Opinion
The secret behind the power of Israel's cyber industry: Identifying and building new categories
"The extraordinary ability to identify and build new categories is a key driver behind Israel’s cybersecurity industry," writes Barrel Kfir, Partner at Dell Technologies Capital.
The Israeli cyber industry has demonstrated robust growth that surpasses both local expectations and global economic challenges. Its remarkable success has made it the benchmark for any venture capital firm considering investments in cybersecurity. If in the past, a venture capital firm would ask an Israeli cyber entrepreneur, "Who are your competitors in the U.S., and how are you superior to them?" today, every American cyber entrepreneur faces the reverse question: "Who are your competitors in Israel, and how are you superior to them?" Israel has firmly positioned itself as the leading innovation hub in the global cybersecurity industry and as the benchmark for competitors' success worldwide.
The Israeli cyber industry’s achievements have been extensively discussed. However, a relatively recent trend has emerged as a powerful driver: the unique ability of Israeli cyber entrepreneurs to identify and create entirely new categories from scratch, leading these categories through early stages of maturity. Israel’s dynamic industry environment enables rapid recognition of evolving challenges facing organizations and development of solutions that evolve into new categories. Behind each new category is a fascinating group dynamic, rarely seen elsewhere, where cyber entrepreneurs gather to freely discuss newly identified problems in the cyber world, which are anticipated to become the next major organizational challenges and pain points. This collaborative mindset often leads to the simultaneous establishment of multiple startups, each proposing a solution to the newly identified issue, all stemming from collective brainstorming.
This approach has birthed several new categories over the past two years, including CSPM (Cloud Security Posture Management), with companies like Wiz, Orca, and Lightspin; DSPM (Data Security Posture Management), driven by companies like Cyera, Sentra, Dig Security, and Flow Security; and Secure Browser solutions by Island, Talon, and LayerX. In recent months, additional categories have emerged, such as Non-Human Identity by companies like Oasis, Astrix, and Entro, as well as AI Security by Apex, AIM, Lasso, and Prompt. In two other categories, Data Loss Prevention (DLP) and SOC Automation via AI, companies are still operating under the radar and have yet to make public announcements.
Challenges and Opportunities in Building Cyber Categories
Market pioneers in cybersecurity, like in any field, gain a clear advantage over later entrants but also face unique challenges - particularly when multiple companies lead the charge in a category at the same time. The first challenge lies in differentiation: many companies, formed around the same time to solve the same problem, present nearly identical pitches, lacking true distinction from one another. Furthermore, the market often lacks awareness of the issue the new category aims to address. These companies must amplify their message in a market devoid of buzz, making it challenging to gain traction with organizations and persuade security managers and investors.
Another challenge is the rapid pace demanded by this competitive environment. New category startups must swiftly raise multiple rounds of funding, bring products to market, and achieve initial sales within a year or two - a critical period in their growth. In new categories like DSPM, the time from founding to a billion-dollar valuation is approximately two years. Within this timeframe, companies in the category are ranked, with leading companies standing out and others struggling to keep up in the intense competition. Amid these challenges, the collective rush to present solutions to the same issue accelerates awareness of the new category, clearing the path to acceptance by large organizations, particularly when research firms recognize the category and begin ranking its players.
Investment Considerations: When and Whom to Back in a New Category
Venture capital firms recognize that if a new category succeeds, it promises high returns on investment. However, the process of defining a new category also presents challenges. The first question is which company to invest in, especially as companies in the early stages offer nearly identical pitches and lack a proven solution or customer base. Investors, therefore, weigh their decisions heavily on the team: who they are, their professional experience, past successes, their impression as potential leaders of the next big thing in cybersecurity, and whether the founders have personally experienced the problem they aim to solve.
The second question investors ask is when to make their initial investment in a new category: should they invest as early as the Seed or Series A round, or wait to identify a frontrunner and join at the Series B stage? In emerging categories, investors gauge the optimal risk-reward balance. The stronger their belief in a new category’s potential, the more likely they are to invest at an early stage, even before investments in the area become common.
The extraordinary ability to identify and build new categories is a key driver behind Israel’s cybersecurity industry. It’s a point of pride and optimism, especially during times when the high-tech industry faces challenges and disruptions.
Barrel Kfir is a Partner at Dell Technologies Capital