This session talks about how to go about building a thesis on fund investments in a venture fund. The session was conducted by Prayank Swaroop, Partner @ Accel
1. 1
Building an
investment thesis
THINKING THROUGH TRENDS
Prayank Swaroop, 16th May 2020
prayank@accel.com
For Pi Fellows programme
1 Photo by James Pond on Unsplash
2. The goal is to turn data into information,
and information into insight.
- Carly Fiona
2
3. A thesis is a point of view to invest or not to
invest in a business area or technology field
- ahead of the curve.
What’s a thesis?
3
4. Thinking ahead
Disruptive technologies unlock new value creation opportunities
• Cleantech
• Biotech
• Cloud
• Mobile
• APIs
• Blockchain
• AI/ML
• AR/VR
• 3d printing
• IoT
• Satellite tech
• Electric cars
Separating the
wheat from the chaff.
• Wearables
• Smart homes
• Artificial meat
• Autonomous Vehicles
• Drones
• Social Media
4
5. What is the goal of a thesis?
Lay foundational thought process for value creation
• As investors we want to find large spaces which enable a business to become a multi-billion
dollar franchise. In revenues - not just valuations. Identifying large enough markets.
• Practically a company takes 7-10 years to reach a sustainable scale and then compound, so true
value realization take 10-15 years. And companies are staying private longer too. Identifying long
term trends.
• We are all time is a constrained - we need to prioritize. Be prepared.
• A good entrepreneur can choose his investors. What is our unique point of view?
• Conviction. Path of a startup is never straight to success, at times of lows our foundation of thesis
helps keep the faith.
5
7. Executive Summary
• Cybersecurity is a large market - $1B in 2019 to $1.6B in 2021 at a 16.9% CAGR
• Cloud security is a significant trend with high growth
• India has a number of IAM startups, less so in cloud security
• Need to find the right startups in the cybersecurity space
7
For illustrative purposes only
8. In search of a market that is here to stay …
This in the last 30 days
8
For illustrative purposes only
9. Is this a big market?
GLOBAL CYBERSECURITY SPEND
9
For illustrative purposes only
10. Is this a big enough market?
INDIA CYBERSECURITY MARKET
2019 2022 CAGR
Data Security
encryption, tokenisation, data masking, data loss prevention, information rights
management, file and data access monitoring
115 210 22.2%
Endpoint Security
anti-virus and antispam software, host intrusion prevention software (HIPS), exploit
protection, behavioural analysis of memory and continuous monitoring.
241 406 19.1%
Identity & Access Mgmt
Defined as a combination of software, hardware, and networking technologies such as firewall,
unified threat management, network intrusion detection and prevention, virtual private network
(VPN), content inspection, web content security.
83 130 16.3%
Network Security a suite of solutions related to user and device identities. 257 394 15.3%
Security IDR
a variety of product categories such as SIEM, threat analytics, forensics, vulnerability
management among others.
333 504 14.8%
$1B $1.6B 16.9%
https://www.dsci.in/sites/default/files/documents/resource_centre/Cyber%20Security%20India%20Market.pdf
10
For illustrative purposes only
11. Are large outcomes possible?
BILLION+ EXITS IN CYBERSECURITY
https://www.cbinsights.com/research/cybersecurity-billion-dollar-exits-infographic/ 11 For illustrative purposes only
12. Are enough $$ available to build
$180B+ deployed across M&A & financing over last decade
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
$27.6B
$16.1B
$20.4B
$22.2B
$11.3B
$13.6B
$9.0B
$4.7B
$5.9B
$13.6B
$8.9B
$6.4B$5.7B
$4.5B$3.9B
$2.5B$1.7B$1.2B$0.9B$0.8B
2010-2014
Financing $7.1B M&A $46.8B
2015-2019
Financing $29.5B (314%) M&A $97.5B (108%)
12
For illustrative purposes onlyMomentum Cyber - Cybersecurity Almanac 2020
13. Understanding the market problems
MULTIPLE THEMES. WHICH ONE TO CHOOSE?
Cybersecurity Talent Gap
• 3.5M Cyber job vacancies expected by 2021
• 44% of alerts are not investigated. 54% of investigated alerts are not remediated
Shifting To Next-Generation
Security Products
• Many ML / AI technologies are features, but are not truly core to the platform
• It is difficult for customers & buyers to make sense of the market hype around ML / AI
Increased Hybrid Cloud
Adoption
• 83%of workloads are virtualized today
• More than half of enterprises are running hybrid cloud environments
Proliferation Of Security
Products & Vendors
• The average enterprise environment has 75 security tools
• Many product companies offer point solutions, but are not true platforms
Zero Trust Framework
• Exponential increase in attack surface, identities, devices, network endpoints
• Rise of insider threats, treat each request so that it doesn’t have access privileges
Third Party Risks
• Increased sophistication of attacks that leverage third party providers
• Need for risk assessment of third party suppliers for security and privacy practices
Rise of DevSecOps
• The “Shift-Left” movement, incorporate security early in the code
• Increasing co-operation between developers and DevOps to have security feedback loop
13
For illustrative purposes onlyMomentum Cyber - Cybersecurity Almanac 2020
14. TOOLS TO SOLVE THE PROBLEMS
• Pick very large impact technologies
• Technologies that are still evolving
• Picks:
Password-less authentication
Zero Trust Networking
Cloud security posture management
Container-based network defense
Available technologies
https://www.gartner.com/en/documents/3975191/emerging-technologies-and-trends-impact-radar-security 14
For illustrative purposes only
16. Password-less authentication
What is Passwordless authentication?
