“Not sexy for a penny”. With its technical jargon and its “disaster scenarios”, this is the image that cybersecurity has long had in the eyes of investors. And then the hackers went after the multinationals, the hospitals, the town halls. States and companies have understood, the hard way, that they had to arm themselves. And cybersecurity has become an El Dorado. The number of funding rounds has more than tripled between 2012 and 2022, reveals the Tikehau Capital 2023 cybersecurity investment barometer for the FIC, which looks at Europe, the United States and Israel. In these areas, the amounts raised were almost multiplied by 17 (14.9 billion euros in 2022).
In this game, the United States dominates head and shoulders. In the scope studied by Tikehau, they collect 73% of the amounts raised. As the Americans are home to a number of global Tech giants, they became interested in cyber earlier than the Europeans. Israel is also doing well. “It is a country at the forefront of Tech with a very small domestic market. Local start-ups therefore have an international-oriented strategy from the start”, explains François Lavaste, investment director within the cybersecurity team of Tikehau Capital. They have thus carried out no less than 67 funding rounds and raised 1.6 billion euros in 2022.
And the European pupil? “Progress, but can do better” would be tempted to write on his report card. Between 2012 and 2022, the number of funding rounds has almost multiplied by 5 (from 40 to 188). And the annual amounts raised by start-ups in the region have gone from a meager 32 million euros to a more presentable total of 2.4 billion. “There was a real awareness of the risks on the Old Continent after the 2017 attacks which affected groups like Saint-Gobain or Renault”, analyzes Gérôme Billois, Wavestone partner and co-author of the annual radar of French cybersecurity start-ups with BPI France.
France behind the United Kingdom and Switzerland
Unfortunately, the average size of European start-ups remains too modest. The case of France is eloquent. High-level engineers and mathematicians, world-renowned know-how in encryption, significant market size… the country has certain assets to break into cyber. This almost backfires: companies feel good enough at home not to seek with great energy to grow and develop internationally. “Many of them exceed seven years of existence without having crossed the threshold of 35 employees, which represents a fine fabric of profitable SMEs. But a few major players would have to be added to this if the we want real sovereignty,” observes Gérôme Billois.
Even if the United Kingdom and Switzerland are doing better, the observation in France is valid for Europe. Last year, only 3 new cyber unicorns joined the European herd when North America celebrated 16 arrivals. Encouraging the marriages of start-ups with complementary offers would allow them to reach the appropriate size more quickly. “Clients don’t want to have to use solutions from multiple companies to protect their entire perimeter, which is too often the case today,” explains François Lavaste. Not to mention that in this sector, it is necessary to invest massively in R&D, because hackers are finding new ways to break through defenses every day. “In cybersecurity, the pace of innovation is even more sustained than in technology in general. The positions occupied by the players in this market are also changing very quickly”, specifies the expert.
If Europe entered the battle late, “its start-ups are gaining momentum and this market is maturing”, reassures François Lavaste, however. Note also that even the United States does not have an irreproachable cyber shield. “As in the rest of the world, many American companies and hospitals have suffered from very basic ransomware attacks. The consequence of fifteen years of underinvestment”, points out Gérôme Billois. Even at the head of the peloton, there is some catching up to do.