportunity to carry out a cross-examination of the subject as seen by the sector’s investment funds and start-ups

Investment in France’s digital sector rose sharply in 2017, with €1.5 billion in new funds raised. While the number of companies involved was lower, at 460, the average total investment per company was €3.5 million. There was a clear trend towards verticalisation (as observed in the health sector), illustrating the transverse dimension of the digital arena. These were the findings of the Cap Gemini Digital Start-Up Observatory. What about cybersecurity, one of the key segments of the digital sector, facilitating and accelerating many of its applications? There was good news on this subject too, with more investments in both technological innovation and services. « Finding money is no longer the problem, especially for seed capital funding. It’s easy to raise €300 K to get started« , emphasises Clément Ravouna, co-founder of Tanker, which offers a transparent end-to-end data encryption solution that can be used with Dropbox or OneDrive for example.

Major new investments in cybersecurity in France in 2017

Source: FIC Cybersecurity Start-Up Observatory

A fast-growing market

This optimism is shared by the investment funds: with a market growing by 10% per year, expected to reach around 100 billion dollars worldwide in 2018 and close to 120 billion in 2020, the sector is attractive and benefits from the current craze for « deep tech ». R&D intensity, strong involvement of researchers, relatively long sales cycles, very transversal applications…: cybersecurity is clearly perceived as « deep tech ». This has its advantages and disadvantages, even if the opposition between deep tech and low tech must be relativised: « What we don’t invest in technologies, we invest in marketing, » notes Fabien Collangettes, from Omnes Capital.

The market’s main « drivers » are growing awareness of « cyber » risk, especially due to massive data leaks, and the development of regulations (GDPR, NIS directive, LPM, etc.). Tougher international trade relations and new sovereignty requirements also serve as an accelerator, although they can also complicate exit prospects for a fund.

What investment criteria?

« There are numerous opportunities in an abundant market, » comments François Robinet, from AXA Strategic Ventures. « The challenge lies in knowing which player to choose. » In addition to the market and the quality of the solution, the team is one of the leading criteria for choosing funds, he continues, providing detail from his « investment thesis ». This focuses on solutions for an effective response to the skills shortage, increasing sophistication of attacks, emergence of new lines of attack (IoT, Cloud…) and the observation (now shared) that there is no quick fix solution. The future looks bright for solutions based on machine learning and artificial intelligence, making it possible to automate the detection of incidents, along with reactions to them…

These positive findings should not, however, be allowed to obscure a number of difficulties. The level of investment in France is still largely insufficient to meet the needs of start-ups, 87% of which wish to raise funds, according to the FIC Cybersecurity Start-Up Observatory. Under these conditions, it is difficult to envisage a European or world champion in the field emerging around one or more consolidated French players. The total amount of new funds raised indeed remains much lower than that recorded in the United States or in Israel, particularly when it comes to start-ups. For instance, an Israeli company consumed 7 million dollars before even having a product… Another weakness is that growth capital also tends to be insufficient to really allow companies to accelerate.

Which solutions?

In this context, which solutions could be envisaged to accelerate the dynamics and meet growing investment needs? The first important lever is training. « Start-ups don’t always understand fund-raising mechanisms and the subject is rarely taught in schools, » notes Clément Ravouna. It’s also important to think in terms of « products » and « solutions », rather than just « technology », which is a relatively new approach in a sector marked by an engineering culture. International ambition is also a key factor: the limited size of the French market and the collapse of the European market call for very rapid international development, in the image of the Israeli start-ups quickly gearing up to conquer the world. « You mustn’t constrain yourself to the local arena, but instead think on a global scale, » observes Yassir Kazar, co-founder of Yogosha. One positive element is that 70% of the start-ups questioned by the FIC Cybersecurity Start-Up Observatory expressed a desire to develop internationally within 18 months.

Another priority is the rapid signing of « PoCs », followed by contracts, with major groups. « While US companies are keen to buy start-up solutions, French key account holders only set aside 0.1% of their IT budgets to the signing of PoCs with start-ups, » bemoans Yassir Kazar, who explains that he succeeded in signing with an American customer in the space of one month. But here too, the situation appears to be evolving in the right direction.

Guillaume Tissier