Investing in Cybersecurity: A Look into 2022

Published

Insight Partners had a banner year, with more than $50 billion in capital commitments and over 200 investments in 2021. While we invest in founders across a wide spectrum of businesses, this series focuses on outlining our theses on four verticals that we’re particularly excited about in 2022: artificial intelligence; fintech/crypto; cybersecurity; and healthtech.  

Our digital world is under attack like never before: The threat frontier is constantly expanding as is the likelihood of a successful cyberattack. Even as the frequency and sophistication of hacks increases, though, research shows that 95% of breaches are preventable. Unsurprisingly, technology can play a major role in staving them off. 

In total, Insight Partners invested in 25 different cybersecurity companies in 2021, which represents an 80% increase from the year prior, and we don’t expect that cadence to slow down in 2022. 

There are a handful of factors that we’ve seen driving enterprise security spending and which we expect to continue to have an impact for several years. 

First, companies are continuing to shift their operations to the cloud and SaaS, which requires an increased need for monitoring and remediation that can protect multiple cloud environments and network traffic. As the software supply chain becomes even more complex and intertwined, bad actors can use a vulnerability in one system to infiltrate another. We’ve all seen this severity in action with the likes of the far-reaching SolarWinds hack and zero-day exploits like Log4j and the immediate benefits enterprise companies are getting out of solutions like Wiz, Dazz and Bionic. These cloud security companies are changing the way we secure the cloud.

As networks go from physically defined and centralized hub-and-spoke architectures to software-defined and decentralized endpoint-to-cloud architectures, it requires a new security paradigm. Secure  access service edge (SASE) companies like Perimeter81, AI-enabled web threat detection providers, like DNSFilter, and browser-based isolation tools, like Island, all help enterprises protect themselves and their employees now that their “network” is just a decentralized collection of internet-connected endpoints. 

Enterprise adoption of this modern security framework is especially relevant given that it’s become clear that the pandemic-spurred shift to remote or flexible work isn’t going away: Many workers will remain at home in the long-term, so corporations need security solutions that are both robust, user-friendly and easy to implement and maintain without an in-person IT team . 

Relatedly, there’s another personnel issue for companies to contend with: There are just not enough experienced cybersecurity professionals on the market. Security leaders will need to turn to threat prioritization and cross-product integration to optimize the use of their limited staff and take advantage of automation and orchestration solutions like Torq. Immersive Labs has identified this problem to help train new talent and address talent shortage.

But as enterprises adapt to the changing landscape, so too do bad actors. 

Automation is now increasingly used in attacks and we have seen an increase in threat sophistication overall. Pentera’s automated security validation and pen testing addresses this issue.  Industrial scale commercialization of ransomeware-as-a-service offerings are being peddled by for-profit adversaries, which is driving up the number of opportunistic incidents and causing the cost of cyber insurance to skyrocket. Fighting these expanding threats requires companies, like SentinelOne, to focus on advanced endpoint detection and response, along with Calamu that has incredible anti-ransomware capabilities related to data protection and storage. 

Finally, hackers’ successful attacks are also having more serious, cascading implications for victims, including steep clean-up costs, reputation damage, and regulatory blowback. Federal and industry regulations that introduce strict compliance requirements.

As geopolitical tensions rise and the advanced capabilities of nation state actors are heightened, the potential cyber risk associated with critical infrastructure, industrial IOT, and OT (operational technology) systems can turn into physical risk. Armis, the first agentless, enterprise-class security platform, addresses these new threat landscapes of unmanaged and IoT devices and is trusted by Fortune 1000 companies across the world. 

We expect all these trends to continue into 2022 and beyond. While challenges and threats are increasing, so too are innovative solutions, and we are excited to continue to watch the market and support new entrants in what will surely be another dynamic year. 

Investing in Crypto: A Look into 2022

  • Thomas Krane, Managing Director

    Thomas is a Managing Director on the investment team and joined the firm in 2012. His focus areas include cybersecurity, DevOps, IT automation and application software. Thomas also works closely with the Insight IGNITE program, leveraging his experiences on the investment team to drive thought leadership for Insight’s network of Global2000 CIOs…