In a previous article, we shared an initial analysis of the dynamics of the cyber security startup ecosystem in France. The panorama of startups remains constant, with newly created startups already showing great promise. Others, with already several years of activity to their credit, have continued to grow, to the point that we had to create a new category: scale-ups. However, this ecosystem is facing two major adversities, such as the current health crisis and the resulting slowdown in international trade. We have therefore tried to envisage the necessary evolutions for this startup ecosystem.
The health crisis: an activity slowdown but not a halt
Despite a major health crisis having a major impact, the vast majority of startups remain confident about their future (more than 80% of the startups surveyed). Some client companies have even prioritized their cyber security activities to strengthen their position in this unprecedented context.
Thus, 34% of the startups surveyed stated that they were balanced in terms of business opportunities, with those lost since mid-March having been able to make up for those lost. 21% of them have even seen an increase!
A reassuring figure, to be put into perspective, as more than a third (37%) of them have suffered losses in market share, notably due to investment halt for certain clients. Some still have trouble giving their opinion due to a lack of commercial visibility (8%).
On this last point, the relevance of the sector of activity of these startups to the new challenges brought about by the health crisis is probably related. The majority of those who resist are in fact addressing issues raised by the forced generalization of remote access to information systems: data protection and secure exchanges, monitoring and protection of assets, and access management. The reorientation of their commercial efforts towards resilient sectors, such as healthcare, is probably another factor in these results.
75% of the startups surveyed also took advantage of the period to refocus on R&D or their products marketing.
These figures demonstrate the ability of startups to cope with the crisis, despite the adversity and uncertainty it brings, through their great flexibility and responsiveness capabilities. It also highlights the cybersecurity sector resilience, as it remains a key challenge for companies. Even in this period of economic crisis, they continue to seek ever more relevant and effective solutions to guarantee their security.
A particularly visible slowdown in fund raising
We compare here two fundraising periods on the whole ecosystem (cybersecurity startups and scale-ups): period 2019-2020 (from July 2019 to June 2020) and period 2018-2019 (from July 2018 to June 2019).
The qualitative resilience of the ecosystem noted above masks a more negative situation on fundraising. The 100 million euros raised in cyber security over the period 2019-2020 is far less compared to the more than 260 million euros raised in the previous one, 2018-2019.
However, the 2018-2019 period had been exceptional: 7 radar startups had raised around 10 million euros, 2 were close to 200 million euros alone. Fundraising in previous years had never reached such levels.
2019-2020 has been exceptional as well, but in a very different way. Great fundraisings took place until February: the top 4 was achieved over this period. Unfortunately, the activity was quickly impacted by the health crisis. Several surveys planned between February and April were postponed.
However, a restart was observed in April (Stamus Networks) and interesting fundraisings followed in June (e.g. Didomi, Quarkslab). These results point to a more successful end of the year.
As also foreseen by ACE-Management (please find here the interview), a lag effect of a few months in investments seems to be emerging, rather than a decrease, once again highlighting the dynamism of the cybersecurity market.
Another interesting aspect of the 2019-2020 period is that weaker fundraising is on the rise. 7 startups have raised between 2.5 and 5 million euros compared to only 3 in the previous period. Is this a potential indicator of the growing willingness of startups to raise funds early in order to accelerate their development? Or perhaps we are witnessing the preparation of the next generations of scale-ups? In any case, it is a very positive sign for ecosystem dynamic.
Given the exceptional characteristics of the two periods, it sounds difficult to draw a definitive analysis. We hope to see you next year, as it will be necessary to put those findings in perspective.
Developments needed in all facets of the ecosystem to ensure its success
Clients: take the risk of going beyond POCs
Clients also have a key role to play in the development of French startups.
In this respect, we see that companies increasingly trust French startups and support them while testing them: 70% of them carry out “Proof of Concepts” financed by their clients against 67% last year. An increase that we can only welcome, as these investments allow French gems to develop faster.
However, to continue to support this ecosystem development, it is also necessary to accept the risk of transforming the trial by contracting with the solutions tested. This year, companies are finding it harder to do this quickly: 30% of them may take more than six months to sign a contract after a POC, compared with 25% in 2019. The health crisis may partly explain this situation.
Working with a startup can certainly be risky, but it is also a gamble on the future. They can provide solutions to problems to which the “traditional” market has not provided answers for many years, enable you to remain at the cutting edge, or even provide greater support for business innovation (e.g. by securing new uses), and ultimately provide major differentiators. Some countries are keen to take this type of risk, and this is less the case in France, but nothing is stopping us from transforming ourselves.
Startups: know how to identify the next gems from your clients!
Even if it seems trivial, it is important to remember how crucial for a startup to position itself on issues that have few or no satisfactory answers on the “classic” market.
