reporter2
08-11-21, 09:47
Talent crunch stunts potential for startups in booming cybersecurity scene
High-profile security breaches create openings for newcomers, but funding activity still centres on Israel, US
Nov 08, 2021
CYBERSECURITY has become one of the hottest startup investment themes this year, thanks to the spotlight cast on the sector by high-profile security breaches and pandemic-driven demand.
Like Israel and the US, Singapore is seeing more venture capital (VC) flowing into cybersecurity. But making a mark is still tough, as startups here are hampered by talent shortages and a lack of maturity in the regional market.
Investments into venture-backed cybersecurity companies - including corporate and private equity capital - hit US$9 billion across over 300 deals globally during the first half of this year, according to Crunchbase. This exceeds the US$7.8 billion investors poured into the sector for the whole of last year, in what was already seen as a bumper year.
Here in Singapore, there have been 6 cybersecurity deals worth US$408.2 million thus far this year, close to 10 times the US$41.4 million invested in 2020, according to data from market intelligence firm Preqin.
The space is one that holds particular promise for startups, some industry observers said, because incumbents don't necessarily have a huge edge.
While the cybersecurity landscape is dominated by big companies, startups can excel in certain niches, said Tam Hock Chuan, managing director of Vertex Growth.
"In the world of cybersecurity, it's a game of cat and mouse, of one upmanship. I may have this generation of firewall, but some hackers may be clever enough to find out what's missing in the next generation of firewall, so you need to have the next-next generation. It's a space that keeps moving, and this gives rise to the best of breed companies," he said.
Vertex Growth, part of the Temasek-linked Vertex Ventures network, is among several VCs here active in cybersecurity. But many are shopping in Israel.
The country has an ecosystem of cybersecurity experts emerging from elite military units, drawing in investors. For instance, Singapore-based VC BlueRed Partners in September joined the US$42 million Series B round of third-party security management startup Panorays, whose three co-founders had met while serving in the Israeli air force's intelligence unit.
In May, two Vertex funds, Vertex Growth and Vertex Ventures Israel, participated in the US$45 million Series C round of Cymulate, a provider of breach and attack simulation, also founded by former Israel intelligence officers. Vertex Ventures Israel had invested into Cymulate as far back as 2019.
Last month, state investor Temasek led a US$550 million Series C extension in Israeli cloud security provider Orca Security.
These Singapore-based investors act as a bridge to Asia for their portfolio companies. BlueRed sees itself as a partner to help Israel-linked cybersecurity players like Panorays expand their client base in Asia - particularly in South-east Asia, with its "high density of SMEs", said Laurence Harel, who heads business development at the venture firm.
"Companies are enticed by our offering for expansion into Asia, as this tends to be a hard-to-reach region for them, (with many) preferring to go via the tried-and-tested route to the US. We provide them with a clear path to expansion, significantly enhancing our participation in a round beyond monetary investment," said Yishai Klein, managing director of BlueRed.
BlueRed has backed two other Israel-based cybersecurity startups - Unbound Security and Cynet. The venture firm, which has a US$100 million fund focused on Israeli deep tech, is on the lookout for more cybersecurity deals.
Singapore's cybersecurity startups have managed to score some funds too. In May, cyber protection firm Acronis hit a US$2.5 billion valuation, after raising more than US$250 million. And in September, Vulcan Capital - the investment arm of Vulcan Inc, founded by late Microsoft co-founder Paul Allen - led a US$15.5 million Series A round in data security platform Borneo.
But talent remains a challenge. Kevin Lee, chairman of Singapore-based cybersecurity startup Horangi, said: "If we ask why there are so few domestic cybersecurity companies, the biggest reason is the talent. We are trying to catch up now; the government is doing a lot, but it takes time."
Poaching has become more widespread in the sector, given difficulties in bringing in foreign staff. Talent in short supply now include penetration testers and incident responders, especially at the senior level, said Lee.
Among those hiring most aggressively are companies setting up a new Singapore office or doing major expansion here, which are willing to pay a premium for talent, he added.
