"Where there's the largest gap between offense and defense," Dave DeWalt said in his Summit keynote, "there's the opportunity for investment." Co-founder and chairman of Momentum Cyber and a managing director at AllegisCyber, DeWalt provided context for investment in cybersecurity firms, with that context drawn from his sixteen years as a CEO in the tech sector. Now an investor and an advisor, DeWalt said that the key to understanding the cybersecurity market is to see how security is used, and how it functions. Such understanding is the key to visibility.
A perfect cyber storm.
DeWalt characterized the present situation as "the perfect cyber storm." That storm was shaped from six elements. First, speed of innovation drives increases in vulnerability. Second, Expansive vulnerabilities enable exponential growth in attacker groups and types. He observed that twenty-nine countries have declared offensive cyber capabilities. Sixty-four countries have declared defensive capabilities, and many or even most of these probably have unacknowledged offensive capabilities. There is much collusion between states and criminal groups.
Third, we've seen the levels of danger expand from hacktivism to crime and on to espionage. Fourth, a combination of greater geopolitical tensions, deficient governance in cyberspace, and poor law enforcement models are mutually reinforcing trends that breed conflict and insecurity. Fifth, conflict and insecurity are compounded by Internet anonymity. "We're nowhere near getting solutions to this." Sixth, "All this is compounded by legacy security providers' inability to detect or prevent attacks." Thus, DeWalt concluded, we see a perfect cyber storm, and therefore a perfect opportunity for investing.
From hacktivism to crime to great-power competition.
Taking a look back at the earlier days of the cybersecurity industry, DeWalt recalled that, working against viruses, we tried using generic, polymorphic signatures for detection and defense, and yet we still came up with sixty-eight million signatures that needed updating daily, an impossible task.
From those early days of crime we moved on to what DeWalt called "the Great China IP War," with five-thousand-seven-hundred-seventy-one confirmed Chinese attacks on US intellectual property. "And then we got, most recently, the Russian Information War." America is thus between Russia and China, and "the gloves are off" in super power cyber competition.
Advice for investors and entrepreneurs.
Turning from the threat to the cybersecurity sector, DeWalt described the market's growth. From about $3.2 billion in 2000 that market has risen to $96.3 billion today. There are, he said, about three-thousand cyber vendors, and five-hundred or so new ones arise each year. CEOs of such companies "must know their window." And investors must understand how much time a company has, and how wide a moat surrounds it. He's seen too many companies and investors fixate on patents. "IP is a game of inches," he said. "Go-to-market is a game of miles." Investors should look for management teams who can figure out go-to-market. Many companies fail, DeWalt argued, because they don't know their window and can't handle go-to-market.
Gaps and opportunities.
DeWalt closed by offering his impression of the biggest gaps and their corresponding investment opportunities: "drones and domes" (the drone economy and the security infrastructure it will necessarily require), "industrial and IoT" (increasingly pervasive), "social and satellite" (with just a handful of company's specializing in social media security, and satellites assuming an increasingly bigger share of communications infrastructure), and "cloud and crypto" (especially with respect to identity management and advanced cryptography). He was particularly interested in satellites: "The number of devices and systems now connecting to satellites is daunting." More than fifteen hundred low-earth-orbit and geostationary satellites are up and operating now, and more are coming.