To do so, it is essential for startups to be attentive to the needs of their future clients and to position themselves on their crucial issues.
The identification should not only be technological but should also take into account criteria such as the difficulty of integrating the technology into the client’s information system, the existence of established competition or the willingness of the main principals to invest in a new technology. It is the combination of these criteria that makes it possible to identify the topics that will be the most successful on the market!
Products that require the installation of elements on many IS equipments (e.g. a new security agent on workstations) are particularly difficult to “sell” to large companies that are already equipped. More passive approaches are more attractive to them. This can be done even more easily for still rapidly evolving themes such as surveillance or analysis of IS logs.
Competition from large, well-established players can be difficult for a start-up to overcome. This is the case in the EDR market, for example, where strong differentiating arguments will be necessary to break through against major players that are already recognized. Conversely, themes such as cyber-resilience and cryptography, for example, remain under-addressed in relation to market expectations, and would therefore be easier to break through from this point of view.
Finally, the investment willingness of the principals should also be considered. Regarding cryptography, for instance, the arrival of quantum computers is still too far away for it to be part of their imminent concerns, as the horizon in the private sector is certainly around 2023/2024. Data anonymization, while keeping anonymized databases consistency (synthetic data), Data Leakage Prevention or Passwordless are also major concerns for companies, which still do not have satisfactory answers on the market. The rationalization of CISO tools, which are currently more in search of optimization than investment in nth security solutions, is a topic that will be much more considered in the short term.
Startups: don’t forget to take advantage of financing and support opportunities!
This year, another 32% of the startups surveyed do not plan to raise funds, and more than half of them have never been supported in their development.
Financing and support are nevertheless interesting accelerators, even more in the extremely fast cybersecurity market, where speed of market conquest is a crucial asset.
This lack of willingness to accelerators, which has been observed for several years, can partly be explained by a historical lack of specialized cybersecurity structures in France, making it more complex for startups to exchange information and to make the most of them.
However, the situation has improved and the consideration of cybersecurity at the national level is particularly accelerating this year:
- The State is mobilizing funds for innovation, particularly in the cybersecurity sector, for which the economic recovery plan provides at least 136 million euros;
- A major challenge dedicated to cybersecurity has been launched, the publication of its roadmap in July this year was followed by a call for projects from BPI France with investments of several tens of millions of euros;
- The French fund Brienne III, officially launched in June 2019 with a first round of financing at 80 million euros and managed by ACE-Management, specializes in cybersecurity. Other investors do not hesitate today to finance initiatives in this field.
So many opportunities to be used for the startups in the ecosystem, and it would be a shame to do without it today. Current events highlight even more the fact that now is the right time to turn to these accelerators, as cybersecurity appears to be an essential part of the “new world”, where teleworking will remain a long-term phenomenon.
Ecosystem: let’s catalyze and amplify these promising initiatives!
As we have seen, initiatives for the development of cybersecurity are springing up: the State is mobilizing (cyberdefense factory, grand défi, sector contract, cyber campus…), investors and incubators are also launching private initiatives.
The state is opening up widely thanks to these initiatives and is adopting an increasingly innovative stance. We hope that this will encourage employees of concerned entities to embark on the entrepreneurial adventure. Indeed, our cyber state actors have unparalleled visibility of the threat and use tools or approaches that would be beneficial to offer to the private sector in the short or medium term. The creation of spin-offs is still too small in France compared to other countries, such as Israel and the United States, where state entities are among the first providers of startuppers.
The challenge now will be to make the most of this diversity of potential energizers of the French cyber ecosystem. The risk would be that these means of supporting the market would compete and disperse, operating in silos, to the point of causing confusion and “blurring” the messages to the players in the ecosystem.
And that would be really damaging. We are at the dawn of a pivotal year for our ecosystem: all the components seem to come together to achieve its transformation and allow it to scale up. The question now seems to be: will we collectively succeed in making this movement a reality? Because in order to do this, it seems essential to us to join forces in presence, to catalyze them towards this common goal. A role that the cyber campus could play?
And that would be really damaging. We are at the dawn of a pivotal year for our ecosystem: all the components seem to be coming together to achieve its transformation and allow it to scale up. The question now seems to be: will we collectively succeed in making this movement a reality? In order to do so, it seems essential to join forces and to catalyze them towards this common goal. Is it a role that the Cyber Campus could play?
2021: the year of fulfillment?
Despite the impacts of the global health crisis, cybersecurity remains a resilient sector, as the ecosystem of French startups in this field has also demonstrated. Their development projects are sometimes delayed, but they remain confident about their future despite the challenges they have faced and will continue to face.
In this context, it remains essential to continue to support the ecosystem development. Many specialized support services are being created, and 2021 will be a pivotal year for the transformation of our ecosystem and for raising it to an international level.