Any method of verifying the identity of a user that does not require the user to provide a password.
Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user
(e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s biometric signature
(e.g. fingerprint, face, retinal scan, etc.). It is also possible to authenticate based on something the user knows (e.g.
knowledge-based authentication), so long as that something is not a password.
https://doubleoctopus.com/blog/how-does-passwordless-authentication-work/
Possible systems:
• Software tokens
• Biometrics scanners
• SMS delivered codes
• Hardware tokens
Indian startups
Most funded
$32M $212M
16
$40M $38M
$22M
https://dzone.com/articles/how-passwordless-authentication-works
https://www.marketsandmarkets.com/Market-Reports/identity-access-management-iam-market-1168.html
$15B
market in 2021
17. Picking a space that can become big
THEMES x TECHNOLOGY MATRIX
Passwordless
authentication
Decentralized Identity
Cloud security posture
management
Process, Application &
Behavioral Monitoring
Cybersecurity Talent Gap
Shifting To Next-Generation
Security Products (AI/ML)
Increased Hybrid Cloud
Adoption
Proliferation Of Security
Products & Vendors
Zero Trust Framework
Third Party Risks
Rise of DevSecOps
17
For illustrative purposes onlyMomentum Cyber - Cybersecurity Almanac 2020
18. Validation
“Hackers have begun to take the advantage of the anxiety by unleashing
COVID-19-themed phishing attacks.” - Siddharth Vishwanath, Partner and
Leader- Cybersecurity, PwC India
Need to talk to more customers
18 For illustration purposes only - From various media clippings
Momentum Cyber - Cybersecurity Almanac 2020
20. Companies we are tracking (1/1)
20
Company Description Location PIC Scale Comments
Druva
Backup and data loss prevention solution for
enterprises
Bangalore $330M >$100M NA
Uniken
Secure & unified digital access solutions based
on mutual authentication and encryption
Pune $29M NA NA
For illustration purposes only - From various media clippings
22. Cybersecurity exits in India
22
Company Acquirer Value
Aujas Networks NSE NA
Nevis Networks Qualys NA
For illustration purposes only - From various media clippings
23. Let’s build a thesis
STEP BY STEP
23 Photo by Jannes Jacobs on Unsplash
25. In search of a market that is here to stay …
Is there a problem?
25
For illustrative purposes only
26. Is this a big enough market?
Do people care to spend money on this problem?
• Willingness to spend money is on a problem is defined by whether its a
painkiller or a vitamin.
• Business loss, regulatory compliance and reputational risks are some of the
reasons people could spend on cybersecurity.
26
For illustrative purposes only
27. Is this a big enough market?
INDIA CYBERSECURITY MARKET
2019 2022 CAGR
Data Security
encryption, tokenisation, data masking, data loss prevention, information rights
management, file and data access monitoring
115 210 22.2%
Endpoint Security
anti-virus and antispam software, host intrusion prevention software (HIPS), exploit
protection, behavioural analysis of memory and continuous monitoring.
241 406 19.1%
Identity & Access Mgmt
Defined as a combination of software, hardware, and networking technologies such as firewall,
unified threat management, network intrusion detection and prevention, virtual private network
(VPN), content inspection, web content security.
83 130 16.3%
Network Security a suite of solutions related to user and device identities. 257 394 15.3%
Security IDR
a variety of product categories such as SIEM, threat analytics, forensics, vulnerability
management among others.
333 504 14.8%
$1B $1.6B 16.9%
https://www.dsci.in/sites/default/files/documents/resource_centre/Cyber%20Security%20India%20Market.pdf
27
For illustrative purposes only
28. Is this a big market?
GLOBAL CYBERSECURITY SPEND
28
For illustrative purposes only
29. Are large outcomes possible?
BILLION+ EXITS IN CYBERSECURITY
https://www.cbinsights.com/research/cybersecurity-billion-dollar-exits-infographic/ 29
For illustrative purposes only
30. Are enough $$ available to build
$180B+ deployed across M&A & financing over last decade
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
$27.6B
$16.1B
$20.4B
$22.2B
$11.3B
$13.6B
$9.0B
$4.7B
$5.9B
$13.6B
$8.9B
$6.4B$5.7B
$4.5B$3.9B
$2.5B$1.7B$1.2B$0.9B$0.8B
2010-2014
Financing $7.1B M&A $46.8B
2015-2019
Financing $29.5B (314%) M&A $97.5B (108%)
30
For illustrative purposes onlyMomentum Cyber - Cybersecurity Almanac 2020
33. Understanding the market problems
Customers buy products to solve problems.
