Are venture capitalists the new stewards of modern security research and development?

Is the innovation you seek available from the security startup you don’t know about yet?

“We struggle to budget research and development for security innovation.”

That’s a phrase I hear often. Especially when it comes to large, publicly traded security companies. While it might seem natural that large security companies struggle with innovation, Will Lin, Vice President at Trident Capital Cybersecurity, thinks it reflects the nature of research and development in a rapidly changing industry.

As Will explains, “Security breakthroughs happen everyday yet very little sees the light of day. There is always the risk of building something that people won’t use. The VC’s role is to filter through the noise and wear many hats: customer, entrepreneur, acquirer, advisor.”

The struggle of security innovation

Private security companies are free to innovate as startups and growth-stage companies. After all, that’s how the successful startups gain the traction and market share to grow revenue in new and growing markets.

Perhaps anecdotal, but it appears public security companies experience a downward pressure on research and development budgets. In part due to the increased focus on profitability. The drive to engage in proven actions to return value to shareholders without increasing risk.

Research and development is risky.

Less budget on research and development means less risk, but it also means less innovation. It’s a bit of an odd cycle. Less innovation means less of the edge necessary for success.

What happens when companies stop innovating?

Reduced budget -- and often capacity -- to focus on innovation creates a struggle. But companies still have new security problems to solve. They need to maintain their edge without assuming too much risk.

To do so, they look to acquisitions to fuel growth and maintain a competitive stance in the marketplace.

And while that benefits the large cash-positive security companies in a position to evaluate and acquire promising or proven security startups, someone still needs to do research and development.

Security startups spur innovation

Security startups are the engine that drives security research and development. It’s a fascinating space, and something Paul Asadoorian and I support during each episode of Startup Security Weekly.

More and more companies are interested in security startups as a way to bolster the protection needed for their enterprise, clients, and products. It’s become something of an “on-spec” research and development option.

And it appears to be heating up.

The nature of business is shifting. The barriers to entry for a startup are, in some cases, nearly nonexistent. That means more money pouring into the industry. More startups. More opportunity for everyone.

If you can make sense of it.

Who manages and guides security research and development?

Which means the modern venture capitalists, with a focus on cyber security, are now the stewards of security research and development.

The VC serve the marketplace

Someone needs to shepherd security startups, navigating the best to the successful exits.

Will Lin notes, “The most successful VCs focus on building great companies. Provide startups more than just funding: help the entrepreneurs build context, be a sounding board for guidance, ask the right questions. Make relevant and actionable connections.”

This is how companies decrease the risk of security research and development off their balance sheets. It also explains why they often pay a healthy multiple on acquisitions - after taking into account risk, it’s still a cheaper option than doing it themselves.

What’s the value of security-focused venture capital?

The reality is a shocking large percentage of startups fail before their reach an exit, which increasing includes acquisition. That creates a lot of risk for you as a security leader.

How can you choose which startups to work with?

Enter the security-focused venture capital firms. Part of a new wave, they offer more than financial support. In the case of Trident Capital Cybersecurity, their team includes the advisors and relationships that security startups need to get traction and break through the noise. It’s the guidance a lot of companies need to clarify their focus and to build scale.  

“We started Trident Capital Cybersecurity because we believe the security industry requires focus. Focus to understand the full suite of security issues and to build an ecosystem for anyone wanting to help solve them; not just startups.” says Will Lin.

And the support security leaders and enterprises need to make better decisions.

The opportunity for security leaders

This is where and how we make a big difference.

Your voice - and your actions - matter. Customers (and sometimes the acquiring companies) drive the investment. The ecosystem is large. Some think too big. With over 2500 funded security startups (that we’re currently able to track), how do you know where to focus?

By making your voice heard (something we absolutely encourage and offer through Startup Security Weekly, btw), and articulating your needs… that helps place focus on the solutions solving real, pressing problems.

Your actions further signal to the venture capitalists the companies that need support to de-risk the prospect of working with them. Sometimes your ability to engage with a promising startup is that necessary first step.

As a leader, as a customer, you help.

Let us know what you think, head to our Facebook page to leave a comment.

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful cybersecurity companies