Why investing in cybersecurity is a costly business

Institutional investors are becoming more keen on investing in cybersecurity companies, but doing so is not easy, in part because it's proving costly to do so.
Why investing in cybersecurity is a costly business

Asset owners are increasingly interested in the investment appeal of cybersecurity companies. But getting into the space now is not an easy proposition.

Asset prices of firms in the sector have soared, at least in the US.

“We are seeing numbers all over the place,” Hank Thomas, co-founder and chief executive for US-based investment firm Strategic Cyber Ventures, told AsianInvestor.

He noted that many companies expect to get a series A valuation of five to seven times their annual revenue, and this sometimes rises to up to 10 times. He believes a reasonable valuation is around five times revenue.

While the US is the primary business focus of many cybersecurity companies, Yeoh believes many firms see the attractiveness of having a partner based in Asia. But interested investors will need to offer more than just capital if they want to gain a foothold in the companies. 

“When these companies are considering potential investors they will look at what we bring to the table; it’s not an issue of money,” said Yeoh Keat Chuan, managing director with Temasek’s enterprise development group, which is invested in several cybersecurity companies. 

The US isn’t the only nation to offer prospective investment opportunities. Israel is another country known for its tech prowess, and Thomas believes it could offer more appeal to investors as a “startup nation”.

“There are thousands and thousands of startups there,” he said. “A big focus of a lot of them for years has been on converting military best practices and technology into commercial applications.”

It’s got another advantage too: it’s relatively cheap. “There is better value coming out of Israel while prices in other regions continue to go up in some instances,” said Thomas. 

Two cybersecurity firms in Temasek’s portfolio – Sygnia and Claroty – are of Israeli origin, while BlueVoyant is based in the US. 


Asia Pacific itself is proving fairly sparse when it comes to potential cyber security investments. Yeoh told AsianInvestor that Temasek hasn’t identified any potential cybersecurity companies in the region to complement its existing platform.

Less than 4% of the top 500 cyber security companies ranked by Cybersecurity Ventures were headquartered in Asia Pacific, and six of those were based in China.

This is somewhat understandable. Both the US and Israel can offer potential investments on a sufficient size and quality for institutional investors. Most Asian cybersecurity companies, in contrast, are likely to focus on small- and medium-sized platforms across the region, said industry specialists. 

“Cyber security is a highly specialised technology-related sector that has had more time to develop in the US and Israel,” said Richard Tan, portfolio specialists for Asia at Mercer. 

The cyber security markets in the US and Israel have also seen more consolidations and investment roll-ups, which means they are better positioned to offer palatable investment opportunities. 

According to private equity deal statistics from alternative data specialist Preqin, cyber security deals in North America accounted for most of the transactions globally as of August 13, while the number taking place in the Asia-Pacific region dipped year-on-year. 

This article was adapted from a feature on asset owners and cyber security, which originally appeared in AsianInvestor's Autumn 2019 edition.

¬ Haymarket Media Limited. All rights reserved.