As seen in Global Corporate Venturing, February 2015 issue.
Cyber-attacks dominated the headlines in 2014, highlighting the vulnerabilities we face in business, and personally. At the recent World Economic Forum in Davos, one CEO after another issued warnings that the worst was yet to come. Security at the largest corporations and world governments has been breached in high-profile cyber-attacks, exposing the foundational weaknesses of a digital world. The convenience, efficiency and productivity offered by technological advances in the past two decades have overshadowed the fact that with each advance, new and unique security vulnerabilities arise. While perhaps previously overlooked, today these risks are rearing their heads in dramatic fashion.
In December, Silicon Valley Bank, in collaboration with Terrible Labs and Hack/Reduce, organised a programme to engage clients and leaders in the cyber-security field. We set up one-on-one meetings between startup founders and corporate venturing clients and held a well-attended symposium. Steve Allan of SVB Analytics, a non-bank affiliate of Silicon Valley Bank that offers strategic advisory services, valuations and merger and acquisition (M&A) accounting and reporting, discussed the trends in cyber-security and shared valuable insights with the group.
The amount of data we generate as a society is staggering. New trends in technology have offered tremendous opportunities for individuals to be more efficient and productive. Meanwhile, analytics technology has made it possible for corporations to harness the power of data to improve services and products. Use of data is now pervasive in almost every aspect of business. And the amount of data is expected to grow rapidly over the foreseeable future. According to Cisco's Global Cloud Index, data centre traffic is expected to grow at 32% per year until 2018. Much of this growth is driven by new consumer electronic technologies, including smartphones, tablets and the growing popularity and usefulness of connected devices. This expanded depth and breadth of data usage makes the value of society's collective digital information greater than ever before.
These trends present new and pressing challenges for enterprises looking to keep data secure. In the previous infrastructure-heavy IT world, enterprises could focus on securing their networks and protecting their servers and endpoints within their firewalls. Now, with bring-your-own-device (BYOD) policies, consumers are bringing personal devices into the workplace, and the internet of things (IoT) means endpoints are growing exponentially in number, data and strategic value. With cloud computing, mission-critical information is moving from servers inside the firewall to outside servers maintained by third parties.
Meanwhile, cyber-criminals are continually creating new and innovative ways to infiltrate "secure" networks. According to a Government Accountability Office analysis, the number of attacks reported by federal agencies increased 10-fold between 2006 and 2013. Investment of resources in the cyber-security space is needed to address these risks, and is growing, but the solution is not just that simple.
Often industry incumbents have been hard pressed to develop technological solutions quickly to counter increasingly sophisticated cyber-criminals. The broad range of challenges presented by different technologies and platforms sometimes makes it difficult for these large entities to effectively research and develop solutions while also serving existing clients.
The answer, it seems, might lie with fast-adapting startups. Annual deal volume in the cyber-security space increased from under $500m in 2009 to more than $2bn in 2014, according to CB insights. Startups are able to focus resources on one specific problem within the broader security landscape. Startups, however, do not always have the budget, market reputation or runway to market their products effectively. This is where the incumbents come in. While they may not be nimble at research and development (R&D), they already have the distribution channels necessary to get products to market. The result is a robust innovation and M&A cycle, not unlike that in the pharmaceutical industry. Large incumbents acquire R&D capabilities and leverage existing distribution channels to get products to market more quickly.
Where problems persist, opportunities exist. Enterprises seek agile startup partners that can help them incorporate new technology into an existing legacy infrastructure. Today, there lacks a unifying middle fabric to effectively connect data providers to consumers of data, fusing management of data, and minimizing movement of data into one process flow. Many think this likely will be an open source project backed by a large enterprise.
This dynamic is in play in the mobile security space. The BYOD trend created a host of issues for enterprises as employees were accessing confidential information on their unsecured personal devices. BYOD security required an approach different from legacy mobile security, which was generally embedded in devices. Startups sprang up to solve the new problem, and the mobile device management industry was born. As BYOD proliferated with smartphone expansion, incumbents acquired technology to offer customer solutions rather than waiting for in-house R&D. A wave of acquisitions took place. Before being acquired itself by Intel, McAfee bought TrustDigital, Symantec purchased Odyssey and Nukona, and VMWare acquired Airwatch.
We know that as the amount of data and value of digital information grow rapidly, so do the security vulnerabilities. Our society is increasingly reliant on a strong digital foundation, and as cyber-threats become more severe, shoring up that foundation becomes critically important. To be sure, digital security is poised to drive outsized growth in the coming years.