Wiz's Billion-Dollar Cyber Deal… Norwest Venture Partners in the VC Directory… Series C Rounds Rebound
Plus, new investments in Atlan, Base Power, Monzo, Wayve, and Zenas BioPharma
The Main Item
Wiz Funding Stirs Hope in Cybersecurity Sector
The funding environment of the last couple of years hasn’t been kind to cybersecurity startups, with cyber VC investment in 2023 dropping to its lowest total in five years at the same time that inflated valuations from 2021 came back to earth.
But a high-profile round for New York and Israel-based Wiz could signal a shift. The cybersecurity unicorn announced at the RSA conference in San Francisco earlier this week that it had raised a whopping $1 billion Series E round, co-led by a16z, Lightspeed Venture Partners, and Thrive Capital, at a valuation of $12 billion. The company specified that a chunk of that capital is set aside for acquisition of smaller startups.
Some investors see the Wiz funding, and the terms that come with it, as a welcome sign for more deals to come.
With the conversation around “AI safety” increasingly involving the threats posed by AI-driven hacking and espionage tools, and security companies locked in a tech arms race with well-funded cyber adversaries, there should be plenty of demand for innovative security products. As with defense tech, intensifying geopolitical conflict with China and Russia makes the problem even more urgent.
The AI frenzy, combined with a plague of ransomware attacks, has also put a spotlight on the value—and vulnerability—of the ever-growing mountain of data that increasingly makes every sort of business run. According to a 2023 Gartner forecast, global security risk and management spending is expected to hit $215 billion by the end of 2024, a 14.3% increase from last year.
Reid Hoffman, speaking at the Bloomberg Tech conference in San Francisco, said security was one of the top challenges of the AI era, especially in light of great-power conflict.
“It’s a state of war out there” on the internet, Hoffman said, citing deepfakes and cyber-crime as the big threats, along with “AI in the hands of bad humans.”
“The unique dynamic in cyber is that you have an equal number of adversaries also innovating,” said Dave Zilberman, a general partner at Norwest Venture Partners. “You need to constantly invest in R&D, and acquisitions are a part of R&D for these companies.”
I asked Zilberman in a text exchange about which areas of cybersecurity are especially interesting right now. He said that beefing up “identity,” or authentication around who is accessing data, will be a crucial focus.
Advancements in AI for computer vision and identity verification have fueled some breakthroughs to defend against AI-powered cyber attacks, said Jake Seid, cofounder and general partner at Ballistic Ventures, though the technical challenges remain daunting.
Impersonation is also a big issue for US national security. A Microsoft report last month highlighted recent Chinese attack attempts on the US and our allies specifically using LLMs to enhance spearfishing campaigns.
Sec. of State Anthony Blinken, in a speech at RSA on Monday, emphasized the role the US had to play in boosting cyber defenses for our allies, reiterating the urgent need for the US to assist emerging economies in deploying “safe, secure, resilient, and sustainable technologies to advance their development goals,” and to stave off attacks from adversaries.
How all of this will translate in the cybersecurity startup economy isn’t obvious, though. Even as corporate and government customers face growing pressure to make sure their security is up to snuff, “pricing fatigue” has set in among some, as Palo Alto Networks CEO Nikesh Arora put it. Years of heavy spending on a multitude of products hasn’t always paid off.
With many cybersecurity startups facing a valuation haircut the next time they go out to raise, the “have nots” in the space will be pressured to sell to the “haves,” like Wiz. These smaller acquisitions are unlikely to be the multi-billion-dollar fund-returners that VCs hope for.
Techcrunch reported last month that Wiz is in talks to acquire Lacework for between $150 and $200 million, a fraction of that company’s last priced valuation of $8.3 billion.
Wiz’s strategy is in line with that of other large firms in the cybersecurity sector, which has historically seen a lot of M&A. Cisco recently closed its $28 billion deal for Splunk. Megafirm Palo Alto Networks has acquired over 20 companies, including its deals last year with Talon Cyber Security and Dig Security. Crowdstrike has also made several strategic acquisitions over the past few years, including its purchase of Flow Security back in March.
While the exits may not be what investors originally envisioned, Wiz’s acquisition goals could end up becoming a welcome lifeline for the sector.