As the markets continue to fluctuate, budget cuts and layoffs now extend across the tech industry, with cybersecurity no exception from tightening its belt and assessing its priorities. Investors are proceeding with caution and waiting to see a correction in valuations, while cybersecurity startups are examining their runway and long-term viability.

The growing number and sophistication of cyberattacks, however, reinforce the need for heightened security awareness and innovation. Standing on the front lines of these challenges are the chief information security officers, security practitioners and vendors working tirelessly to revolutionize the industry. I recently had the opportunity to speak with five leading investors and enterprise security executives that shed an optimistic light on current challenges, viewing them as a necessary impetus for innovation.

Will history repeat itself?

The stark dissonance between the highs of 2021 and what seems to be a cooled-off 2022 has some security professionals and chief executive concerned that this downturn will become the new reality, for the long term. However, industry veterans see things differently. Todd Weber, operating partner and chief technology officer at Ten Eleven Ventures, is confident in the market’s resilience.

“Our paradigm regarding 2022’s downturns is skewed due to 2021’s bonanza,” Weber says. “Viewed statistically over the past 10 or 15 years, we see a healthy environment and industry that I am really not concerned for.

Richard Seewald, founder and managing partner of Evolution Equity Partners, adds that “post 9/11, we saw cybersecurity funding decline sharply — as it does at the apex of every global crisis. The returns that were generated in the wake of that crisis, however, as well as those post-2008 and post-COVID, were the most attractive returns in cybersecurity private equity year on year.’”

The mix of bountiful opportunities and a limited number of top-of-the-line vendors in the early 2000s brought about the bronze age of cybersecurity, as Seewald called it, with the silver age dawning in the post-2008 crisis as cloud computing began its rapid rise and helped establish the tech behemoths that are today iconic and publicly owned.

“Going forward in this environment and over the next 10 years, we’ll see the golden age of private investing in cybersecurity,” he says. “With an increasing attack surface and the ability to address multiple vectors besides cybersecurity, including blockchain, quantum computing and others, entrepreneurs will be presented with significant opportunities — as will investors.”

These growing opportunities for innovation also stem from the challenges CISOs face because of the lack of solutions to address security risks and needs. “Our jobs keep getting harder,” says SolarWinds CISO Tim Brown. “No matter what the economy does, we’re still going to be implementing technology in areas that we haven’t before, with security gaps that will need to be filled. From a security perspective, we need to be able to fit the new models. We need to be able to grow.”

In times of turmoil, it makes good business sense to return to the source: paying customers. Entrepreneurs would do well to reassess their priorities and ensure that they are aligned with customer needs. There is no better way to do so than to have frequent and transparent conversations with customers and partners, throughout the entrepreneurial journey.

“Never go frothy in good times, and never overcorrect in bad times,” says Udi Mokady, co-founder, chairman and CEO of CyberArk, who amassed decades of experience working with cybersecurity professionals. “I remain optimistic and believe that a customer-focused startup with a strong product and an ability to secure funding will have even greater opportunities going forward.”

Greg Sands, founder and managing director at Costanoa Ventures, agrees. “Those of us who help startups build brick by brick and grow at a good pace into stellar companies with great unit economics are not worried, and will not change our investing approach,” he says.

Has the unicorn magic worn off?

2021 was rightly dubbed The Year of the Unicorn, with an unprecedented nine new Israeli cybersecurity unicorns crowned last year alone, up from only 5 in 2020. 2022 is undoubtedly quite different. There is a clear distinction between unicorns that were crowned thanks to triple-digit topline growth with solid products addressing large markets, and companies that have achieved unicorn status with little to no revenues that must now grow into their bloated valuations.

“Companies that achieved that status with a few million in ARR will clearly need to demonstrate value, product and accelerated growth in the next couple of years,” says Seewald. “If they don’t, they can expect down rounds.”

It is important to note, however, that difficult decisions on follow-on rounds after fast growth are a natural part of the cycle. “This has always happened, the volume is just greater,” he says. “We just have more unicorns now, so we’ll have more brick walls — but this will be resolved as an industry. There is enough capital out there to rework valuations, with various investors working with startups on restructuring rounds.”

There’s a silver lining

Investors and founders may consider periods of turbulence to harbor opportunities for the long term. Companies can use this volatile economic time for introspection, and an assessment of what needs to be cut, shifted, or changed in order to stimulate growth after the storm.

“I believe it’s healthy for these cycles to take place,” says Weber. “Companies should evaluate whether what they’ve been doing, in terms of budgeting and hiring for example, is conducive to growth. Burn rates may become healthier, leading to a balanced and revenue-based road to unicorn status as opposed to what happened last year.”

On the early-stage side of the spectrum, the experts believe that these startups are better positioned to weather this turbulence. “Seed stage investment hasn’t slowed down,” asserts Sands. “These companies are the R&D function for the entire market and should concentrate on solving client problems and attracting new talent. As they grow, they must pay more attention to the correlation between growth rate and burn rate, unit economics in terms of customer acquisition and all the important basics — product-market fit, sales repeatability and more, before they begin to scale.”

Young and growing startups could benefit from the following guidelines, to assist them in weathering these challenging times:

Focus on the product: Entrepreneurs must double down on their product. Anticipate where your customer is headed and ensure that your product continues to be relevant and of increasing value to them. If you are able to demonstrate your worth to a CISO when times are rough, you will gain credibility over the long term — so view this as an opportunity.

Tim Brown provides a singular example of this approach from his experience as CISO at SolarWinds during the infamous 2021 breach. ‘Throughout our incident, customers remained loyal to our product because we brought them value — enough to keep them with us even after a major event,” he says. Investors and their networks are key — leverage their contacts and have as many CISO conversations as possible to find out what values your customers prioritize.

Layoffs should be a last resort: There is still a severe shortage of talent in the industry. Founders who are making cuts in order to “trim the fat” should be wary of trimming down muscle in the process. Founders should ensure that they retain and protect the company’s core assets and culture because they’ll need them when the storm blows over.

Get creative with financing: Managing burn is crucial. Examine your burn rate in order to assess your runway, and possibly extend it from the recommended 18 months to at least 20 or 24 before the next round. Work closely with your vice president of finance or with your investors in order to find creative ways to resolve financial risks and retain strong employees, rather than making reactionary cuts that will hurt in the long run.

Granted, the striking and sudden shift from an industry high in 2021 to a volatile market environment in 2022 has real and painful repercussions for startups in the global economy. That said, cybersecurity entrepreneurs may benefit from this healthy curve and find that the need for their brilliance hasn’t abated and will continue fueling innovation for years to come. This may be a challenging bump in the road for us all, but at the end of it may begin the golden age of cybersecurity.

Ofer Schreiber, senior partner and head of the Israel Office at YL Ventures, oversees the firm’s investment processes and due diligence, portfolio companies’ management and value-add initiatives. He wrote this article for SiliconANGLE.

Image: QuinceCreative