The Recession Reaper: Reviewing the Viability of Four Types of Cybersecurity Technology
By: Justin Fimlaid
There’s been a ton of chatter in the cybersecurity industry about a looming economic recession. When we hear the word recession, our first reaction tends to be fear, when really, this is a typical trajectory. It’s normal for any economy to expand and contract. A recession is defined as two consecutive periods of negative gross domestic product (GD), and while inconvenient, a healthy recession can realign an ailing economy and get it back on track to grow GDP.
A recession also factors into metrics like the unemployment rate, which is the measure of jobless people actively looking for any kind of paying work. Conversely, it also measures how many people have found work, which indicates whether the economy is shrinking or growing, the latter of which translates to positive GDP. This is a funky method of measurement and I’d encourage you to read more about it, especially concerning labor force composition and how “looking for work” is defined. There’s no doubt COVID-19 threw a wrench into the mechanics of this already complex calculation.
Then there’s my favorite measurement, which is most germane to this article, the Federal Reserve M2 Supply. This is the measure of household cash savings – when it’s high, people have cash to spend or invest; when it’s low, people usually turn to credit. Our cash supplies are still so close to an all-time high that we would need to have a long-term increase in interest rates to effectively shift cash supplies.
In this blog, the real question is about the impact of these conditions on the cybersecurity product market. According to Crunchbase, there are 7,622 cybersecurity companies currently in existence, and that’s a staggeringly high number. Any reasonable person who has been in cybersecurity for five minutes knows that not all of these “mousetraps” will be successful. Not all these companies have the experienced business staff who can successfully take these products to market, and most will never find enough oxygen to evangelize their message in an already crowded cybersecurity space.
As you navigate the cybersecurity market as a consumer, investor, or entrepreneur, there are four types of cybersecurity technology and marketing strategies I want to call out. Most cybersecurity companies fall into one of the following categories, some of whom will be winners or losers based solely on the current economic forecast. Let me explain:
1. Commercial-off-the-Shelf (COTS)
These types of tools, in both software and hardware, include big brand names such as Palo Alto, Zscaler, or Proofpoint. I expect COTS cybersecurity companies to do a little better than their peers in a recession. These technologies are trusted. If you could only buy one and your job depends on it, are you going with the brand name or the no-name solution? Nobody gets fired for buying the big names.
Recently there was negative earnings news about a popular endpoint cybersecurity company whose name rhymes with “loud bike.” Accordingly, industry guidance was to temper future expectations because of market softening and longer sales cycles. It’s not terrible news, but also not completely accurate. As predicted, the end-point market is going to remain crowded, just like it always has been. Any time a new technology comes to market and leapfrogs all the incumbents, those incumbents catch up at a lower price. This is normal market economics and doesn’t directly point to a recession.
My assessment? In the long term, technologies from well-known brands in this category will do fine weathering potential economic shifts.
2. Lipstick Brands
A lipstick brand is a new term I created for this article. After this, I expect it to be defined in the Urban Dictionary as “technology from vendors that take open-source software, put a different gloss or shade on it, then attempt to pass it off as new.” It’s like being gifted the same present you got last year, but this time in blue! The wrapper makes it look new, but it’s the same open-source software you could have download for free. Recession or not, any lipstick brand cybersecurity technology that survives has simply mastered their go-to-market strategy. Of the four types of tooling described here, I’d expect these to perform the worst.
My assessment? Run away!
3. Features
A “features” cybersecurity technology is one that is generally based on a great idea, but fully relies on another technology platform to operate. Said another way, the same idea could already be available as a feature in an existing COTS solution. This is a tough business model that demands perfect timing. If the host platform decides they want the same features and can build them, the “feature” company risks losing market share. The cybersecurity industry is full of this type of solution provider – they look good in the short term, but don’t stand up in the long term. A ton of investment is required to get these features through to a business exit, and I don’t expect all to make it through an economic downtown.
My assessment? Tread carefully and fully understand the market opportunity.
4. Startup Platforms
This technology category is my favorite. These are the offspring of true cybersecurity market innovators – a rare combination of know-how and ingenuity. They usually start small but come with a competent management team that’s familiar with the cybersecurity problems they are solving. These are a little harder to identify at first, but the differentiator is that the technology and the message are able to encourage prospects to pay for a solution. These are the solutions that will drive the evolution and growth of real cybersecurity companies.
My assessment? If you find one of these companies, and do your homework, it could be well worth your time.
Whether you’re a cybersecurity professional seeking work, an entrepreneur looking to get started, or an investor with extra cash, it’s important to understand how these types of technologies pertain to the cybersecurity landscape. An idea can be great, but at the end of the day, people will need to buy the solution, especially when their own finances are getting tight.