Cybersecurity has gotten big – real big. Crime involving computers and networks has cost the world economy more than $445 billion annually, according to a June 2014 report by the Center for Strategic and International Studies. Increasingly, hackers have grown more sophisticated targeting major corporations from retailers Target (TGT)and Neiman Marcus to financial juggernaut JP Morgan (JPM)and technology leaders eBay (EBAY), Snapchat and Adobe (ADBE), and countless others.
The threats are indeed real and escalating for many corporations, but it’s worth asking if the fears are overplayed and if a cybersecurity bubble is brewing? For the past two years, consumer curiosity and fear, often unjustified, has fueled mainstream media coverage of cybersecurity breaches causing more fear and more coverage, resulting in hype. Many investors looking to speculate on the next big thing have been buying into the industry with little regard for sound financial metrics such as the industry’s total addressable market, its reasonable growth rate, and each vendor’s slice of the overall pie.
Investors have been too enthusiastic, and as a result, the shares of cybersecurity companies are overpriced. Overinvestment has been rampant in both the public and private markets. In the public market, the correction is already underway. FireEye (FEYE), the current poster-child of public cybersecurity pure plays is currently valued at $5.2 billion, down from $13 billion in March, with only $207 million in annual revenues. Imperva (IMPV)is now worth $573 million, down from $1.7 billion in March, with $141 million in annual sales. Both companies have yet to turn a profit.
In the private market, venture capital firms invested a record of $1.4 billion in 239 cybersecurity companies in 2013, according to CB Insights. The median deal size and average pre-money valuation for these transactions increased significantly. When investors buy assets priced much higher than intrinsic values and are overly optimistic about financial metrics influenced by hype, one can suspect that one is witnessing an asset bubble.
At YL Ventures, we experience this phenomenon even with seed-stage startups! The number of new cybersecurity companies looking for funding has dramatically increased since 2012; early-stage funding rounds got a lot bigger; pre-money valuations have increased dramatically; and investors that have no experience investing in the space are flocking into it. These observations are true for both the U.S. and the Israeli markets to which we have exposure – both are hotbeds of cybersecurity innovation.
Is the disillusionment phase that seems to have begun in some public cybersecurity stocks indicative of a broader bubble burst? If so, will it be quick and dramatic, or gradual and tame? We don’t know, but we are prepared for a world in which cybersecurity companies may struggle to raise more financing, valuations may decrease and investors may become more defensive.
Yoav Leitersdorf and Ofer Schreiber are partners at YL Ventures, which invests early in cybersecurity, cloud computing, big data and Software-as-a-Service software companies.