Cyber is the most vibrant sector in Israeli high-tech, generating headlines about new companies and heavy investments almost daily. Last October, the company Cybereason announced raising $59 million, joining the $25 million it had raised four months earlier. That’s the sort of money usually reserved for exits. ForeScout Technologies raised $80 million, reflecting a company value of about $1 billion.
- The birth of a unicorn: The story of an Israeli startup worth a billion dollars
- Cyber sector in uproar as Israel plans to restrict exports due to security risks
- If Israel was a startup, would you buy shares?
According to research company IVC, which analyzes the Israeli venture capital scene, Israel has 430 companies operating in cyberspace. Is this a bubble? Or, more accurately, does the Israeli high-tech cyber scene have frothy characteristics – and if so, what next?
“‘Bubble’ is not a purely economic term; it’s a popular concept representing a situation that lacks equilibrium,” says Elik Ber, CEO of consultancy Meidata, which mapped out the local cyber scene. “If I was asked to define it in economic terms, I’d say a bubble arises when an unreasonable gap opens between the realistic and nominal value of things. A real estate bubble, for example, means apartments are worth much less than people are willing to pay for them.”
Sometimes bubbles may result from players sharing an interest in their existence, with nobody around to scream that the emperor is naked.
In cyber’s case, many do well from the buzz: the companies raising money at sky-high values; the venture capital funds whose assets are worth more; and the consultancies, lawyers, etc., that hired cyber experts. In Israel, cyber has even become a political coin spent freely by Prime Minister Benjamin Netanyahu.
Mind the baby
One might think that cyber has bubbly aspects, but a slew of studies show otherwise. A big Merrill Lynch study, published last September, determined that cyber attacks are constantly on the rise, likewise their sophistication. The number of potential targets for hackers grows by the day. If once the number of potential targets was confined to the number of personal and organizational computers in the world, today it’s every mobile device too, including 5 billion smartphones. Some 50 billion devices are expected to be online as the “Internet of Things” (IoT) revolution revs up. Even one’s pacemaker, house door or baby monitor could become a target, theoretically speaking.
Cybercrime is estimated to be causing anywhere from $375 billion to $575 billion a year, which is about 1% of global GDP, says Merrill Lynch. It also quotes PwC’s finding that the number of attacks grew by 66% in each of the years 2009-2014.
The bottom line is that there’s not one solution for all any more, and enterprises have to adopt several unique tools that answer their specific security needs. They know the danger and are spending.
Another study recently published by Business Insiderassesses the cost to any given U.S. company of a successful data breach at $6.5 million in 2015, versus $5.9 million in 2014. A PwC paper from February shows that the number of companies admitting to losing more than $1 million due to cybercrime doubled in 2015.
Yet only 37% of companies have adopted programs to deal with data breaches. Most simply lag behind the development of threats, says PwC, defining the problem as “boundless threat.”
About half the 181 Israeli managers surveyed by Deloitte in Israel said they buy cyber solutions from young companies. Clearly there’s a market for their products.
Cyber preparedness is also a national mission, which is being handled by the National Cyber Bureau. Other countries have begun to invest seriously in cyber protection, and they’re going to be investing more as political cybercrime gears up.
Meanwhile, in the house, 53% of internet users fear the theft of their credit card details by a hacker, according to a survey by the young cyber company LogDog, compared to only 21% who fear burglars. Some 65% said they’d experienced some sort of break-in and theft from an online account.
So is there a bubble? Not going by the above evidence. What there is, though, is tangible fear of a genuine and fast-growing threat. Companies and individuals need more and more cyber protection and wider choices of solutions.
It’s true that the bodies behind these studies have a vested interest in the industry, but the findings are consistent, striking and stark.
Minnows in a big ocean
Israel has a unique compendium of knowledge on the subject of cyber – in part from the army, part from Check Point Software Technologies and its subsidiaries, and partly thanks to the genome of Israeli high-tech, which is characterized by innovation and original thinking. In an opinion piece in business paper Globes recently, Netanyahu wrote that Israeli industry has established its firm status in cyber, far beyond the relative size of the Israeli economy.
Cyber companies raise big money these days and exits are commensurately grandiose. Cloud security firm Adallom was sold to Microsoft for $320 million in 2015; Blackberry bought file security startup WatchDox for an estimated $150 million; and Check Point bought Lacoon Mobile Security for $100 million.
Heavy demand doesn’t necessarily mean the supply hasn’t become excessive. That’s exactly the situation in today’s cyber industry, claims managing partner Gadi Tirosh of JVP, one of the liveliest venture capital funds in cyberspace. Every time some new technological aspect arises, like the cloud, new breaches emerge, he says. Then up pop a bunch of companies, each of which can plug one hole, or protect against one specific threat. “I call them feature companies. They have a place, and can be sold to the big international companies for $40 million or $100 million. But nothing big will ever come of companies like that.”
One mistake venture capital funds have made is failing to distinguish between a feature, a product and a company, Tirosh says. From late 2014 to mid-2015, venture capital managers felt stressed to get into cyber, even if they didn’t understand a thing about it; consequently, too much money poured into the industry. “That was mainly in the United States, but it reached Israel too,” says Tirosh. “I think that people who invested in that wave will lose some of their money.”
The Israeli market had 18 cyber exits at that time, totaling $2.1 billion (and averaging $65 million per exit), which is all very nice, but not great in terms of venture capital.
For investment purposes, prices of cyber companies declined after mid-2015, Tirosh notes, which indicates that companies had been overvalued a year ago.
A study by research firm IVC in January found that only 9% of Israeli cyber companies make revenues of more than $10 million a year; 45% generate no revenues at all, while the rest eke out a pitiful living.
How many are profitable? Probably not many, Ber surmises, and that’s not a sustainable situation.
“The big problem is that there aren’t a lot of investors who really understand the field,” says Ber. “When three guys go to an investment meeting and describe what they do, the investor probably won’t understand. So we see a lot of companies that manage to raise money. But what’s going to happen after the hype dies down is consolidation, and a lot of these companies are going to vanish.”
Maybe bubble is a matter of perspective. At the height of the dot-com bubble, Nasdaq was at 4,000 points, says Chen Herzog, head accountant at BDO Ziv Haft. Today, Nasdaq is at 5,000 points. The companies that survived the bubble are worth 10 times as much today.
Herzog, for one, doesn’t think cyber is in bubble territory. It’s the start of a revolution, and the number of devices and uses is going to climb and climb – and so will the threats. Don’t look at the past and fall into the mistake of thinking it’s the same old, same old, he says, because it isn’t.