From the Colonial Pipeline hack to the data breach involving Tokyo Olympics ticket holders, the size and significance of cyberattacks this year is on the rise, and such threats are now mainstream.
Momentum Cyber reported in their H1 snapshot 728 data breaches so far this year, compared to 1,108 during the full year of 2020.
“Organisations incur huge financial losses, productivity disruption, reputational damage, and legal consequences as a result of a data breach, and cybersecurity is now perceived as a business enabler,” said Swetha Krishnamoorthi, senior industry analyst, cybersecurity at Frost & Sullivan.
Securing new funds
This has resulted in record VC investments into the cybersecurity space.
According to the same Momentum Cyber report, the first half of the year was the most active to date. $11.5 billion of capital was raised across 430 transactions as the average deal size continues to grow. 82 percent of financing volume was from later stage financings (Series B and above).
Israeli-US cybersecurity company Orca Security is one of the many start-ups that have been actively fundraising this year. The firm announced today (October 5th) that it had successfully raised $550 million, including an extended Series C fundraising round by Singapore-backed investment firm, Temasek. Other investors in this round included SAIC and Splunk Ventures, which provided new financial backing as well as strategic partnerships.
SAIC’s strategic partnership positions Orca as the company’s leading Cloud-Native Application Protection Platform (CNAPP) provider for digital transformation initiatives across its federal business portfolio, while Splunk Ventures offers technical integration expertise to enhance Orca’s growing role in the broader cybersecurity ecosystem.
This latest round boosts Orca’s equity valuation by 50 percent in just seven months, taking it to $1.8 billion.
In March this year, Orca secured $210 million in Series C funding, led by Alphabet’s independent growth fund CapitalG, Redpoint Ventures, GGV Capital and others.
“We believe that their (Temasek’s) involvement within Orca can dramatically bring the company to the next level, so we decided to extend the round, essentially to accommodate this interest,” Ari Shui, CEO and co-founder of Orca Security told FinanceAsia in an interview from Los Angeles.
Orca declined to detail the exact size of investment from Temasek, but other media reports suggested it amounted to $150 million, a figure Shua said he would not confirm or deny.
The company raised $55 million in December and $20.5 million in May 2020, bringing them to an impressive total of over $600 million in the past 16 months. Shua confirmed with FA that there are no active plans to raise any more funds this year.
MRI for the cloud
Orca was founded just two years ago but Shua has over two decades of experience in the security industry. He describes the company’s SideScanning technology as an “MRI for the cloud environment”.
Just like an MRI, Orca’s platform reads the cloud’s “particles”, providing a clear rendering of the company’s cloud health, using open, read-only cloud API. With this data, Orca is able to reconstruct a complete 3D image of a company’s cloud environment, providing visibility of any vulnerabilities, from leaked credentials to compromised workloads. Its innovation has one end goal; to allow clients to innovate while being secure. The company claims to be the first platform that is able to provide such deep visibility to cloud environments, within two minutes.
Shua shared that Orca is adding more capabilities to help companies and governments address compliance requirements for AWS, Azure and Google Cloud estates.
"Orca Security’s skyrocketing success has cemented its place as a category leader in a multi-billion-dollar industry,” said Yoav Leitersdorf, managing partner of YL Ventures, which has supported Orca Security since its seed round.
Orca reported 800% year-on-year revenue growth in 2020 and while Shua understands that such exponential growth may not be sustainable, he expects growth of five times in the next year.
When it comes to turning a profit however, Shua does not have any expectations for another few years.
“When you're building an organisation and scaling this fast, it takes around 12 to 18 months to get a return on investment. So when you grow six times, by definition, you're not going to be profitable. But at the same time, we are not forgetting the basics. We are focusing our investments on basic unit economics, which make sense for the broad market opportunity with our platform,” said Shua.
He also shared that while an IPO is not top of Orca’s mind right now, the company will confirm listing in a timeframe of around three to five years.
Going global
In the US, Orca counts Robinhood, Autodesk and News Corp as its clients, and the company is hoping to grow its footprint globally with the additional funds.
In Asia Pacific, Orca has made inroads into Japan and China, having recently launched local language versions of its website. Its customers in the Asian region include Hitachi Solutions as well as ‘buy now, pay later fintechs’ such as Zip.co and Paidy.
Orca plans to have over a dozen employees in the APAC region and over two dozen in London by the end of this year, with office openings planned in Australia, Thailand, Japan, and the UK.
Gartner, a research and advisory firm predicts that the global adoption of cloud services is set to increase by 21.7 percent to reach $482 billion in 2022. In addition, by 2026, the company expects public cloud spending to exceed 45 percent of all enterprise IT spending, up from 17 percent in 2021.
When it comes to the broader landscape for M&A and financing activity, Momentum Cyber sees further growth across all areas of cloud security, especially within cloud infrastructure security itself, the space in which Orca operates.
“We expect this trend to continue given the rapidly increasing use of these dynamic, often short-lived resources within public, private and hybrid clouds. The need for increased visibility, security, and even compliance drives spending within this category, said Dino Boukouris, managing director at Momentum Cyber, a cybersecurity focused strategic advisory firm.
