Opinion
Ideating in a saturated cybersecurity market
“The rapidly evolving nature of cybersecurity threats outpaces the ability of larger vendors to adapt. This creates a prime opportunity for nimble startups to develop innovative, tailored solutions that address these specific pain points,” writes Nadav Lev, CTO at YL Ventures
In the aftermath of 2021 and in a rocky macroeconomic environment in which CISOs have flat budgets and cybersecurity categories are packed with startups, ideating new cybersecurity solutions is extremely challenging and the table stakes are rising. Ideating in such a saturated market may discourage potential cybersecurity founders from throwing their hat in the ring, but it shouldn’t. While the dominance of the most well-known cybersecurity giants creates pressure for smaller, single-tool companies, it also opens doors for innovation. The most critical cybersecurity problems demand highly specific solutions, not one-size-fits-all platforms. In this light, the rise of platform giants doesn't spell doom for cyber startups. The rapidly evolving nature of cybersecurity threats outpaces the ability of larger vendors to adapt. This creates a prime opportunity for nimble startups to develop innovative, tailored solutions that address these specific pain points.
Customers today are seeking solutions for top-of-mind issues and most of the known problems are already being addressed by existing solutions. This reality serves as a kind of “filter,” ensuring that only determined founders with experience and unconventional approaches will step up to the plate. Ambitious founders must do one of two things: either find a new, severe problem that hasn’t been solved yet or an existing severe problem that hasn’t been solved well.
In the case of a new problem that hasn’t been addressed by existing cybersecurity solutions, you’ll be potentially leading an entirely new market. Beyond customer validation to ensure this problem resonates with your target market, remember that even if CISOs show interest in your solution, the budget to onboard it must be approved by the C-suite. In the current macroeconomic environment, this may prove challenging. When ideating, consider the value that your solution will bring to stakeholders beyond security - how can development teams, finance and HR, for example, benefit? Will your solution help organizational reporting and compliance efforts? If the answer is yes - congrats! You’ve just opened a new market, and you are its leader. Market leaders are in a unique position to decide what their market looks like and what its characteristics are - and tailor these settings to the company’s strengths and weaknesses. You’ve now created a new gap in the market, and with a head start like yours, it will be hard for others to catch up. The onus is on you, however, to continuously prove that the hype is real and that your idea is innovative, distinct and required.
In the case of an existing problem space that is acute and unrelenting, but which existing solutions are incapable of resolving, you must first map out and understand what the customer needs are in this space, what incumbent players are doing and why their customer base isn’t satisfied - or could be more satisfied. Ascertain your own domain expertise, the abilities of your team and your approach to the problem to really answer the question - can I do this better? What makes my team the most well-suited to solve this problem? A critical and often overlooked element in this question is - why now? Has the problem become more challenging? Have recent developments in tech made it more urgent to resolve?
Related articles:
One of the more challenging ways to innovate in a competitive playing field and distinguish yourself from the crowd is to introduce processes, mechanisms and strategies from outside the realm of cybersecurity. When problems persist but traditional security strategies and tools are unable to resolve them, cyber-adjacent ideas may seem revolutionary and out-of-the-box, and therein lies their appeal to investors and customers alike. Demisto, for example, which was acquired by Palo Alto Networks, used the non-cybersecurity format of playbooks used in incident response for emergency services to build their SOAR (security orchestration, automation, and response) platform, automating similar playbooks to help security teams respond to threats faster and more efficiently. Another example is the well-known family of data science techniques known as “process mining” used by cybersecurity startup Gutsy as the foundation of their security governance platform. Gutsy’s founders saw that existing solutions in their space address tools, but not processes - and that was their way in. This approach is new and revolutionary for cybersecurity, reimagining an existing category in an innovative way.
Finally, there’s a secret element to any founding journey which, in the days of saturated markets and frustrating conditions, is even more important - passion. The startup journey is a long one, for those determined to achieve market success. This rollercoaster will challenge even the most stoic founders, and passion will be the only thing that drives you when times get tough. Passion is also often the secret sauce that attracts investors and employees to a founding team, even more so than an interesting problem space.
Nadav Lev is the CTO at YL Ventures