Earlier this week, the team at Strategic Cyber Ventures released a report on the state of the cybersecurity venture market. Venture investors poured $5.3 billion into cybersecurity startups in 2018. This is a 20% increase from 2017, which saw about $4.4 billion in venture capital investment in the cybersecurity space.

In the United States, California counts for about half of the funding activity. Surprisingly, the government region (Maryland, Virginia, and Washington, DC) accounted for a relatively small part of the pie, with a total funding of around $300, largely driven by a single company called Virtu, which has raised around $78 million in total.

But these numbers do not tell the full story.

Some question whether the growth trends in funding for cybersecurity startups (double the amount of funding from 2016) are sustainable.

 In cybersecurity, there are likely many zombies out there. They’ve raised big rounds, growth has slowed, perhaps due to vendor fatigue or increased competition, and now these companies can’t raise at increased valuations from prior rounds, or at all, and are being propped up by existing investors that will eventually grow weary of keeping them alive. These companies will eventually float to the surface over the next few years with less than desirable outcomes for investors and founders.

Others question whether the capital is going to the right companies, and whether those companies are using the capital to build technology to address emerging threats or whether the capital is being spent primarily on marketing.

The thinking behind this stance is simple enough: investments in innovative and emerging technologies, and 'AI' has to be the primary contender here, are not all directed into the technology itself. "A considerable part of the investment is spent on pretty worthless marketing decorations" Kolochenko argues, continuing "we are not approaching the bubble yet, however, the growing number of similar cybersecurity startups offering quasi-identical technology although in different packages is quite alarming." Alarming indeed. Not least, as Kolochenko points out, if you take a long view of the cybersecurity market it is apparent that the high-value marketing opportunities are relatively limited and so startups have to pay ever more to reach that point. This is all money that is not being spent on developing, testing and maturing the technology itself. *

Read the full report from Strategic Cyber Ventures here.

Dreamit SecureTech is a growth-focused program for pre-”Series A” cybersecurity and physical security startups. Unlike most startup accelerators, over 50% of the program is remote participation, giving founders the flexibility they need to concentrate on their businesses. And instead of taking a large, fixed equity stake, Dreamit does this primarily for the right to invest in your next round at a slight discount. Apply for the next cohort here.