With RSA Conference 2020 just around the corner, experts offered a wide range of opinions on what the future holds for cybersecurity investments.
SearchSecurity recently previewed Momentum Cyber's Annual Cybersecurity Almanac, a report on cybersecurity trends, industry predictions and strategic activity. This year's almanac, which was published Tuesday, showed data security and identity and access management (IAM) vendors received the most investment funding in 2019.
As a follow-up, SearchSecurity asked several experts to weigh in on cybersecurity funding trends ahead of RSA Conference 2020. Opinions differed on which sectors would receive the most interest from venture capital and private equity firms; some believed emerging technologies like machine learning and AI would continue to lead the pack, while others predicted a return to basics like compliance and asset management. But all expected another year of overall funding growth for the industry.
Cybersecurity funding remains strong
Doug Cahill, vice president and group director of cybersecurity at Enterprise Strategy Group, said that because innovation is critical to counter the evolving threat landscape, venture funding "continues to be strong in the cybersecurity market."
More specifically, Cahill saw cloud adoption as a big driver for IAM and data security investments. "The broad adoption of cloud services and knowledge worker mobility has necessitated a retooling to secure an amorphous perimeter, one best characterized as the intersection of a user's identity and privileges and the cloud-resident data assets they are accessing," he said. "As such, there has been a number of seed and A round investments in cloud-centric identity and access management and data security vendors."
He also pointed to dev time application security as another cybersecurity market seeing appreciable investment. He calls it "a market driven by the fact that today's application economy is developer-driven and API-centric dynamics requiring cybersecurity to be an intrinsic aspect of application development."
Lastly, Cahill said "the use of artificial intelligence for a range of cybersecurity use cases has become table stakes with notable newer applications of AI including natural language understanding to detect bogus emails employed in business email compromised attacks."
New regulations, more investments
Christina Richmond, principal analyst of cybersecurity services at Enterprise Strategy Group, said that her gut feeling -- as well as what she's hearing from many CISOs -- was that data security, privacy and risk will be the top investment areas in 2020.
"With the rise of CCPA [California Consumer Privacy Act], and the continued threat of fines from GDPR security teams, boards and execs are increasingly worried about data and access," Richmond said via email.
Richmond also highlighted other areas such as data inventory, classification and data loss prevention (DLP) as well as IoT. "I'm hearing several startup or newer companies addressing data inventory, classification and DLP. Some from the security perspective, some not," she said. "With 5G and Wi-Fi 6 on the horizon and becoming more real, we'll see more industry specific (auto, manufacturing) IT/OT consulting, IoT security tools."
Back to basics
ForgePoint Capital Partner Will Lin predicted a shift in cybersecurity investments this year, driven in large part by past failures.
"Security has had a lot of fun for many, many years. Some would describe the last five or six years as the gold rush in security. I think CISOs have had a lot of opportunities to experiment, and I think some of those experiments worked out really well, and some of those experiments worked out not-that-great," Lin said. "And so I think all of the decisions that have been made in the past five years during the gold rush are coming back to roost, and some of those that didn't work are very clear lessons learned that 'hey, we shouldn't be spending so much time investing in these cool ideas. We need to spend more time going back to the basics.'"
He said that this trend has been occurring "at least the last year," pointing to the RSA Sandbox winner last year, Axonius, as an example of a back-to-the-basics-type company. "Asset management, asset inventory, visibility is as basic as it can get."
Where is venture capital money going for cybersecurity in 2020? "That's the million-dollar question, and the answer is everywhere," said Chris Steffen, research director at Enterprise Management Associates. That said, he highlighted a few key sectors that will stand out from the field. "I really think you're going to see a lot of money going into DevSecOps and automation with IoT playing third, but the whole industry in general is still on pace to receive tons and tons of VC capital in 2020."
And beyond specific technologies, Steffen said he expects big opportunities for cybersecurity vendors that are focused on small and medium businesses. "I also believe personally that those vendors and businesses that are starting to pay attention to the SMB market are really standing to take advantage of a real wellspring of activity," he said. "I think 2020 and 2021 are going to be the years that those security vendors that position themselves are going to take advantage of what is almost a greenfield in the midmarket stand to do really, really well."