As 2022 comes to a close at the end of the year, NightDragon has been gathering perspectives from across our community to reflect on the past year and share what trends and new innovations we expect to see in the year to come in the cybersecurity, safety, security and privacy (CSSP) sectors.
Over the past two weeks, we have shared perspectives from our NightDragon portfolio CEOs, including leaders making strong innovations in cybersecurity, emergency safety systems and satellite technology, and members of our Advisor Council of top industry leaders in their respective fields. What’s clear across all of these perspectives is that the relevance of CSSP is greater than ever as risk continues to rise, and new innovation is needed to close the gap between offense and defense.
In this final iteration of a four-part blog series, NightDragon turned to our team for insights on what trends in business and technology they are watching in 2023 and beyond. Here’s what they had to say:
Morgan Kyauk, Managing Director, NightDragon –
The past few years saw a rapid acceleration of digitization due to the COVID pandemic, forcing organizations to quickly adapt to flexible, remote, and hybrid work environments. While cybersecurity companies certainly benefited from the expanding attack surface that this digitization caused (as well as the accelerated spend), macro uncertainty, cost pressures, vendor fragmentation, and the return to normalcy will force organizations to think strategically about their cybersecurity investments – with automation becoming a core tenet of that strategy. While automation within the cybersecurity industry is nothing new, the industry continues to be plagued with a significant shortage of talent, highly manual processes, and false positives. Going forward, automation will become a more critical requirement, taking the form of platform consolidation, smart integrations, open ecosystems, and machine learning technologies to help deliver the promise of automation across the entire cybersecurity stack. Companies that enable true automation in helping organizations prepare, assess, detect, and respond to cyberthreats will benefit in 2023.
Amy De Salvatore, Partner, Business Development & Platform, NightDragon – The New Innovators
There was a time in my career when I avoided the channel. Perceived as dated, in both mindset and operations, I viewed two-tier distribution partners as clunky, low value, and not worth the margin, so I instead deliberately invested in strategic alliance partnerships and one-off incentive agreements that would produce higher value outcomes. This bias may have had a sliver of truth to it for a time, but from where I sit now, I cringe to admit this misguided approach.
In case you missed it, the biggest innovators in cybersecurity today, and some of the biggest investors, are the traditional channel partners. These organizations are researching, monitoring and investing in new innovative technologies at a clip that far outpaces some venture firms. At NightDragon, we rely on organizations like Exclusive Networks to know what’s hot in European markets, Carahsoft for insights into Federal market trends, Ingram for views on cool technology solutions resonating in North America and Macnica for expertise on the next-generation cyber leaders in Japan. These organizations have recently developed emerging technology and innovation programs with the sole purpose of finding ‘the next big thing in cyber’. With resources and onboarding tracks dedicated to nurturing startups to become next generation industry leaders, these programs help companies scale in new markets and provide high-value support services that make that nominal margin I avoided the majority of my career the best dollar ever spent.
So if you find yourself dismissing distribution partners as workhorses of a previous generation, think again. VADs are the new innovators and many of the VARs are following suit. With revenues of $60B+ in some cases and a determined spirit to lead innovation in cyber, it could be you they’re looking at in the rearview mirror.
Katherine Gronberg, Head of Government Services, NightDragon –
In 2023, we will see the impacts of early cybersecurity actions taken by the Biden Administration that are creating new or enhanced market opportunities for companies that can help federal or commercial enterprises address key areas of cybersecurity.
Section 4 of the May 2021 Executive Order on Improving the Nation’s Cybersecurity First provides an example. It contained multiple provisions relating to software supply chain security that are fundamentally changing the way the software industry creates and delivers software and services. Specifically, Section 4 created a definition of “critical software,” defined and established requirements for software bill of materials (SBOMs) and created requirements for how companies must implement, and then attest to their implementation of, secure software development lifecycle practices. Although these currently only apply to federal agencies, the directives set forth in the EO will likely, over time, become the de facto standard for private industry, not least because they will be developed by and with the National Institute of Standards and Technology. NightDragon is seeing promising technologies ready to help enterprises meet new or augmented requirements of Section 4 the EO.
In a similar vein, 2023 will see groundswell behind technologies that can help federal agencies comply with the Office of Management and Budget’s (OMB) January 2022 Memorandum on Zero Trust. This memo set forth a federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024. Demand for Secure Service Edge (SSE) capabilities, for example, has surged because such technologies provide connectivity to web applications based on zero trust principles, and even help apply ZT to legacy IT infrastructure. Similar directives in other areas such as cloud adoption, log management, and asset visibility and vulnerability management keep demand high for products that solve these challenges and continue to drive innovation in these categories of cybersecurity.
In 2023, the Biden Administration will unveil its National Cybersecurity Strategy. It has been reported that this strategy will be more demanding of industry, especially companies designated as critical infrastructure, to take action to secure their digital infrastructure. If this proves to be the case, this will create incentives for companies to adopt certain types of cybersecurity technologies, creating further market momentum.
Thanks to the unprecedented level of activity of the current Administration relating to cybersecurity, NightDragon companies will be busy helping enterprises remain secure and resilient in a rapidly-changing requirements landscape.
Hannah Huffman, Senior Associate, NightDragon –
VC-backed startups that are well-funded and market leaders will likely increase their M&A activity of other venture-backed startups in 2023. As capital becomes harder to secure and cash runways become shorter, VC-backed startups will turn to M&A to extend their runway and/or scale their business with larger, more established competitors. While M&A activity is often driven by private equity or public companies, we may see more private, VC-backed companies engage in M&A as they look to expand internationally, add new products, acquire key IP or talent, or acquire customers. An example of this is DevSecOps market leader Snyk, which recently announced plans to pursue aggressive M&A over the next year to broaden their platform following a $196M Series G raise. As a result, smaller DevSecOps competitors who want to extend runway, will be prime acquisition targets for Snyk. I expect more “Snyk-like” strategies over the next year resulting in an increase of startup-to-startup M&A.
This blog is the fourth and final in a series of end of year blogs regarding the state of the market and what to expect in 2023 and beyond. Read our previous blogs with insights from our portfolio companies here and here and our Advisors here.
To learn more about the state of cybersecurity, register for our second annual NightVision State of Cybersecurity event on January 3. The event will feature top leaders in government, go-to-market, analysts, CISOs, venture capital and more to talk about market trends and the state of the industry. Learn more and register here.