The changing roles of Venture Capitalists in cybersecurity

When we interviewed Awwab Arif (CISO at Bank of Hope), we talked about his perspective on the value of building relationships as a CISO. As well as networking with cybersecurity partners, he said: 

“I also find it beneficial to forge relationships with venture capitalists, communicating our company's particular issues. When a VC encounters an entrepreneur proposing a solution aligning with our needs, they can facilitate an introduction, allowing us to evaluate the concept further and contribute to the development of a robust product that addresses broader industry needs.”

And this got us thinking about the changing roles of VCs in the cybersecurity sector. It’s not just about backing businesses with financial resources – cybersecurity-focused VCs are also increasingly important for shaping the future of cybersecurity. 

Venture Capitalists are focusing on sustainability and fundamental business practices in cybersecurity 

There’s a growing emphasis on sustainability in cybersecurity startups, and on establishing the fundamental business practices that enable a startup to grow in a sustainable way. With this in mind, VCs today are more likely to require more accurate and comprehensive budgets and spending strategies from a startup before they decide to invest. Essentially, this reflects a more cautious approach to investments – VCs don’t want the startups in their portfolio to throw cash around without good reason. 

And this is a healthy shift for startups themselves. It forces them to consider their growth strategy more closely, and make sure they can scale within their means – even if that means a slower growth trajectory. 

They’re investing more in innovation and consolidation 

Although they’re pushing startups to reign in over-ambitious growth plans and scale sustainably, venture capital firms are directing significant investment funds towards cybersecurity innovation. VCs are actively seeking innovative solutions to key problems in the cybersecurity sector, and in particular, there’s a focus on startups that leverage AI models for highly targeted security use cases. 

At the same time, venture capital is a driving force behind the consolidation of the cybersecurity industry – investing in startups and platforms that bring disparate solutions together to create streamlined operations for customers. 

And by funding startups that are developing new capabilities with user-friendly platform control, VCs are acting as innovation incubators for cybersecurity teams – bringing new solutions to market at a rapid pace. 

VCs are steering market education and adoption 

VCs are investing in startups that are actively educating CISOs and cybersecurity practitioners – so venture capitalist funds are enabling a movement towards more efficient and forward-thinking strategies to solve security problems. In this way, VCs are helping to accelerate the adoption of new security practices and technologies that have the potential to revolutionise the way we approach security, and enable a more robust cybersecurity posture across industries. 

Strategic investments for global cyber resilience 

According to the World Economic Forum, VC firms are uniquely positioned to drive innovation in cybersecurity – enabling the diversification of security technology and overall enhanced cyber resilience. 

In Q2 2024, a total of USD $4.4 billion was invested in cybersecurity startups. But going forward, it’s critical that venture capital firms invest in under-funded areas of security (like operational tech security, machine learning security, behavioural analytics, and cybersecurity training solutions), as well as the major trends (which include AI security, cloud security, identity management, and more). 

The biggest disparity can be seen between GenAI-powered security solutions and machine learning (ML) solutions. GenAI funding reached $21.8 billion across 426 deals in 2023, while machine learning security startups raised $213 million across 23 deals in that same time period. 

And as the World Economic Forum put it, “underfunded areas of cybersecurity have cascading impacts on society and the economy.” 

VC investments can’t only consider the potential ROI for the investor. Increasingly, VC firms have a responsibility for creating an equitable, diverse, and resilient cybersecurity landscape – so it’s essential that investors are actively engaged with the global cybersecurity community, and working to understand the dynamic challenges and opportunities at play.

Join us at MEA 2024 and discover how to improve your organisation’s cyber resilience.