Healthcare, fintech and infrastructure are critical areas for security innovation–VCJ roundtable

Massive hacks, security breaches and a lack of trust by consumers is becoming commonplace. So have security fundings and exits involving VC-backed security startups.
Thus, VCJ reached out to four top venture investors for their views on security and investing trends.

Included are Bob Ackerman, founder and managing director of Allegis Capital; Venky Ganesan, managing director of Menlo Ventures; Alberto Yépez, managing director of Trident Capital; and Enrique Salem, managing director of Bain Capital Ventures.

Here’s what our panel of experts had to say (VCJ subscribers can read the full story by clicking here).

Q: Why is cyber security such an interesting area of investment today?

Robert Ackerman, Founder and Managing Director, Allegis Capital
Robert Ackerman, Founder and Managing Director, Allegis Capital

Ackerman: Cyber security affects the entire digital substrate upon which the global economy operates. As a result, the clear enterprise risks and the demand for effective security solutions is about as large of an innovation opportunity as you could ask for. The need for new solutions is clearly recognized and IT budgets across the industrial and government spectrum are responding with major increases.

For us as investors, the fact that much of the innovation that will confront these cyber threats originates in the world of innovative startups creates a significant and compelling opportunity for value creation.

Ganesan: Cyber security investing is a huge investment opportunity due to the explosion of mobile and cloud software services. IT security used to be about securing the perimeter (firewalls, antivirus software, all assets in one place). But now due to the rise of mobile and BYOD (bring your own device), that perimeter no longer exists. Cyber security has also become more important than physical security.

Yépez: Governments, businesses and private citizens are now faced with the constant threat of security breaches emanating from all corners of the world by cyber terrorists, mercenaries, state-sponsored actors, hacktivists and insiders. As a result, cyber csecurity has become the fastest-growing sector in IT, with 2015 global spending topping $76.1 billion, according to Gartner.

Alberto Yépez, Managing Director, Trident Capital
Alberto Yépez, Managing Director, Trident Capital

Even the accelerating pace of cyber security spending cannot match the escalating cost of cyber crime, which reached an estimated $500 billion worldwide in 2013, including $100 billion in the United States. With many new security threats to combat and several concurrent technology platform shifts (cloud computing, mobile applications and social media) we are in the midst of a cyber security solutions replacement cycle. This makes for an incredible investment environment.

Salem: There’s never been a better time to fund security startups. Yes, the bad guys are getting smarter, but so are startups that are determined to stop them cold.
Cyber security threats are at an all-time high. So is security awareness. It has the attention of every boardroom worldwide. That translates into more budget for CIOs and CISOs dedicated to security.

Gartner estimates global IT security spending will reach $76.9 billion in 2015, and grow to $120 billion over the next four years. Those rising budgets have fueled an array of next-generation security companies with innovative and effective solutions.

Q: In what cyber security sectors and technologies are you investing and why?

Venky Ganesan, Managing Director, Menlo Ventures
Venky Ganesan, Managing Director, Menlo Ventures

Ganesan: We are investing in: 1. Mobile: we haven’t seen a breach here yet, but it is coming (huge threat since people have personal and work on their phones). 2. Cloud: SaaS vendors make companies vulnerable, can’t control security of vendors. 3. Insider threats/User ID theft: assumption was that within the enterprise, insiders are safe. Not true! And 4. The Internet of Things: Cars, TVs, refrigerators, and personal health devices connected to the Internet multiplies the need for information security for all.

Yépez: Trident is investing in the following six areas: Securing the Internet of Things (IoT). IT infrastructure protection. Behavioral modeling and big data analytics for proactive defense. Secure payments and fraud. Next generation identify platforms. And individuals’ rights to privacy and security.

Q: In what sectors are you seeing the worst cyber threats today?

Ackerman: No enterprise or any market is safe. By its nature, cyber security is a horizontal challenge and opportunity, cutting across all industry sectors, but with each having some of its own unique attributes and threat vectors, depending upon the motivation of the attackers.

Financial firms are clear targets because of their role as economic focal points. Any organization with significant intellectual property that could be stolen or leveraged is at tremendous risk. As the Office of Personnel Management (OPM) and a long series of prior breaches demonstrated, personally identifiable information (PII) has tremendous potential value to a broad spectrum of adversaries.

The healthcare industry is probably the largest repository of particularly sensitive PII and is woefully behind the curve in developing the experience and deploying the resources necessary to sustainably secure this information.

BCV-Enrique-Salem.Web version
Enrique Salem, Managing Director, Bain Capital Ventures

Salem: Ultimately, every organization is a target. This is a global, multi-industry challenge, and you have to assume you’re already under attack.

Based on the latest research, bad actors are inside a target network for 229 days on average before they’re discovered. That’s a lot of time to root around and wreak havoc. The biggest risk areas are: 1. Financial information (stealing credit card data from big banks, retailers, etc. 2. Identity information (stealing data to target customers, employees or citizens. And 3. Supply chain disruption (attacks against business and technology infrastructure providers to disrupt local, regional or global supply chains).

This story first appeared in affiliate magazine Venture Capital Journal, which is published by Buyouts Insider. Subscribers can read the full story by clicking here. To subscribe to VCJ, click here for the Marketplace.

Photo illustration by Shutterstock.