Cybersecurity Spotlight: SightGain

Today the spotlight is on SightGain an Arlington based cybersecurity startup.

Source: sightgain.com

If you’re active in the Cybersecurity space you may already know about SightGain, if not this article will act as a preface to their services and a brief analysis from an investors lens.

For context, I first heard about SightGain through my Crunchbase updates letter. SightGain recently has secured $2m in funding through winning the DataTribe challenge. If you’re not familiar with the DataTribe challenge, here is some background on that. The challenge, now in its third year, brought together a trio of startups virtually who were picked from 400 nationwide applicants. Their founders pitched a panel of judges from prominent firms like CrowdStrike, Carbon Black, Under Armour, Shopify and Deloitte. SightGain won the event on December 11th 2020, just 6 short days ago.

Now is the perfect time to be adding SightGain as a “company to watch”, whether you’re a traditional venture fund or a growth fund with a cybersecurity investment thesis.

Now what exactly does SightGain do? Here’s a snippet about them; “SightGain brings innovative software to help customers identify gaps in the efficacy of their security due to common issues and deficiencies like equipment misconfiguration, changes in their IT environment, and evolving adversary tactics.”. In short, SightGain is enabling companies to automatically test how well their tech, processes, and personnel detect and prevent actual malicious attacks.

A bit about the founder: Founded by Christian Sorensen, who has experience in cyber roles at Fort Meade-based United States Cyber Command, and the Pentagon.

The market demand? I think SightGain is coming to market in a very timely manner. Over the past several years, we continue to hear ground breaking stories about cyber breaches within major corporations. The laundry list of ground breaking breaches is quite astonishing. If you’re curious to see this list for yourself, click here. At the root of the problem we can see breaches stretch far beyond just these major headlines, let’s take a look at the data on the annual number of data breaches and exposed records in the United States from 2005 to 1st half 2020.

Source: Stasita.com

The deeper problem: Organizations aren’t properly prepared or battle hardened for these breaches. That’s why they continue to happen, and I cannot foresee them stopping until organizations take a proactive approach rather than a reactive approach to the problem. This is where SightGain is really stepping in and filling a market void that desperately needs to be filled.

TAM: As always, let’s take a look at just how large the addressable market really is. According to IBISWorld, the industry market size for IT Consulting services is $15.2bn in 2020. The market size of the IT Security Consulting industry in the US has grown 5.7% per year on average between 2015 and 2020. A deeper bottoms up analysis can be done here by looking on a regional level starting with VA, and projecting out the potential market share they can capture within each specific strategic location. The best way to do this would be to look at the amount of organizations that are large enough to implement wide lens cybersecurity protocols and begin to capture a reasonable percentage of those organizations.

KPIs: KPIs that we would seek to dive further into management about would include:

  1. LTV/CAC (Target 4:1)
  2. MoM Growth (15%+)
  3. Margin Profile (targeting high margins here, 70%+)
  4. ARR Growth (90%+ at this stage, targeting 50%+ at growth stage)

Far from exhaustive but always a good starting point. Any red flags that are raised at this point can be inspected further before deeming it a deal killer.

So who is the right investor for this opportunity? The list can go on and on for this portion, but lets take a look at some of the prominent investors from early to growth stage that are active in this sector.

It’s a bit early for many of these funds, none the less it’s best to begin tracking and forming relationships as early as possible. Promising cybersecurity startups can glide through funding rounds exceptionally quick.

Exit Strategy: There is no shortage of strategic or sponsors when it comes to exits and for that matter an IPO is certainly not out of the equation either. Let’s look at some data to unpack industry exit multiples.

Source: Raymond James

Multiples are certainly rich, with multiples souring into double digits. A few sponsors that are active in the space:

  1. JMI Equity
  2. Thoma Bravo
  3. Paladin Capital Group
  4. Summit Partners
  5. Updata Partners
  6. Edison Partners
  7. Columbia Capital
  8. IDG Capital

Closing thoughts: I certainly am bullish on the cybersecurity landscape as a whole, but the competitive market is very real. Cybersecurity startups are coming about all of the time and for good reason. There is a market, and a plethora of investors. This doesn’t mean all are winners and careful vetting is required as always. To close out this piece and to tie everything back to SightGain, as mentioned, they won the 2020 DataTribe challenge. Former winners have gone on to be well-funded successful industry players. Personally, I see SightGain following that same trajectory but as always, time will tell.

Primarily Growth & Venture Content // Avid Art Collector and Newfound Traveler (All Thoughts are My Own)