According to Gartner, global spending on information security reached $ 76.9 billion in 2015. As the frequency and severity of hacking attacks are deepening, cybersecurity spending is projected to reach $ 170 billion in 2020 and more than double in five years. VC investments in cybersecurity startups are also on the rise (up 40% each year over the past five years) and will hit the highest level so far in 2015 at around $ 3.5 billion. But when we look at investing in cybersecurity in all portfolios, we find that figure shows that investors are far more cool in this area because it is less than 7% of all venture capital. Taking into account the ongoing hacking events and media attention, investment in the field of network security is not a little less? Today, let the gold medalist and everyone together to explore the current status of the network and future projections. First, the conservative investor's point of view 1. Cybersecurity three exit price range There is no doubt that more investors are most concerned about the exit and return. There are few unicorns in cybersecurity and exits tend to fall into three price ranges: $ 50 million, $ 200 million, and $ 500 million. Cybersecurity is more capital efficient and takes longer to exit than other verticals. Cross-platform secondary verification Authy melted $ 3.8 million and was eventually acquired by Twilio; another, less-than-$ 2 million security company, Toopher, acquired by Salesforce in April 2015; acquired by Accel Aorato, an Israeli digital security company, was acquired by Microsoft for $ 200 million and earlier received less than $ 15 million in investment. The smaller-scale exit, mostly in three years. The third exit appeared above $ 500 million and OpenDNS was acquired by Cisco in 2015 for $ 635 million. According to informed sources, the average return on investment (ARR) over 60 million US dollars, but the calculation from the beginning to the end but it took more than 10 years, but also make people feel a little frustrated. Lancope, a security vendor founded in 2000, was also acquired by Cisco for $ 435 million in 2015, taking 14 years to get out. While occasional IPOs such as FireEye (2014) or Palo Alto Networks (2012) may be exciting, they are no exception. 2. They are not unicorns, more like undead small strong Many cyber-security startups are not unicorns, but more like cockroaches, which rarely die. In tough times, they can switch to a simple / consultant mode. Like cockroaches, they survive the long winter, and security companies are highly capital efficient. A $ 40 million break-even is a classic rule in this area, which gives them a survival advantage. However, "greedy" investors are looking for "growth advantage." They are growing too slowly Cybersecurity companies are growing slowly, with FireEye ($ 6.5 billion in market capitalization) taking more than 10 years from its inception to its IPO and Palo Alto Networks ($ 11.6 billion in market capitalization) slightly faster for seven years. So there is no Uber in the cybersecurity world in terms of growth rate and rapid value creation. In recent years, we saw that many venture capitalists favored companies that, in less than three years, had a market capitalization of $ 1 billion in unicorns, so people began to set the standards of startup companies higher and higher, hoping Grow faster and faster! If cybersecurity entrepreneurs can not grow at such rates, investors will not overwhelm them, and the corresponding investment will stagnate, at least less than 10% of the portfolio. One of Silicon Valley's top investors, which last melded into more than $ 500 million, has said publicly that cybersecurity is cool but the returns are too fragmented and below average, and the combination of low returns and long exit periods is much greater Dissipated the enthusiasm of investors. Second, the network security budget is increasing, the exit mechanism is changing Many entrepreneurs, the network security budget is still stuck in the same old thinking, which makes people wonder. Common sense, security spending should account for nearly 10% of the entire IT spending. At a macro level, McKinsey's experts said in a book about cybersecurity that the total global IT spending is approaching $ 2 trillion. But the reality is cruel, and the actual security spending we see is still less than 100 billion U.S. dollars. Of course, this spending can easily break, such as: it needs only a hacker attack, immediate! Some companies will have a 300% increase in budget, which has been confirmed by cybersecurity experts. Asheem Chandna, a partner at Greylock Partners, a board member of Palo Alto Networks, Skyhigh Networks and other industry-leading cybersecurity companies, notes that security budgets for business are on the rise, which is good for cybersecurity startups. Some buyers are also aware of this, and Dharmesh Thakker of Battery Ventures, which dominates investments in Cloudera and Mango DB, said many of the previous generation security firms were not able to react quickly to technology changes such as: Symantec and HP are experiencing The painful structural reforms, their in-house ability to innovate, and their ability to make new products are greatly constrained, giving startup companies many opportunities. Bob Ackerman, founder of Allegis Capital, has been investing in cybersecurity for more than 15 years. He pointed out that for network security entrepreneurs, there is no better time than it is now. Although the fundamentals have not changed, the exit mechanism may have changed. Third, new buyers are emerging - operating system layer and operators 1. Old players are suffering from reduced profits When it comes to the withdrawal of cybersecurity, most investors are worried about it. The traditional path of IPO or mergers and acquisitions are usually narrow and limited, the IPO window by many market conditions. Successful companies like Symantec and HP are hesitating to adapt to new market conditions and new entrants will benefit. In the past three years, Symantec lost two CEOs, its profitability is also declining. Symantec's $ 900 million annual security business will soon be separated from its storage division, which sells $ 1 billion worth of security software and services each year, but its profits are rapidly declining. Knowledgeable investors saw the development prospects, so there are many new entrants in the market. 