Champion sailors have been known to learn their craft on Lake Travis, just outside Austin. The hills and topography surrounding the body of water whip up challenging winds, making it a sublime place for budding athletes to refine their tacking and jibbing skills ahead of a lifetime of competition.
SailPoint, a digital-identity-management firm with headquarters two miles from the lake, is preparing for a race of its own. Like many companies, SailPoint has contemplated an initial public offering. But global economic headwinds have given the company pause. “The markets are certainly uncertain,” says Mark McClain, CEO and founder of the firm, which has more than $100 million in annual revenue.
At presstime, just two U.S. tech companies had gone public this year: SecureWorks (SCWX), a cybersecurity unit spun off from Dell, and Acacia Communications (ACIA), a fiber-optics purveyor. Dell shoved SecureWorks out the door in April on its way to a $67 billion mega-merger with EMC (EMC), only to watch the fledgling company’s share price sag. Acacia made a far stronger debut in May. In June the Bain Capital–backed Blue Coat filed for a public offering before reversing course and selling out to Symantec (SYMC), the lumbering antivirus software firm, for $4.6 billion. Line, Twilio, and AppDynamics appear most likely to go public next.
The biggest IPO drought in years has put a damper on an otherwise vibrant cybersecurity sector. Not long ago investors plowed funds into the firms at lofty valuations. Now there is a backlog of companies waiting for an exit, among them Veracode, Carbon Black, ForeScout, Okta, Zscaler, and Optiv.
For more on tech IPOs, watch this Fortune video:
“Financially, SecureWorks is making us all sit back and reevaluate,” says Mike DeCesare, CEO of ForeScout, a network security company with $125 million in annual revenue and a billion-dollar valuation. “The question is, Why would you go public right now? If you don’t need the money, what is it about the current environment that you find attractive?”
The clock is ticking. In the business of digital defense, the race to stay ahead of hackers’ attacks means that innovative strategies steadily depreciate. “One of the risks of delaying an IPO is that you could miss your window,” cautions David Cowan, an investor at Bessemer Venture Partners. “You don’t want to be an old private cybersecurity company.”
Furthermore, many cybersecurity firms aren’t well suited for public markets, says Asheem Chandna, an investor at Greylock Partners. “We’ll see over the coming couple of years a steady clip of M&A,” he says.
SailPoint’s McClain continues to hold his breath. “To use a silly sailing analogy,” he says, “why would you launch your boat in this storm?”
A version of this article appears in the July 1, 2016 issue of Fortune with the headline “Fish or Cut Bait.”