MULTIPLE THEMES. WHICH ONE TO CHOOSE?
Cybersecurity Talent Gap
• 3.5M Cyber job vacancies expected by 2021
• 44% of alerts are not investigated. 54% of investigated alerts are not remediated
Shifting To Next-Generation
Security Products
• Many ML / AI technologies are features, but are not truly core to the platform
• It is difficult for customers & buyers to make sense of the market hype around ML / AI
Increased Hybrid Cloud
Adoption
• 83%of workloads are virtualized today
• More than half of enterprises are running hybrid cloud environments
Proliferation Of Security
Products & Vendors
• The average enterprise environment has 75 security tools
• Many product companies offer point solutions, but are not true platforms
Zero Trust Framework
• Exponential increase in attack surface, identities, devices, network endpoints
• Rise of insider threats, treat each request so that it doesn’t have access privileges
Third Party Risks
• Increased sophistication of attacks that leverage third party providers
• Need for risk assessment of third party suppliers for security and privacy practices
Rise of DevSecOps
• The “Shift-Left” movement, incorporate security early in the code
• Increasing co-operation between developers and DevOps to have security feedback loop
33
For illustrative purposes onlyMomentum Cyber - Cybersecurity Almanac 2020
35. TOOLS TO SOLVE THE PROBLEMS
• Pick very large impact technologies
• Technologies that are still evolving
• Picks:
Password-less authentication
Zero Trust Networking
Cloud security posture management
Container-based network defense
Available technologies
https://www.gartner.com/en/documents/3975191/emerging-technologies-and-trends-impact-radar-security 35
For illustrative purposes only
36. Password-less authentication
What is Passwordless authentication?
Any method of verifying the identity of a user that does not require the user to provide a password.
Instead of passwords, proof of identity can be done based on possession of something that uniquely identifies the user
(e.g. a one-time password generator, a registered mobile device, or a hardware token), or the user’s biometric signature
(e.g. fingerprint, face, retinal scan, etc.). It is also possible to authenticate based on something the user knows (e.g.
knowledge-based authentication), so long as that something is not a password.
https://doubleoctopus.com/blog/how-does-passwordless-authentication-work/
Possible systems:
• Software tokens
• Biometrics scanners
• SMS delivered codes
• Hardware tokens
Indian startups
Most funded
$32M $212M
36
$40M $38M
$22M
https://dzone.com/articles/how-passwordless-authentication-works
https://www.marketsandmarkets.com/Market-Reports/identity-access-management-iam-market-1168.html
$15B
market in 2021
37. Picking a space that can become big
THEMES x TECHNOLOGY MATRIX
Passwordless
authentication
Decentralized Identity
Cloud security posture
management
Process, Application &
Behavioral Monitoring
Cybersecurity Talent Gap
Shifting To Next-Generation
Security Products (AI/ML)
Increased Hybrid Cloud
Adoption
Proliferation Of Security
Products & Vendors
Zero Trust Framework
Third Party Risks
Rise of DevSecOps
37
For illustrative purposes only
38. Understanding attributes of what can become big
Understanding market problems
Understanding current and evolving technologies
Prioritizing technologies that have maximum impact
Choosing a technology that addresses multiple problems
38
40. Sometimes you have intuitive insight about how you think things
are going to be, and you write that. Other times you fantasize
completely, which has nothing to do with predicting the future.
- Ray Bradbury
40
41. Step into the wild
• By reading reports and listening to podcasts one doesn’t become an expert
• Need to talk to experts to validate our thinking
• Need to identify who will pay for the problem to be solved
• How much market education will we need to do for it to accept our solution
(theme x tech)
• This also helps in understanding the customer segment and attributes of a
winning product - easy deployability, GTM, winner take all?
41
42. Talk to experts
• Do they feel the pain of the problem identified by us?
• Do they agree with the technology choice that we have in mind?
• When do they need it? Right now or later?
• Will they pay for it? How much - $5K, $15K, $30K?
• Will it be easy for them to replace this technology with another one?
• What other problems can this technology solve for them - can it become a platform?
42
43. Identifying customer segments
• Which industry will the technology be adopted fast?
• Should we sell to SMB, mid-market or enterprise?
43
44. Understanding of customer segments and GTM
We validate that the technology solves customer problems
Customer is willing to pay for the solution
We understand which industry will be an early adopter of the solution
We understand which size of customer will be easiest to sell to
We have formed some sort of point of view
44
47. The Choice
• Research the companies that in the technology that we have picked
• Meet all of them
• Enhance our understanding of the solution
• Enhance our understanding of the customers - industry and segment
• Enhance our understanding of the GTM
• Deal evaluation begins
• Finally we will have an educated point of view
47