The banking crisis and nagging suspicion that hardship will spread, even to companies not directly linked to the failed banks, could have an ancillary effect on the cybersecurity market.
The failures and government takeover of Silicon Valley Bank and Signature Bank will impose new challenges on vendors that were already on poor financial footing, and potentially spur vendor consolidation and a near-term impact on innovation flowing from startups.
Plenty of cybersecurity companies were attempting to find an exit strategy or achieve greater stability once economic headwinds became a reality, Jeff Pollard, VP and principal analyst at Forrester, said via email.
The bank seizures aren’t helping matters, but that won’t have as much of an impact and accelerate consolidation as other trends that were already underway, according to Pollard.
Cybersecurity budgets remain robust and recent Hiscox research shows organizations have tripled investments in IT security since 2018.
But where that money is being spent and the pool of cybersecurity vendors claiming those dollars is shrinking. Vendor consolidation and economic uncertainty are reinforcing a need for cybersecurity companies to rein in spending and steady their financial standing.
Three-quarters of organizations were moving to consolidate the number of cybersecurity vendors they used last year, according to a report Gartner released in September.
A lack of efficiency, integration challenges, overlapping tools and a glut of cybersecurity tools that do one thing often do more harm than good, according to cybersecurity experts. Tool sprawl is widespread and not a recent phenomenon.
Vendors exposed in every segment
Mark Sasson, co-founder and managing partner at Pinpoint Search Group, a cybersecurity headhunter firm that tracks vendor funding and M&A activity, said startups that aren’t making measurable improvements and closing in on their cash runway are susceptible to fire sales or closures.
“This is the nature of the game, and the business risks are always accentuated in poor economic situations, which we are clearly in,” Sasson said via email.
Vendors that have achieved a strong market fit and built successful businesses won’t be impacted by a tightening of venture capital or debt financing, Pollard said. “For vendors that were hoping to subsidize growth with investor capital, that didn’t pay attention to fundamentals and just burned cash — this will hit them hard.”
Pollard estimates there’s at least one or two highly exposed vendors across each segment of the cybersecurity market. He expects exits in endpoint detection and response, extended detection and response, endpoint protection, data detection and response and risk qualification platforms.
“In almost all cases the vendors that exit early will be the most successful or the most disastrous,” Pollard said.
The banking crisis could be a tipping point that shifts M&A and private equity deals to the forefront, thereby reducing but not halting investment in innovation, Sasson said.
“If the pendulum swings toward M&A and consolidation now, it’ll swing back at some point toward innovation,” he said.