GO
Loading...

Stealing the show: Cybersecurity stock valuations on the rise

Smart investors seem to have fallen in love with cybersecurity. And it's no wonder, given the incredible need to protect data.

The recent breaches at Target are a case in point of how bad things can get. With reports of up to 110 million customer accounts having been compromised, some estimates suggest the total cost to the company and its shareholders may top $1 billion.

According to Ponemon Institute's "2013 Cost of Data Breach Report," the organizational cost of a data breach is $5.4 million, the 2013 cost of cybercrime has increased 26 percent since 2012, and 3 out of 4 companies will be targeted by malicious Web applications.


Maciej Frolow | Photographer's Choice RF | Getty Images

Enterprise customers are waking up to the fact that these cybersecurity investments are not discretionary. They're realizing that the cost of getting it wrong is too high, and in response, cyber IT budgets are exploding, growing from $65 billion last year to an estimated $93 billion in 2016. Addressing these risks represents a high-value opportunity for entrepreneurs. Now is the time for forward-thinking entrepreneurs and investors to respond to both the threat and the associated opportunity, because they will only grow in the future.

During the past year, venture capital firms invested a record-high $1.4 billion in 239 cybersecurity companies—from mobile-app security platforms to online-authentication infrastructures, according to research firm CB Insights. Nearly 80 cybersecurity start-ups have exited, either through acquisition or IPO, with an average tenfold return on investment.

Notable deals include FireEye's IPO, which priced its initial public offering of 15.2 million shares at $20 per share in September 2013, raising about $304 million. Just five months later, FireEye has a market cap of almost $10 billion.

Other recent transactions over the last 12 months that have drawn the attention of serious investors are the $1 billion acquisition of endpoint security provider Mandiant; Cisco's $2.7 billion purchase of network security firm Sourcefire; and IBM's acquisition of cybercrime prevention firm Trusteer for $1 billion.

No inflated bubble in sight
The amount of venture money flowing into the cybersecurity sector—and the valuations and sale prices being commanded by cybersecurity companies—are justified, especially given the urgent need for cybersecurity solutions in the marketplace. In fact, I anticipate even more activity around these deals in 2014, given our expanding security problem and growing awareness of it.

The median deal size and pre-money valuation for security companies has increased significantly over the past five years as well. The median Series C pre-money valuation for security companies was $23.6 million in 2008 but grew to $46.6 million in 2013, an increase of 97.5 percent, according to PitchBook. This Pitchbook data also shows that the median series seed deal size increased from a mere $550,000 in 2008 to $1 million in 2013.

As innovation in cloud computing, social media and mobile technologies accelerates, the need for strong security solutions increases exponentially. I believe the high-tech industry was built on computing, communications and storage—the three legs of the innovation stool—and now security is the fourth leg. The interconnected nature of the global economy and the huge risks associated with the sharing of information make security essential.

(Read more: The mystery of Google's 'other revenue')

Red-hot sectors
Some important new opportunities rising to the surface in 2014 include secure communications, especially in reaction to digital spying by both governments and corporations, information security in a BYOD environment, detecting and mediating zero-day threats inside network firewalls, engaging and defeating automated BotNet attacks ("Active Defense"), prediction and isolation of insider attacks (estimated to be the source of more than two-thirds of cyber breaches) and ensuring the security and integrity of "data in motion." Increasingly, we will see the need for disparate solutions to be integrated into command and control systems that can operate autonomously. Then we have the wild card implications of quantum computing as a total game-changer in encryption and security.

Overall, more investors will be jumping on the cybersecurity bandwagon in 2014, and valuations will continue to increase—maybe twice what they are today. But keep in mind that creating a security company is not the same as designing a new smartphone app. Building a serious security company requires a large investment and deep expertise. Discerning what is a serious security company from what is not requires a great deal of technical expertise and market knowledge.

As an experienced investor in security start-ups, I know this stuff is just plain hard. I also know that the opportunities that lie ahead are bigger and better than ever before. Stay tuned.

(Read more: How to invest like a VC in the hottest technology)

—By Bob Ackerman Jr. Ackerman is the founder and a managing director of Allegis Capital, an early-stage Silicon Valley venture capital firm that invests heavily in cybersecurity.

Latest Special Reports