Stas Protassov, co-founder and technology president of Acronis, agreed that it is an "employees' market" in the foreseeable future. But he is optimistic about the pool of talent expanding.
"We are hiring a lot of people here in Singapore and we are positively surprised with the quality of the people. It's probably not so easy to find someone with 15 years of experience, but there are lot of graduates from local universities who did their bachelor's or master's in cybersecurity... In countries like Indonesia, Malaysia and Vietnam, you can find a lot of people with a reasonable understanding of cybersecurity," said Protassov.
While there is strong demand for cybersecurity solutions in South-east Asia, the bulk of activity has been in ventures that can address the personnel shortage through managed services and outsourcing, said Lee Ser Yen, partner for cyber at KPMG.
"In contrast, there are relatively fewer startups participating in the development of innovative tech solutions, partly since such solutions require a longer investment horizon," he said.
The other challenge is how many South-east Asian businesses do not invest more resources into cybersecurity, seeing the infrastructure as being more costly than the risk of having to pay a fine, noted Horangi's Lee.
In addition, some investors also prefer for cybersecurity startups to address the US market, rather than South-east Asia, to attain a higher valuation. This creates a "chicken and egg problem", where if capital is not flowing in here, the cybersecurity startup landscape cannot mature more rapidly, he added.
Notwithstanding the challenges, homegrown cybersecurity startups play an important role as the region's SMEs digitalise, said Lim Kuo-Yi, managing partner of Monk's Hill Ventures, which is invested in Horangi.
"Hackers are always going to look for the weakest link in the whole system. Increasingly, with more SMEs digitalising in the cloud, they are going to form the weakest link from a national perspective," he said.
Steve Lam, EY's Asean cybersecurity leader, is bullish on the government's efforts, such as the Cyber Security Agency of Singapore's industry call for innovation, where the agency may provide up to S$1 million in funding support.
"On one hand, the current cybersecurity talent gap, both in terms of capacity and capability, limits the rate of expansion for cybersecurity startups globally. On the other hand, the talent scarcity challenge could also create opportunities for innovation," he said.
High-profile security breaches create openings for newcomers, but funding activity still centres on Israel, US
Nov 08, 2021
CYBERSECURITY has become one of the hottest startup investment themes this year, thanks to the spotlight cast on the sector by high-profile security breaches and pandemic-driven demand.
Like Israel and the US, Singapore is seeing more venture capital (VC) flowing into cybersecurity. But making a mark is still tough, as startups here are hampered by talent shortages and a lack of maturity in the regional market.
Investments into venture-backed cybersecurity companies - including corporate and private equity capital - hit US$9 billion across over 300 deals globally during the first half of this year, according to Crunchbase. This exceeds the US$7.8 billion investors poured into the sector for the whole of last year, in what was already seen as a bumper year.
Here in Singapore, there have been 6 cybersecurity deals worth US$408.2 million thus far this year, close to 10 times the US$41.4 million invested in 2020, according to data from market intelligence firm Preqin.
The space is one that holds particular promise for startups, some industry observers said, because incumbents don't necessarily have a huge edge.
While the cybersecurity landscape is dominated by big companies, startups can excel in certain niches, said Tam Hock Chuan, managing director of Vertex Growth.
"In the world of cybersecurity, it's a game of cat and mouse, of one upmanship. I may have this generation of firewall, but some hackers may be clever enough to find out what's missing in the next generation of firewall, so you need to have the next-next generation. It's a space that keeps moving, and this gives rise to the best of breed companies," he said.
Vertex Growth, part of the Temasek-linked Vertex Ventures network, is among several VCs here active in cybersecurity. But many are shopping in Israel.
The country has an ecosystem of cybersecurity experts emerging from elite military units, drawing in investors. For instance, Singapore-based VC BlueRed Partners in September joined the US$42 million Series B round of third-party security management startup Panorays, whose three co-founders had met while serving in the Israeli air force's intelligence unit.
