Cyber in Focus: 9 Themes for Investors

Baird’s Cybersecurity Investment Banking team recently attended the 2024 RSA Conference: Where the World Talks Security in San Francisco. The group spent the week at and around RSA meeting with CEOs, investors and thought leaders in the cybersecurity ecosystem. Despite a growing number of familiar names on the expo floor, the world of cyber remains a very dynamic and fast-changing environment.

We frequently heard investors ask, “What areas are hot in cyber this year?” While that’s an interesting topic, we believe the much more important question is, “What themes are currently investable in cyber?” While we see general buy-in to the cyber macro theme, many investors are struggling to navigate the fast-changing landscape, identify the most resilient theme and price risk adequately. In this update, we share nine current themes investors should weigh when considering an investment in today’s cybersecurity space.

1. Macro Tailwinds Remain Strong
   The macro environment continues to be very attractive for investments in cybersecurity as the threat landscape evolves and volume of attacks increases at an exponential pace. Additionally, new and growing external pressures, including regulations, insurance and third-party risk management, continue to create pressure for further adoption.
   
   
2. Shifting from “Threat” to “Risk”
   Reframing the idea of cyber from “threat” to “risk” is essential in the face of increasing threat volume. Overlaying risk assessments on threat intelligence, detection and response allows vendors to provide outcome-based platforms and services at scale. Furthermore, it is no longer sufficient to only monitor threats and risks directly relating to the business in question – the perimeter has extended beyond the business itself into its supply chain, vendors and its customers, which is another key trend. Security analytics, data integration / AI and risk quantification capabilities are emerging as key differentiators, providing contextual insights and actionability.
   
   
3. ROI and The Rise of The “Platform Play”
   Reporting capabilities are becoming more and more important for CISOs in the face of increasing spend. Being able to demonstrate differentiation and clear ROI for cyber spend is critical for point solutions to successfully compete against larger consolidated platforms. In tandem, continued spending pressure is driving enterprises to “cyber platforms” and accelerating consolidation. Cybersecurity vendors are focused on consolidating security solutions into integrated platforms to provide better visibility, improve efficiencies and address customer pain points associated with fragmented tools.
   
   
4. Weighing Tech Risk
   Most investors are rightly anxious to take on technology risk in a fast-moving and relatively complex market, particularly in the core threat and detection areas. Barring a few very differentiated technology propositions, we would agree that sustainable technology leadership and differentiation is often difficult to forecast. Businesses that leverage best-in-class technology to drive superior client outcomes by layering on their own IP, processes and service layers are a much safer bet. Those businesses will command premium valuations as long as they have a recurring revenue model and inherent scalability in the service proposition.
   
   
5. Power of Channel Sales
   A number of the fastest growing vendors are united by a similar go-to-market approach — they are leveraging channel sales very effectively. Whether it is a pure MSP strategy or augmenting direct sales with a combination of channels such as MSPs, MSSPs, telcos, resellers, marketplaces, etc., channel sales allow those vendors to rapidly scale.
   
   
6. Threat Intelligence Is Increasingly Important
   Threat intelligence gathered from both public and private sources provides crucial insights for security analysts and programs. It helps identify the latest tools, techniques and procedures used by various cyber threat actors. It also allows analysts to study emerging trends and patterns in attacker behaviors. There is also an increasing focus on actionizing or operationalizing this intelligence for the SOC analyst.
   
   
7. AI Is an Enabler, Not a Business Model
   AI is becoming an integral part of the cybersecurity landscape, but it should not be the main investment thesis. On the one hand, we are seeing threat actors using more and more AI in their attacks, which in turn means a direct requirement for AI capabilities in good cybersecurity defense. On the other hand, AI / ML allows cybersecurity businesses to create efficiencies in navigating vast amounts of data (e.g., in the SOC environment) and continue to operate effectively and profitably at scale. In most segments we believe the incumbent market leaders are best placed to harvest the benefits of AI given they tend to be well-funded and have access to the largest data sets.
   
   
8. To Be or Not to Be… Friends and Foes of Microsoft (and the Other Giants)
   One of the dominant investment themes could be expressed as this question: “What happens if Microsoft decides to do XYZ?” As product companies, investors and markets start to price in this common theme, the debate continues around whether supporting and relying on a Microsoft proposition helps or hurts businesses. We heard mixed reviews in our conversations at RSA – on one hand, Microsoft has continued to further penetrate the enterprise, therefore becoming the vendor of choice when CISOs and C-suites decide to consolidate on a tech stack. Businesses that can make a case as a services layer for Microsoft and/or an add-on to Defender and Sentinel are well-placed to continue seeing an uplift effect from Microsoft’s growing cyber influence. Competitive solutions that look to “rip [out] and replace” or lack compatibility with Microsoft will continue to face headwinds as the landscape continues to move in favor of vendor consolidation. Other giants, like Palo Alto Networks and Crowdstrike, are also seeing more conversation about which players play well in their ecosystems and which will be edged out.
   
   
9. The Human TAM
   As organizations continue to struggle with the best ways to protect themselves, the overall perimeter of the “human element” is growing in importance. With Gartner and others compiling their views, investors in the meantime are struggling to quantify the TAM in these places – which employees, geographies and parameters are most critical and how those will change or evolve over time. Varying levels of in-sourced vs. outsourced technical support, SOCs and cyber skills obstruct the true underlying human capital that is powering organizations cyber defenses. Without a clear view of market size, businesses in these markets are forced to rely upon stickiness and net retention as measures for criticality and to underpin their solution’s importance. With increasing pressure to consolidate vendors, people are also starting to ask, “Does cyber training become an HR issue or remain in an IT department’s responsibility?’’

Baird’s Cybersecurity team has extensive experience advising across the sector. Our sector expertise covers network and endpoint security, security operations, identity and access management, security awareness training, threat intelligence, data security, application security and managed security services. We welcome the opportunity to discuss these themes and how they may impact your business or future strategy.

Connect with Baird’s Cybersecurity Team