AAA Security provides the platform

Security provides the platform

An entrepreneur has traditionally had fairly simple needs. She wanted capital, customers, help with product or service development, hiring people and, eventually, an exit.

These are rarely easy to achieve, which is why corporate venturers have been so much in demand by the smartest startups. When done well, CVCs can deliver on their promise of more than fungible capital.

But, increasingly, a sixth want is emerging. Security. Whether to tackle an increasingly fraught geopolitical landscape with regulators part of the battle or to fend off state-sponsored or mercenary ransomware, often paid in cryptocurrencies, and malicious attacks, few startups have the experience or resources to tackle governments and black hat cyber attackers.

It was fascinating, therefore, to attend the invite-only Global Cyber Innovation Summit in Baltimore last month courtesy of Bob Ackerman at venture capital firm AllegisCyber Capital and startup incubator Datatribes.

The discussions at the summit by the chief information and security officers (CISO) and government agencies were held under Chatham House rule to encourage openness. A main topic when considering the topic is how to encourage sharing of information between governments and corporations in order to facilitate response and defence against cyber attacks.

Cyber deterrence – a penetrative attack against infrastructure or business by another country leading to declaration of war and reciprocal attacks – has broadly held so far this year after the invasion of Ukraine but as one expert said: “What comes after? A single, global internet and supply chain? I am not sure this is the world we now live in.”

In this world, corporate venturing adds potentially a complication. If the goal of CISOs and governments is to shift the advantage from offensive to defensive – “where to defeat one of us, you have to defeat all of us” – then bringing in lots of portfolio companies or nascent deals as potential suppliers or partners carries risk.

CISOs are sometimes part of the investment committee or asked on deals if within the cyber security world. Given, however, intellectual property theft and cyber losses are now put at about $6trn per year, according to one expert, then it is crippling to a business and country to lose this money while spending increasing amounts on defence.

Cyber security costs have risen four-fold in four years to about $400bn and was expected to increase to $1trn in the next four.

CVCs, therefore, need to ask how their tip of the spear investments and activity contributes to the defence as well as avoid obvious points of weakness caused by people with “concurrent jobs”, ie those being paid to work at a corporation while acting as a spy for another country or company.

Large private equity firms, such as Thoma Bravo, TPG and Insight, are spending tens of billions of dollars to build a cyber security stack similar to efforts by large tech companies, such as Microsoft, Intel and Alphabet, or infrastructure businesses, whether banks or utilities, to protect their customers and products. Last month, Fortress Information Security,  a US-based supply chain cybersecurity provider for critical infrastructure industries backed by American Electric Power utility, raised $125m, while cybersecurity company Securonix raised additional funding from Capital One Ventures, Snowflake Ventures, Verizon Ventures and Wipro Ventures as part of a previous round of more than $1bn.

These companies clearly see cybersecurity as part of their remit to build a stronger platform and invest in large numbers of deals as part of the thesis to support a stronger ecosystem around their products and services.

The thesis has been put on steroids by the crypto and blockchain/web3 companies.

Since the beginning of 2021, about half of all crypto VC deals included participation by a fellow crypto company, amounting to more than 1,300 deals, according to PitchBook data.
Animoca Brands has made more than 150 investments and backed many of crypto’s biggest names, including OpenSeaDapper Labs and Sky Mavis, with a distributed approach to dealmaking. The company has an investment team, but deals can also be agreed by members of the product team, Pitchbook said.

It added: “Coinbase, arguably the godfather of crypto CVC, has made investments in competitors BlockFi and FTX. Coinbase’s venture portfolio, which cost $352m, could be worth about $6.6bn, according to Oppenheimer analyst Owen Lau.

About 20% of Coinbase’s capital is reserved for strategic investment, and it primarily invests in seed- and early-stage rounds….

Even more norm-altering was Coinbase’s decision to launch an NFT [non-fungible token] marketplace after it had invested in OpenSea, the leading NFT marketplace. And OpenSea has paid Coinbase’s favour forward by investing in Formfunction, yet another NFT marketplace.

Pitchbook made the observation that “the ride together, die together approach of crypto CVCs fits the sector’s collectivist culture.

The blockchain experiment is still proving that it is not merely a solution in search of a problem, that decentralized tech will fulfill needs in ways that powerful platforms have failed. Coopetition may be the way to meet that challenge….

Crypto startups may simply be borrowing from the coopetition approach that gave the garage entrepreneurs of early Silicon Valley an advantage over tech conglomerates. They are just taking it up a notch, playing the role of both founder and funder.

Innovation has always prized speed and iteration with venture capital proving a great model to test and reward success while cutting losses on ideas that fail to scale. The question now is whether the model can also cope with security.

By James Mawson

James Mawson is founder and chief executive of Global Venturing.