2. Operating system layer and operators to become new players The responsibility for security is shifting away from new players: OS Layers and carriers. At the operating system level, companies like Microsoft, Intel and Google continue to pour capital into the security arena. Google is one of the largest mergers and acquisitions of cyber-security startups. As data centers and cloud service providers increase, new buyers are emerging. Operators have been bored with commodity trading, while viewing security as a chance to gain users' trust and upsell cloud computing services. Earlier this year, SingTel announced a $ 810 million acquisition of network security firm Trustwave, which covers three major areas - threat management, vulnerability management and compliance management. Trustwave's focused Management Security Services (MSS) is a $ 15 billion market that is growing at 2-digit rates. Gartner expects the market for enterprise technology outsourcing and consulting services for security services to come together to reach 47 billion U.S. dollars in 2019. Large security service providers such as IBM, Dell and AT & T are seeing a CAGR of more than 10% a year, with small and mid-sized service providers growing at over 100% a year. This is good for operators, who are eager to compete away from product data. Verizon, AT & T (US), British Telecom (UK), Orange (France) and NTT (Japan) are stepping up efforts to invest in cyber security services. As businesses migrate to the cloud, they plan to shift their security burden to security service providers. When asked how cloud security should be managed, 34% said they would seek the help of a Security Management Service Provider (MSSP). Start-ups should seize the opportunity to emphasize the security management service strategy in the services they provide, and the combination with security management services proves to be a valuable exit. Fourth, the challenges of 2016 1. From CISOs purchasing decision-making voice This is an era of chief information security officer (CISO) headaches. As the ever-increasing number of hacking attacks, the life of the chief information security officer begins to get more chaotic, and more and more security companies are annoying them. "I was struggling between the board and the suppliers. Every day my LinkedIn receives hundreds of requests from suppliers, and I was overwhelmed by the FUD marketing of my company's security products," said a CISO. tips FUD originally meant that IBM salespeople infused negative stereotypes about Amdahl and other competing companies' products into their customers by injecting doubts and fears into the customer's mind and then what they might believe when they said something. FUD is now a commonly used technique outside of the computer world, especially politicians. For example, political rivals can use the FUD on a topic to drive public opinion so as to create favorable conditions for themselves or push the opponent into a difficult situation. On the other hand, the adversary will also mean the other party intends to use FUD to confuse the audiovisual and thus gain profit. FUD is the abbreviation of Fear, Uncertainty and Doubt. It is one of the competitive means used by industry monopoly giants to deal with competitors than their weaker counterparts. By directly scaring rivals and companies dare to cooperate with rivals, while using all kinds of means to shake the confidence of competitors, customers first shaken, and then doubt the psychology, thus squeezing out the quality and technology superior to their products, it is difficult to effectively form Market forces to ensure exclusive monopoly. There are over 50 major security service providers on the market today, and the numbers are still on the rise. Every year over 200 new cybersecurity start-ups are set up to compete for the attention and budget of CISOs, often selling FUD strategies. But in fact many CISOs are looking to use data and probability trees to talk, using their sincerity and wisdom to gain long-term trust from their users, rather than just pursuing short-term sales growth. For example, if they are in trouble, can they trust you enough to call you at night? They want a complete solution, built by security experts and integrated into their current systems. Although all products claim to be strong and trustworthy, CISOs need more solutions like IBM's that can be implemented in conference rooms, after all their work is online. This is not a small challenge for start-ups seeking to grow rapidly. Who will be the adopter of your original product? In general, most mature CISOs will certainly not be adopted, it is not worth criticizing, you will be replaced by stability as the biggest demand. So Adam Ely, co-founder of BlueBox Security (A16Z Investment), said: "When we started the company, we worked closely with the CISO who are innovative and entrepreneurial and we know that such a CISO is what we do as a security startup The key customer. " So, the bigger problem facing cybersecurity entrepreneurs is not technology innovation, but how to be a trusted partner. 2. Try to buy again to become the mainstream symbol