Every year, Wavestone conducts an in-depth analysis of the ecosystem of French cybersecurity startups. In this context, our team has organized an interview with the private equity firm ACE Management and represented by Quentin BESNARD and François LAVASTE. Find the complete analysis here.
Cybersecurity fundraising are slowing down in the 2019-2020 fiscal year (from June 2019 to June 2020), how can this be explained?
There was indeed a sharp drop in the amounts raised by tech start-ups in France in March/April 2020. This is even more flagrant in comparison with the previous fiscal year, 2018-2019, which was particularly exceptional for the cybersecurity ecosystem (around €300 million raised, with great fundraisings, such as Vade Secure and Dashlane).
2019-2020 is, in our opinion, an extraordinary year in many ways:
- Significant fundraising was carried out at the end of 2019 and early 2020: 33 million euros for CybelAngel, great fundraising also for Trust-in-Soft, Egerie, Dust Mobile and Quarkslab that we were able to support;
- Those planned for the first half of 2020 were quickly impacted by the health crisis: several planned between February and April were postponed.
Nevertheless, a restart of fundraisings was initiated in mid-April at a steady pace, and we decided at the beginning of the year to invest in four new companies (three in France, one in Europe). Thus, even if the health crisis has led to a short-term slowdown, the end of 2020 should bring new fundraisings, and potentially reverse the trend, particularly in the field of cybersecurity, which is still growing despite the Covid-19 crisis.
Some start-ups decide not to raise any funds. What do you think about this?
It is possible to create an “organic” self-financing business, especially in the service industry, but its development will be much slower.
However, in the cybersecurity market, velocity seems to be essential for a startup: an innovative idea at a given moment can very quickly become obsolete and miss its chance on the market. We believe that fundraising is an essential step for a company with a software/SaaS offer in cybersecurity that wants to reach the critical size to be a leader in a market that is by nature very international.
From our point of view, the particularly technical topic that is cybersecurity requires a specialized fund with cybersecurity knowledge and therefore able to understand the issues, the technology, the market, to make the right investment choices and to be relevant in supporting companies. This makes ACE Management positioning even more relevant (for entrepreneurs) and differentiating on the market (for investors in our funds).
On that topic, it is also important to note that if Brienne III is today the only fund specialized in cybersecurity in France, there are similar funds in other European countries, such as Germany, and the Netherlands, which are natural partners for us.
All investors have their own magic recipe for identifying gems to invest in, would you share some of yours with us?
Concerning the Brienne III fund, we are targeting startups that have already reached a certain maturity level and are looking to raise significant amounts of capital (at least €5 million, rather Series A or B).
Without revealing the whole recipe, here are some of the key elements we are looking for:
- Ambitious management, knowing how to surround themselves with the right skills for the development of their structure;
- A technically solid value proposition, potentially resulting from R&D funding from large groups or research laboratories;
- In adequacy with the needs of the market, answering a recurring unaddressed problem or protection issues highlighted by recent attacks.
Speaking of market needs, what do you see as the next trends in cybersecurity?
Our discussions with several CISO during the health crisis and our analyses of the market and current events lead us to identify the following:
- Workstations security is back in the spotlight, especially with the generalization of remote access;
- Third party management in a more fluid way while remaining secure and limiting their access;
- Sovereignty questions are more important, but, barring regulatory constraints, should not remain the main selection criterion;
- It also seems to us that the trend towards using the SaaS (Software As A Service) model for security solutions has been passed for a certain number of structures, which are more mature on Cloud models, and have a much lower grasp of them. An element to keep in mind for our start-ups!
About Brienne III and ACE Management:
In June 2019, with an initial closing of 80 million euros, ACE Management launched the Brienne III fund, the first French investment fund dedicated to the financing of innovative cybersecurity companies and the largest in continental Europe. The initial subscribers to this fund are Tikehau Capital (a shareholder of ACE Management), Bpifrance, EDF, Naval Group, Sopra Steria and the Nouvelle Aquitaine region. Other strategic investors and institutions wishing to support the emergence of cyber defense solutions are in advanced discussions with ACE Management to participate in the second closing.
ACE Management, a Tikehau Capital Company, is a private equity firm specializing in the industrial and technology sectors, with €1 billion in assets under management. Founded in 2000, ACE Management invests through sector strategies, such as strategic industries, cybersecurity and trusted technologies. ACE Management has built its model on partnerships with major groups investing in its funds (notably Airbus, Safran, EDF).