In recent years, several Israeli cyber-security companies have made the transition into becoming market leaders by going public on NASDAQ, including such world renowned firms as Check Point, CyberArk, Imperva, and Varonis.
At Jerusalem Venture Partners, we see some 90% of the startups in the local cyber-security space and have invested in 15 of them. Of the hundreds of cyber-security startups that have been established, only a small portion will have the capability to build strong enough go-to-market strategies and predictable performance to warrant a move on the public markets.
But for those entrepreneurs who are convinced they can be market-leaders by taking their company public, there are several things they should be thinking about right now, even at the beginning stages of their journey.
1. Vision. An IPO should not be looked at as a one-time event but rather as the beginning of a long-term relationship with the markets. Strategically speaking, a company should only go public if it has confidence it will continue to grow and can predict both short-term and mid-term results. Companies must have the long-term vision to develop a target market that is even broader than the one it serves today. If you don’t have long-term broader vision, then a short-term exit may be a wiser strategy.
2. Build a big toolbox. Many cyber startups are based on talent that has been exposed to specific offensive measures and has come up with a very specific means of protection for that attack vector. This often yields a company whose toolbox is too narrow to build a large market leader. Lesson: Be broad in your defensive scope in order to guarantee that you provide protection not just from current strikes but also from new forms of attack in the future.
3. Integration. Enterprises are very limited in their ability to adopt and integrate solutions from multiple vendors and specifically from startups. To gain market traction and grow your solution, it must be extremely easy to integrate with incumbent systems. Otherwise you won’t be able to gain wide enough traction and enjoy “viral”-type adoption. This, of course, will be instrumental in the quest to build a market leader.
4. Defend across industries. Many startups focus on resolving the cyber problems of a particular vertical, such as industrial control systems, automotive, or IoT. This approach helps focus R&D efforts but often limits a company’s ability to access a wide range of customers, forcing it to rely on existing large players in respective markets as the entire market channel. If you do develop your cyber shields for a specific industry, consider other verticals in your R&D strategy that may gain from similar protective technology.
Similarly, companies that focus on defending vulnerabilities in a known system may also be limiting their potential for future growth. Yes, if the vulnerability is significant enough, the enterprise in question might end up acquiring your company (see some recent acquisitions of Israeli startups straight out of stealth mode by large IT vendors). If a quick exit is your goal, that strategy is fine, but it won’t necessarily get you to Wall Street.
5. Design partners. Convincing a large partner to purchase your cyber solution can be an uphill battle, especially for a small startup. As an interim step, it may be wise to find a design partner that can serve as a beta testing ground for your product. Some of the world’s leading financial institutions such as Citi and Barclays have opened accelerators and innovation centers in Israel that allow them to experiment with innovative startup technologies, offering real-world input regarding functionality and demand. Partnering with one of these players as early as possible can help guarantee market suitability and future success.
6. Compliance. Of the few companies that do navigate the great chasm between choosing an early exit and going public, the ones destined for IPO will have to meet stringent SEC regulatory and reporting requirements. You should conceptualize and plan your reporting frameworks as early as possible in order to make the process smoother and more efficient moving forward. Remember, it’s a process that might take years to adopt, so best to start early — at times it’s easier to apply such processes while you’re still small.
7. Profitability. Up until not too long ago, growth was the only goddess both public and private investors worshiped. With recent changes in the markets, profitability became a gating factor for enjoying top quartile multiples, as a recent report by BMO (December, 2015) indicates. Remember, achieving profitability alleviates the need for continuous fundraising and allows management to focus on business while building a healthier company.
As the ferocity, scope, and sophistication of cyber-attacks continue to grow, so must our capacity to defend our critical assets. Big problems demand big companies with innovative solutions and the resources and vision to meet the cyber challenges of the future. Hopefully, the lessons above can help you at one of the many junctions faced by a company that strives to be one of them.