Why Cyber Strategy IS Company Strategy & A Generational Market Opportunity

2020 was a hell of a year. When future generations learn about 2020, the pandemic, social tension, and political unrest will take up most of the oxygen. But for those learning about the history of cyber security, the year 2020 and a mid-size company from Austin, Texas — Solar Winds — will take center stage. Malicious code in one update of a trusted software provider was the trojan horse to access petabytes of private data across 18k organizations (and counting), including Fortune 500s and government entities.

Why will Solar Winds be so generationally important, and why am I talking about it? Because the impact of the hack is too large (and growing) and the mounting losses too substantial that every business leader must acknowledge what many in cyber security have been saying — moving forward, cyber strategy IS company strategy. It is not an audit, but an important part of C-Suite strategies and best practices ranging from employee onboarding to day-to-day, mundane coding.

While some may say these threats are evolutionary and have been happening quietly for years, it is now a mass market topic covered everywhere. It is impossible to put one’s head in the sand.

Just as many of us will use Covid as a reference point in time, I believe we will come to view cyber security before SolarWinds (BSW) and after SolarWinds (ASW). I’ve been thinking about this for a while, but it is more clear than ever that we will see cyber go on a tear this next decade. Forecasts suggest $100B of new market value by 2025 alone, putting total market size at close to $280B but I think this figure is conservative. Cyber is — and will be — a massive business. We’ll see the cyber category go beyond preventing hacks and defensive posturing to playing a more nuanced and integral role in organizations, showing up proactively across all functions and hidden within developer tools.

Over the next several weeks, I’ll share some of what I see driving accelerated change in the cyber security market and hypothesize about the types of people and companies I believe will be the next great bets (read: you and yours?!). Cyber is now part of a broader IT, devops or data value proposition.

The Four Factors Reshaping Security

Several factors are influencing the growth of the cyber market, but there are four drivers related to infrastructure, processes, and organizational structures that stand out in my mind. I’ll go into each of these in depth in coming posts but briefly they are:

Rise of the Multi-Cloud — 93% of enterprises intend to use a multi-cloud strategy, but cyber security tools aren’t built for the cloud first world.

Data Explosion — The proliferation of data makes it impossible to monitor everything, so we need solutions to pull the signal from the noise.

Integrating DevOps & Security — DevSecOps isn’t new, but it’s still not a reality. We need tools and processes that account for the multiple stakeholders to make the shared responsibility of security a reality.

CISO in the C-Suite — Covid has elevated CISOs into a critical role for overall company strategy. Operating WFH requires a security first approach, and this isn’t going away. Even further the CISO and the CIO/Head of Cloud are working in lockstep as true partners.

These drivers will cause entire cyber categories to be rebuilt in massive value-creation ways beyond just bringing on prem spend into the cloud world, but by changing the way we work across teams and the way we build in a cloud-native ecosystem. In future posts I’ll share some of my current investment theses and make my pitch for why Southern California is becoming a hub to many of the next cloud-native cyber unicorns.

It’s not hyperbole to say that I believe this is the largest market opportunity I’ve encountered in my decade-plus as an investor, one with society-wide implications. I’ve been working with my colleague Spencer Calvert on this topic and over the next several weeks, I’ll share blog posts diving into each of these areas in detail — starting tomorrow with The Rise of Multi-Cloud.