In May, two Vertex funds, Vertex Growth and Vertex Ventures Israel, participated in the US$45 million Series C round of Cymulate, a provider of breach and attack simulation, also founded by former Israel intelligence officers. Vertex Ventures Israel had invested into Cymulate as far back as 2019.
Last month, state investor Temasek led a US$550 million Series C extension in Israeli cloud security provider Orca Security.
These Singapore-based investors act as a bridge to Asia for their portfolio companies. BlueRed sees itself as a partner to help Israel-linked cybersecurity players like Panorays expand their client base in Asia - particularly in South-east Asia, with its "high density of SMEs", said Laurence Harel, who heads business development at the venture firm.
"Companies are enticed by our offering for expansion into Asia, as this tends to be a hard-to-reach region for them, (with many) preferring to go via the tried-and-tested route to the US. We provide them with a clear path to expansion, significantly enhancing our participation in a round beyond monetary investment," said Yishai Klein, managing director of BlueRed.
BlueRed has backed two other Israel-based cybersecurity startups - Unbound Security and Cynet. The venture firm, which has a US$100 million fund focused on Israeli deep tech, is on the lookout for more cybersecurity deals.
Singapore's cybersecurity startups have managed to score some funds too. In May, cyber protection firm Acronis hit a US$2.5 billion valuation, after raising more than US$250 million. And in September, Vulcan Capital - the investment arm of Vulcan Inc, founded by late Microsoft co-founder Paul Allen - led a US$15.5 million Series A round in data security platform Borneo.
But talent remains a challenge. Kevin Lee, chairman of Singapore-based cybersecurity startup Horangi, said: "If we ask why there are so few domestic cybersecurity companies, the biggest reason is the talent. We are trying to catch up now; the government is doing a lot, but it takes time."
Poaching has become more widespread in the sector, given difficulties in bringing in foreign staff. Talent in short supply now include penetration testers and incident responders, especially at the senior level, said Lee.
Among those hiring most aggressively are companies setting up a new Singapore office or doing major expansion here, which are willing to pay a premium for talent, he added.
Stas Protassov, co-founder and technology president of Acronis, agreed that it is an "employees' market" in the foreseeable future. But he is optimistic about the pool of talent expanding.
"We are hiring a lot of people here in Singapore and we are positively surprised with the quality of the people. It's probably not so easy to find someone with 15 years of experience, but there are lot of graduates from local universities who did their bachelor's or master's in cybersecurity... In countries like Indonesia, Malaysia and Vietnam, you can find a lot of people with a reasonable understanding of cybersecurity," said Protassov.
While there is strong demand for cybersecurity solutions in South-east Asia, the bulk of activity has been in ventures that can address the personnel shortage through managed services and outsourcing, said Lee Ser Yen, partner for cyber at KPMG.
"In contrast, there are relatively fewer startups participating in the development of innovative tech solutions, partly since such solutions require a longer investment horizon," he said.
The other challenge is how many South-east Asian businesses do not invest more resources into cybersecurity, seeing the infrastructure as being more costly than the risk of having to pay a fine, noted Horangi's Lee.
In addition, some investors also prefer for cybersecurity startups to address the US market, rather than South-east Asia, to attain a higher valuation. This creates a "chicken and egg problem", where if capital is not flowing in here, the cybersecurity startup landscape cannot mature more rapidly, he added.
Notwithstanding the challenges, homegrown cybersecurity startups play an important role as the region's SMEs digitalise, said Lim Kuo-Yi, managing partner of Monk's Hill Ventures, which is invested in Horangi.
"Hackers are always going to look for the weakest link in the whole system. Increasingly, with more SMEs digitalising in the cloud, they are going to form the weakest link from a national perspective," he said.
Steve Lam, EY's Asean cybersecurity leader, is bullish on the government's efforts, such as the Cyber Security Agency of Singapore's industry call for innovation, where the agency may provide up to S$1 million in funding support.
"On one hand, the current cybersecurity talent gap, both in terms of capacity and capability, limits the rate of expansion for cybersecurity startups globally. On the other hand, the talent scarcity challenge could also create opportunities for innovation," he said.