In this issue of SaaS Talk, Golub Capital Vice President James Bishop speaks with Morgan Kyauk, Partner at NightDragon, who discusses how the NightDragon team leverages its operating experience to invest in cybersecurity, safety, security and privacy companies and how the security landscape has evolved over time.
The NightDragon team includes a unique combination of experiences leading enterprise and government organizations, as well as a vast network of strategic relationships within the cybersecurity, safety, security and privacy industry. We have lived through the ups and downs of taking a company from $100 million to $1 billion in revenue and beyond. We have bought companies, sold companies, grew go-to-market organizations, navigated hiring issues and executed IPOs.
I would say this operational expertise is foundational to our investing perspective. We look first and foremost for those categories where we believe the gap between offense and defense is the biggest, as well as companies within those categories that our operating experience can make a significant impact on to meet the challenges we see in the marketplace.
This operational approach is also the reason many of our companies tell us they chose to work with NightDragon over other late stage and growth investors. Together, we have decades of operating experience in CEO, strategy, marketing, business development, alliances and government roles. We leverage this experience and work alongside our management teams, which becomes invaluable for companies looking to achieve that next critical milestone in their journey.
I think you can look to the latest news headlines to see how much the industry has changed in just the last six months, let alone since we started investing and working in cybersecurity. If you look at the first half of this year alone, ransomware attacks have accelerated 148% year over year—with attacks shutting down our food supply, oil and gas, healthcare, school systems and more. The business landscape of the industry has also changed, with more than 3,500 cybersecurity companies, $11.5 billion in venture funding and $39.5 billion in M&A in the first half of 2021 alone. This is a growth trajectory I don’t expect to slow down anytime soon as cybersecurity demand becomes ubiquitous across all areas of technology.
One of the most profound trends we’ve seen is a complete change in how we think about cybersecurity. Up until just a few years ago, cybersecurity was an afterthought—cybersecurity tools and technologies were considered after IT infrastructure decisions were made and processes were established. Given the recent threat environment, cybersecurity is now becoming ingrained into all aspects of business, not only in the applications and tools we use, but also the way we work. This evolution in thinking has led to several disruptive new categories that we are betting on at NightDragon, including supply chain risk analytics, secure access service edge and DevSecOps, all of which we believe will be multibillion dollar markets in the future.
NightDragon was named for one of the first major known nation-state cyberattacks, which were a series of attacks from China against more than 71 oil, energy and petrochemical companies worldwide. This was a seminal moment in cybersecurity history, one that set the tone for years of escalating attacks and geopolitical tensions in the digital world.
We have identified 10 areas where we believe there still exists a significant gap between offense and defense, and therefore a great need for investment capital. We derive these insights from our direct connections in government and threat intelligence, which we believe is unique to the NightDragon platform. Some of those areas we are currently watching include drones, social, blockchain, cloud, supply chain, satellite, identity, insider threats and industrial. We’ve made investments in many of these areas in companies like Interos, iboss, HawkEye 360, SafeGuard Cyber, Premise Data, vArmour and more. We continue to evolve these target categories as the threat landscape evolves and enterprise and consumer needs change.
For many companies in cybersecurity, breaking into the state, local and federal government markets is a critical business accelerator. As our Founder Dave DeWalt says, “If you win the government, you can win the market.” However, we also recognize that selling to government organizations requires deep domain expertise, as well as meeting stringent compliance and regulatory requirements, which make it a challenge, or at least very intimidating, for many companies.
We also recognize that government is a sector with great need. Multiple reports have shown, for instance, that the number of ransomware and other types of attacks targeted at this industry has increased 50% or greater in 2020 over previous years. This is a critical risk vector that not only affects the organizations but also, more broadly, the citizens who use their critical services and our overall national security.
That’s why we launched the NightDragon Government Services (NDGS) business unit this year, as well as the NightDragon State and Local Advisor Consortium. Both efforts are designed to provide our portfolio companies with deep insights into market trends, technical needs, requirements and guidance on go-to-market, as well as sales and business development strategies. We feel this is part of the unique operational value proposition we can provide, and we are already starting to see incredible impact across our portfolio.
Entering new markets isn’t easy and requires significant investment from companies to get right. However, for those who can pull it off there is potential for significant upside if the move is a good strategic fit for the company’s overall mission and goals.
At NightDragon (“ND”), we support our companies with a platform-type approach. We have crafted partnerships and programs such as ND Talent, ND Government Services and ND Go-to-Market through which we support our portfolio companies with master service agreements, partnerships and advisor relationships in critical areas to growth. Great examples of this include our strategic partnerships with Macnica Networks to help our companies expand into the Japanese market and Carahsoft to help with federal, state and local governments. We also give them access to the people in our team and advisor network for further guidance, as well as playbooks for success from our decades of operating experience. Finally, we also have created a community of our portfolio companies called the NightDragon Network, through which we connect our portfolio company functional leaders to share best practices and generate mutual success.
At NightDragon, our investing and advising platform is purpose-built to create market leaders by helping to craft and execute on a differentiated go-to-market strategy. While companies often tend to focus on product and technology differentiation, we believe market leaders are created through go-to-market execution. While this sounds simple, I certainly acknowledge that it isn’t. That’s why at NightDragon we have built a platform that allows us to invest much more than capital. We have pulled together dozens of market-leading advisors, public sector officials, go-to-market partners and experienced team members to help give our portfolio CEOs every tool in the toolbox to ensure they are on the path from startup to market leader.
NightDragon invests at the later stages, where companies are primed to grow rapidly. Therefore, we typically look for both qualitative and quantitative signs of repeatability in the business model. This means enough of a history of metrics and KPIs that provide a sense of business drivers as well as customer use cases that are often replicated not only across companies but across industries. It might be obvious, but we’ve seen many examples of companies claiming to have found product-market fit without enough signals to support repeatability. My advice for those seeking growth funding is that it is important to ensure that the foundation is in place to provide these metrics and sell these use cases, from both a back- and front-office perspective. This not only helps to provide predictability but also becomes a key part of the company’s decision-making process.