- Venture capital (VC) firms invested more than $1 billion in 115 startups in 2005, according to the National Venture Capital Association (NVCA). Of those, nearly one-fourth were for first-round financings in startup companies.
- In 2005, there were 100 M&A transactions involving firms that provide security solutions. The value of those deals was $2.6 billion, up from $1.6 billion in 2004.
- Nearly all major venture capital firms include security investments in their portfolios. For example, over the last few years, Sierra Ventures, a leading venture capital firm in Silicon Valley, has made approximately 10 investments in security startups. Vispi Daver, a principal at Sierra, estimates that valuations for some mergers and acquisitions in the security sector have proved increasingly compelling with some deals rising to valuations of over $400 million for the first time in years. Vispi estimates that today's market includes several firms posting roughly $50 million or more in revenue, representing a healthy pipeline of mature companies.
No surprise that venture capital firms are so active in the security field. Actions by the VC community can be viewed as "headlights" to highlight evolving trends, breakthrough technologies and growth markets. Security, enterprise data integration, health care and regulatory compliance were key areas cited by members of venture capital firms who participated in the Down Joes VentureWire Enterprise Ventures conference in June 2005, with security running as the underlying theme throughout all key areas.
Several factors have emerged to keep security at the forefront of venture capital investment.
Wireless connectivity, RFID, and the constant introduction of new forms of communications devices present ever-increasing demands for security at a time when criminals are constantly devising new ways to try to breach the security of networks and devices. Venture capital firms say messaging, intrusion prevention and unified threat management approaches are areas where demand is so great that successful individual startup companies are posting $100 million in sales in meeting that demand.
Last October, IBM acquired DataPower, a Cambridge, Mass.-based, privately held provider of products to help improve security and speed the processing of computer transactions. DataPower was funded by Venrock Associates, a leading venture firm for whom security is a top area of expertise and investment. In making the acquisition, IBM said it wanted to help companies improve performance, security and management of business processes built of reusable, open-standards-based software components, which operate independently from the applications and computing platforms on which they run. This increasingly popular approach, called Service Oriented Architecture (SOA), combines business operations with information technology.
Technology is no longer the sole driver of innovation. Important breakthroughs intersect IT and industry needs, resulting in improved business performance. That's why many of the acquirers of security companies, such as IBM, are putting various aspects of IT together with specific security solutions to deliver capabilities across industry domains.
For example, to meet government disclosure requirements such as Sarbanes-Oxley, companies need a single set of accurate, current and secure financial information.
In short, as long as there is a need to protect information, and perceived desire on the part of criminals to acquire that same information, venture capital investment in security companies should remain strong.
Deborah Magid is director of software strategy for IBM's Venture Capital Group. She is also a member of the board of SDForum, the Silicon Valley emerging technology group.