Founder and Principal Analyst, ZK Research with a focus on emerging technologies that enable organizations to transform digitally.
Who would have thought we would be in a pandemic for nearly three years, where many people were forced to move to an isolated work lifestyle? Fortunately, we live in an era where connectivity made mobility ubiquitous. However, many enterprises have retained antiquated perimeter-based security architectures that left their data, operations and employees at risk. The instantaneous move to remote working created a nefarious playground for bad actors to execute online threats, which resulted in paralyzing effects for cybersecurity teams.
While this shift had a devastating impact on many industries, it was also a catalyst that propelled innovation for those companies that could capitalize on solving the needs of remote work. One of the largest benefactors of this shift was cybersecurity companies. These organizations—especially startups that thrived into unicorns—were rewarded for growth at no cost. Funding was aplenty, with the thought that financial viability would eventually emerge.
Fast forward, and I’ve noticed the market has shifted its priorities toward an environment where investors favor profitability over growth. This has caused a precipitous decline in valuation for unicorns, forcing many of them to rethink their business strategy while also feeling the impact on innovation. The CB Insights unicorn index tracks these billion-dollar companies, and as an analyst, I’ve observed that many are in the cybersecurity space.
It’s important to note that the popping of unicorn bubbles has happened before, such as in the WAN optimization industry. Now the security industry is going through a similar rationalization.
Business leaders should learn a lesson from the past and make decisions for cybersecurity vendors based both on technical capabilities and long-term viability. Below are some key considerations.
Business viability is just as critical as innovation.
Security platforms are only as good as their pace of innovation and ability to serve their customers. Unicorn security vendors are looking for an exit strategy, and when their valuations exponentially drop, it can stoke internal panic and disrupt the advancement of research and development. For example, once a darling of the industry, cybersecurity vendor Cybereason had a rude wake-up call as their valuation dropped 90% over a year after being on the verge of an IPO in 2021.
Financial viability: Retaining talent is essential for ongoing innovation.
With the dimming valuations for unicorns, many of the employees who drive creation have grown impatient. Talented employees banking on a profitable exit are seeing the fruits of their labor dwindle to a fraction of what they were once promised. As a result, security start-ups have shed employees through voluntary and involuntary attrition. This further slows product development, placing more pressure on the unicorns’ line-of-business leaders.
Unfortunately, it’s not only employees and investors of unicorns who are impacted; ultimately, it’s their customers. I’ve found the mass exit of talent is starting to halt ongoing development and product support, thus leaving customers holding an empty bag, which places their organizations at significant risk, incurs unexpected overhead costs and impacts their competitiveness as they lose time while they are reconsidering their security strategy.
Financial desperation can foster dishonest and unethical business practices.
When unicorns are backed into a defensive posture, the human side of survival can kick in. People will inherently do what they need to survive, especially without meaningful oversight. While unethical behaviors happen at public and private companies, SEC supervision provides a layer of checks and balances private companies do not have to adhere to.
It’s not an immense surprise that unicorns can be swayed by the lack of transparency in their operations and finances to win deals. For example, Netskope was involved in unethical business practices by illegally providing bribes to a key decision-maker at Netflix.
What should CIOs and CISOs consider when selecting the right cybersecurity vendor?
It is more important than ever to weigh a unicorn security vendor’s financial viability and technological prowess. They have a symbiotic relationship, and without one, the other could fail. In addition, there are several other related factors to consider.
1. Select a mature security vendor. Working with a vendor with more than a decade of proven innovation and consistent reliability is critical. Proven innovation and reliability can be somewhat subjective, but any vendor named a leader by credible sources, such as Gartner, for 5-plus years would have to have demonstrated sustained success. Many vendors move in and out of the leader category, but business leaders should look for a track record.
2. Transparency is a must. Publicly-traded security vendors with SEC oversight provide visibility into business operations and financial reporting, giving another level of assurance that vendors operate by stated regulations.
3. Business ethics and integrity are a window into a company’s values. Look at security vendors’ track records for business ethics and integrity. Given the heavy focus on ESG today, a quick internet search on any vendor should reveal unethical activity. This does require due diligence in speaking with industry peers. Does the company keep its promises to customers? Does it have high turnover? These are warning signs.
4. Find a long-running innovation leader. It’s not only about being the number one vendor today but also about the long road before and the runway ahead. What’s important is being a consistent leader for many years to demonstrate a strong track record.
5. Trailblazers lead the followers. Being first isn’t always important, but when a security vendor is the first in numerous meaningful innovations, it underscores its ability to transform. The world’s largest organizations tend to align with these vendors, so identify the security vendors with a sizable installed base with Fortune 500 and Global 2000 customers.
Business leaders typically leave IT purchasing to the technology team, which has been a best practice. However, making the wrong decision in security isn’t like choosing the wrong WiFi provider or phone system. Those issues can disrupt workers, but making the wrong choice with cybersecurity can disrupt the business now and in years to come. Business leaders must ensure evaluation is about more than technology, as the vendor can be relied upon today and in years to come.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here