As cyber threats surge, so does the funding going into the cybersecurity startups intent on stopping them. According to Crunchbase, 2021 set a record with global VC money invested in the sector surpassing $21.8bn.
While most monster rounds were in the US, Europe’s chunky deals included Swiss unicorn Acronis’s $250m raise at a $2.5bn valuation and French unicorn Shift Technology’s $220m round, which pegged it at a value of over $1bn.
And demand looks like it will continue — recent research conducted by PwC found two thirds of UK business leaders expect cybersecurity threats to increase over the next 12 months.
But behind the headlines, which cybersecurity startups have flown under the radar? We asked four VCs to nominate the companies they think could unlock the key to a safer cyber future. Only one catch: they couldn’t be companies in their portfolio.
Alston Zecha, partner at Eight Roads Ventures
Zecha is a partner at Eight Roads Ventures, a global VC firm managing $11bn of assets across offices in the UK, China, India, Japan and the US. Alston joined Eight Roads in 2015 and invests in scaleups across Europe and Israel, with a specific interest in cybersecurity, fintech and SaaS companies.
GitGuardian — Paris, France
GitGuardian, based in Paris, automatically detects secrets (e.g. API keys, passwords) in source code in public and private repositories. This is a growing risk in a world of open source code and agile development. Developers often include numerical secrets when building and testing code, but in the thousands of lines they continuously share in repositories it’s easy to forget to remove these, which inadvertently leaves a company’s crown jewels totally exposed.
Efficiently scanning and identifying secrets without false positives is a highly complex task, which GitGuardian does, winning plaudits from developers for automatically notifying them in near real-time and being extremely straightforward to use.
Exein — Rome, Italy
The flipside of the benefits of ubiquitous Internet of Things (IoT) smart devices is that every device could be hacked. Most cybersecurity focuses on software, neglecting the most foundational computation layer on top of which everything else runs: firmware etched directly into the device to provide instructions for basic tasks e.g. communicating with other devices or controlling standalone hardware like a heart defibrillator.
Exein, based in Rome, detects compromises and automatically remediates suspicious behaviours, as well as providing vulnerability scanning for any known or emerging threats. Developing firmware security is fiendishly hard, but the benefits to sectors including critical national infrastructure, aerospace, automotive, healthcare and of course defence could be massive.
Imran Ghory, partner at Blossom Capital
Ghory is a partner at Blossom Capital, a VC firm that invests in European tech. He is a Series A investor, interested in infra, security and open source. Blossom Capital’s portfolio includes cybersecurity startups Sqreen and Tines.
Immunefi — remote
Because the crypto ecosystem has evolved so quickly and there's a dire shortage of crypto security talent, there's a massive lack of security products that serve the needs of a space where security breaches are both frequent and can have massive financial consequences. Immunefi helps tackle this by building a security bug bounty platform in which Web3 and crypto projects can financially incentivise individuals to discover and report security vulnerabilities in smart contracts — before the hackers do!
Rob Kniaz, partner at Hoxton Ventures
Kniaz is a partner at Hoxton Ventures, an early-stage venture capital firm investing in “European technology startups that can scale into large, global winners”. It focuses on startups that either disrupt existing industries or invent entirely new market categories. It was an early investor in Babylon Health, Darktrace and Deliveroo.
Cerbos — UK
Cerbos is very interesting. It codifies the policy of user control using a framework known as OPA which is becoming the de facto for access control. Cerbos lets a company centrally define very granular permissions across many apps so you could define it like a "sales manager" role who can approve expenses in one app and then close customer tickets in another.
Damien Henault, partner at TempoCap
Henault is a partner at TempoCap, a European growth-stage technology fund with offices in London, Paris and Berlin. TempoCap has developed a particular expertise in cybersecurity with seven significant investments in its current portfolio and one exit, Ercom, which has been acquired by Thales Group in 2019.
Gatewatcher — France
Gatewatcher is arguably one of France’s most exciting startups in cyber threat detection. Impressively, the company recently launched their new NDR platform Aioniq which adapts continuously to provide a powerful response to known and unknown cyber threats such as ransomwares, APTs and zero-day vulnerability exploits.
Panaseer — UK
Panaseer has done an exceptional job of cornering the enterprise security market with the launch of its proprietary Continuous Controls Monitoring platform. The company is the clear leader in this new mission critical segment and has cemented its position as an innovative and forward-thinking cybersecurity business.