The House passed a bill last week that will require Homeland Security to consider cybersecurity startups in combating information attacks, shining a spotlight on the benefits and detriments of small security firms around the country.
The Republican-backed bill, known as the Leveraging Emerging Technologies Act of 2016, is intended to help innovative and original ideas float to the top in the never-ending battle against hackers, the Baltimore Sun reports.
The goal is to bring the government up to speed on the latest techniques and strategies by engaging companies that are on the cutting edge of cybersecurity software development, House Majority Leader Kevin McCarthy said.
“If we in government are in analog while the rest of the world is in digital, we’re in trouble,” McCarthy said.
The bill’s passage brings up an interesting juxtaposition between traditional cybersecurity firms and smaller, risk-driven startups. While industry standards like McAfee and Cisco have their merits, the government’s interest in startups means the little guys deserve a second glance.
The rise of cybersecurity startups
House lawmakers aren’t the only ones looking at startup firms as serious candidates for cyberprotection. This month, Amazon and Goldman Sachs, along with hedge fund Hayman Capital, poured $45 million into an Atlanta-based cybersecurity firm that started only five years ago.
Ionic Security’s CEO told Fortune that the company has nearly twice as many employees — now about 200 — as it did last year. Originally designed as a kind of “anti-Facebook,” Ionic’s software focuses on protecting data through encryption and allowing only certain people to access certain information.
Goldman Sachs has been using Ionic’s encryption method for the past few years.
“We believe that Ionic’s platform addresses one of the biggest unsolved security problems for large enterprises today: how to enable employees to utilize modern communication and collaboration platforms while also maintaining adequate controls and security standards,” Ward Waltemath, Goldman’s managing director and head of software investment, told Fortune in a statement.
Part of the popularity of startups like Ionic stems from the experienced brains behind the operation. Dark Reading recently put together a list of 20 cybersecurity startups to watch in 2016, and the majority of them were started by people who cut their teeth at well-known companies before deciding to go solo.
Alex Rice, who co-founded startup HackerOne in 2012, was once the head of product security for Facebook, while his co-founder Katie Moussouris did security strategy work for Microsoft.
Struggles, successes in startups
Although many of these startups got their big break by receiving lots of funding from eager investors, the bubble could be on the verge of bursting.
With so many venture capitalists starting their own cybersecurity companies in an effort to get in on the booming industry, some are getting lost in the shuffle. Reuters reported in February that many cybersecurity businesses were struggling to turn a profit, despite more than $3.3 billion being invested in 229 deals in 2015.
However, all may not be lost for those hoping to succeed in the startup world. The ingenuity and fresh perspective that characterizes many of these new firms is the thing that will help them overcome obstacles.
“As incumbents like Symantec and HP stumble, failing to adapt, newcomers benefit,” TechCrunch reporter Mahendra Ramsinghani writes. “In the past three years, Symantec has lost two CEOs and its revenues continue to shrink.”
An editorial published last year by the National Cybersecurity Institute at Excelsior College spells out the inherent benefits of a cybersecurity startup: It can accomplish a lot while risking only a little.
“Startups have a better chance of recognizing new threats and acting to find ways to stop them because the traditional model of business does not apply to them,” the editorial continued. “These smaller businesses could be the key to a stronger, more versatile cybersecurity field.”
In addition to being highly adaptable, the firms that succeed in a competitive field will put much of their focus on protecting the “Internet of Things,” or products such as cars and appliances with Internet connections.
Lux Research reported that funding for startups is projected to grow from $228 million in 2015 to $400 million in 2016, largely thanks to increasing concern about IoT security.
As smart cars, smart homes and other IoT products become reality, Lux Research Vice President Mark Bunger says cybersecurity companies will have to play catchup in order to get ahead of the hacking that will inevitably ensue.
“Connected consumer and business products have begun flooding the market, but security has been an afterthought,” Bunger said in a statement. “The world now has to figure out how to secure the multitude of things that have recently become connected.”
While it is too early to predict the success of last week’s bill in protecting information, or even if it will survive the Senate, its passage in the House shows that the government is taking startups seriously when it comes to cybersecurity.
Startups are allowing cybersecurity experts to specialize and take risks when it comes to developing new ideas in ways that traditional companies are too rigid to try. If funding for these small companies continues to follow an upward trend, many more could appear.
But even if the funding for many cybersecurity startups begins to run dry, more are sure to take their place, creating an environment of competition that can only improve the ways in which businesses and the government attack hackers and malware.
