Hacker-fighting prowess on show at cyber security conference

When cyber security start-ups set out their stalls at the industry's largest annual conference on Monday, they will be looking to show off their hacker-fighting prowess not just to buyers of security products, but also to Wall Street investors.

A new generation of cyber security companies is preparing to go public, as analysts predict a rise in security spending by boards desperate to protect themselves from becoming the next Sony Pictures, Home Depot or Target.

Dan Ives, an analyst at FBR Capital Markets, says investors will be flocking to the RSA Conference in San Francisco these week because cyber security is a $15bn-$20bn market opportunity in the next three years.

"Seven or eight years ago you could hear a pin drop at RSA," he said. "Now it is going to be like a Bon Jovi rock concert."

"It is the seminal event in cyber security: the new year's eve, the wedding, the bar mitzvah," he added.

VC funds have been flooding into cyber security, surpassing $1bn for the first time in the first quarter of 2015, according to data from private company research firm PrivCo. VC funding for security software start-ups hit $2.3bn in 2014, up more than a third from the year before. Just four years ago, less than $1bn was raised by cyber security companies for a whole year.

Venture capitalists are predicting that companies including Rapid7, a security data and analytics start-up, Bit9, which protects endpoints such as PCs, and Docusign, which enables the exchange of signed contracts online, will be among those seeking an initial public offering in the next year or two.

Kathleen Smith, a manager of IPO-focused exchange traded funds at Renaissance Capital, said cyber security companies on her private company watch list also included LogRhythm, Zscaler and Apigee, a company that secures interactions with third-party applications, which is due to go public next week.

<

The tabular content relating to this article is not available to view. Apologies in advance for the inconvenience caused.

"The stage is set for a surge of private companies really starting to morph into the next generation of public companies," Mr Ives said.

Venky Ganesan, a venture capitalist at Menlo Ventures, which invested in one of the few public next-generation security companies, Palo Alto Networks, said there could be between 20 and 30 IPOs in the sector in the next two to three years.

"They have had a major drought of cyber security companies ... relative to the scale of the problem," he said. "Now I think we see the companies getting the increase in budgets, staying private and turning down acquisition offers."

The older generation ofantiviruss companies have fallen out of favour, but most of the start-ups with newer solutions have yet to go public.

Total returns from the few companies to list have been high: with Palo Alto Networks returning almost 250 per cent, Qualys returning about 330 per cent and Proofpoint returning almost 360 per cent, since they all listed in 2012, according to data compiled by Renaissance Capital.

Enrique Salem, an investor at Bain Capital Ventures, which has stakes in Rapid7 and Docusign, said the interest in cyber security was a result of the most active threat environment he had seen in his 28 years in the business.

Mr Salem, former Symantec chief executive and a board member at FireEye, said the rapid transformation in computing from desktop to cloud, mobile and the internet of things was creating more holes for hackers to exploit.

"We definitely see security IPOs in the coming year performing well because of an increased demand for security -- JPMorgan Chase doubled its security budget from $250m to $500m," he said.

<"One of the later stage companies that is hitting its metrics in our portfolio is Rapid7 which has continued to grow nicely and is very well adopted."

However, valuing a cyber security company can be hard for investors without much technical experience, as not every start-up has a product that will cope with the ever-changing tactics of hackers or be a broad enough solution to appeal to the masses of chief information security officers.

David Cowan, a venture capitalist at Bessemer Ventures, said the cyber security industry was not like the rest of the technology industry, as there is a world of cyber criminals "focused on rendering your technology obsolete".

"In security, by definition, the incumbents are obsolete. It is not like other areas of technology where they mature and stabilise at some point... and only become stronger in those markets," he said.

Additional reporting by Nicole Bullock in New York

© The Financial Times Limited 2015. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation