Venture Capital Investment Up, But Security Investment Is Down

VCs Need to become proactive champions of security innovation and investment

There is a glimmer of good news on the Venture Capital front. In Q1, 2010, venture funding rose 38% from a year ago to $4.7. What's more, the pool of VC money is spread over 681 companies, a 7% increase from Q1, 2009. Good but not great news. Most of the dough is going to biotech companies while investment in clean technology tripled. The bad news? Investment in software declined 1% year over year. Remember that in Q1, 2009, we were preparing for runs on banks and Hoovervilles. While I have no data, there is anecdotal evidence suggesting additional bad news. I speak with security companies all the time, and I simply don't see the VCs investing heavily in this space. Perhaps they got burned investing in the 5th NAC, anti-spyware, or UTM vendor. Maybe they think that Cisco, Check Point, Juniper, McAfee, Symantec, and Trend Micro have everything covered. It could be that many believe that the whole tech space is mature so they are chasing the new new thing in other technical areas. I'm not sure why the VCs are eschewing security investments but I do know that this is a problem. Why? At a time when attack volume is steadily increasing, cybercriminals operate like Fortune 500 companies, and FBI directors characterize cybersecurity attacks as, "an existential threat to our nation," the VCs are moving on to perceived greener pastures. In other words, there is serious demand for next-generation security skills and technology but the supply-side continues to invest elsewhere. Bad economics and bad for the digital assets we all depend upon. Okay, I understand that the VCs are in it for the money and nothing else, but something is wrong with this picture. It seems to me that when demand exceeds supply there is money to be made. I'd like to see the VCs invest in security as a patriotic act, but I'm not optimistic. Therefore, I have a few ideas for the "smartest guys in the valley" on Sand Hill Rd. 1. Co-invest with In-Q-Tel. In-Q-Tel is a VC firm that came directly out of the CIA. On its web site, the firm's mission statement reads as follows, "In-Q-Tel identifies and partners with companies developing cutting-edge technologies to help deliver these solutions to the Central Intelligence Agency and the broader U.S. Intelligence Community (IC) to further their missions." The key here is to find the smartest security firms whose technology is good enough for the CIA, DOD, and NSA, and can be adapted for commercial use. Given the recent string of private attacks, the private sector would welcome military-grade protection. 2. Explore other direct federal funding. It's likely that DARPA, NSF, DOE, and other agencies will have money to spend on cybersecurity research and development. Smart VCs will figure out ways to hedge their risk by getting these agencies involved. 3. Partner with Universities. UC-Berkeley, Carnegie-Mellon, MIT, Purdue, Johns Hopkins, and Cornell are all doing advanced research in various security disciplines. The VCs need to buddy up to these prestigious institutions and find investments that provide mutual benefits. 4. Seek out Israeli money. Educated at Tel Aviv University and Technion and then saturated in security in the IDF, Israel produces some of the smartest security minds in the world. I'd like to see more American investment in Israel, and more outreach to Israeli VCs from Sand Hill Rd. The lack of VC investment in security could have broad implications moving forward so the VCs can't sit on the sidelines. It's time for the rich guys to get more involved and proactively champion security innovation and investment rather than sit back, drink Merlot, and wait for business plans to come in. Our digital security may depend upon this.

Copyright © 2010 IDG Communications, Inc.

8 pitfalls that undermine security program success