The cybersecurity sector is rapidly transforming, spurred by the transition from cloud-based to AI-native technologies and the urgency for governments to shore up national security vulnerabilities.
Jefferies Managing Director Tim Roepke believes some cybersecurity companies are so valuable – and critical to the technology ecosystem – that they are fundamentally shifting the deal landscape and “challenging traditional ideas of when to buy versus when to build.”
On the heels of Jefferies’ April Private Growth Conference – which featured several leading cybersecurity companies and hundreds of other investors and company leaders – we spoke with Tim Roepke to get his take on the current state of the cybersecurity sector.
Q: What will AI’s impact be on the cybersecurity sector?
Tim: AI could be the most significant technological paradigm shift we’ve seen, including the iPhone, Google search, social media, and the public cloud. It could outdo them all because it touches every person and every business.
Q: How do you secure these AI applications? Is it very different from software security in the past?
Tim: AI apps were not a part of IT stacks in the past, so new muscle memory is being created. Company leaders are asking themselves, “How will we use AI individually? How will we use it as a business? And ultimately, how do we secure it, so it doesn’t do bad things?”
They are also looking for tool consolidation. If a CTO has five cybersecurity problems, they don’t want five cybersecurity vendors. They want one that can handle most problems.
Businesses also want to prevent catastrophic scenarios that can snowball. Imagine a company creating an AI agent that knows customers’ bank accounts, blood types, and financial histories and can distribute that information to millions. They must ensure it is checked appropriately, secured inside a firewall, and monitored and managed.
Q: How are the upstart cybersecurity companies trying to define themselves, and how are incumbent cybersecurity companies trying to stay ahead?
Tim: Twenty years ago, there was a shift to cloud-native technology. That was moving our data from servers in our closets and basements to AWS or Microsoft Azure. Now, the data revolution associated with AI use-cases has created a shift in infrastructure requirements. There is a small group of businesses in terms of dollars of revenue, but they have immense value and go-to-market ability.
It will take a long time for a business of any scale to move from a cloud-native to an AI-native infrastructure. However, breakthrough startup cyber companies can now approach potential customers with a holistic offering. They can say, “We have a solution that prevents your AI from getting out of control, can protect you from traditional hackers, and can prevent North Korea from getting into your cloud.”
Q: How is cybersecurity technology with AI different from what has existed in the past?
Tim: AI-native cybersecurity companies tend to be very prescriptive and on offense. They find and neutralize the attackers or discover things that could happen to organizations months in advance, and act. They are out to find problems before they ever start.
Q: When transformational technology changes the landscape, what does that mean for deal-making?
Tim: It will lead to a lot of deal-making.These companiesare so critical and valuable that they challenge traditional ideas of when to buy versus when to build. Google purchased Wiz for $32 billion. Google could have tried to build something like it, but buying Wiz made sense even at that price.