Europe Envies America’s Cybersecurity Industry. What Can We Learn from It?

Europe’s cyber industry has huge potential. Copying what’s worked in the US is a route to realising that promise.

By Carlos Moreira Silva and Carlos Alberto Silva, Managing Partners at 33N Ventures

America’s cybersecurity industry is far and away the world’s best. It’s hard to argue with the fact that of the 20 largest cybersecurity firms by market capitalisation, 15 are from America.

Europe’s cyber industry has a long way to catch up. It is home to just one of the top 20 largest cybersecurity firms. Czech-founded antivirus provider Avast was founded nearly three decades ago. If Europe wants to match America’s successes, it must learn from them.

Learning from the best

A recent European Commission report picked up on the lag between the US and Europe, arguing that the region’s cyber startups “tend to underperform against their international peers”, are “fewer in number”, and “generally raise less funding”.

There are reasons to be optimistic about the future for Europe, though. As the publication of the report attests, there is now political will to improve the situation. Europe’s politicians have woken up to the fact that strategic autonomy in cybersecurity is in the supranational interest, just as they have done with semiconductors.

The US has some obvious advantages. It is the world’s largest economy, home to Silicon Valley, Wall Street, and the world’s largest healthcare industry – all are significant buyers of cyber products and services and represent a lucrative domestic market to sell into.

America’s cyber policymaking is also highly centralised. The National Security Agency (NSA) – the US intelligence service – sets standards and best practices that are followed across state lines and international borders. This is a major advantage for globally expanding companies.

Close proximity to the government benefits America’s cyber industry in other ways. It is at once a deep-pocketed customer, a source of world-class talent (which moves fluidly between the private and public sectors), and it is a co-collaborator on innovative R&D projects.

These factors have all played a role in building America’s cyber industry, they are not impossible to replicate in Europe. The EU is the world’s third-largest economy and it is hardly bereft of corporate giants who are willing to spend big on keeping their data secure.

Europe lacks a powerful centralised security service, such as the NSA, but has its own unique strengths. The EU already enforces the world’s tightest data protection and privacy laws and intends to double down on the issue in years to come. This should be a boon to cybersecurity companies which essentially sell the protection of digital assets.

Where Europe falls behind Americ

Economics and institutional support alone do not account for the gap between Europe and the US. Instead, look to the size and shape of the venture capital industry.

US venture capital far outstrips Europe in a few areas. The first is its scale. As illustrated by the European Commission’s recent report, there is significantly more capital available in the US than in Europe across every stage of investment. The figures speak for themselves: in 2021 European cybersecurity firms raised €814m from venture capital firms, whereas US cybersecurity companies raised more than €15bn over the same period.

The US is also home to a greater number of investors that specialise in cybersecurity. US venture firms like Accel and Greylock Partners have highly-specialised teams who have backed many of the world’s largest cyber companies.

Importantly, top-tier US VCs can and will back companies from seed stage up to Series D, E and beyond. The specialist funds in Europe tend to be smaller, local operations that only have the capacity to back seed-stage firms with smaller cheques.

The result is that many European cybersecurity scaleups have to choose between larger generalist European investors, that may have the cash but lack the focus, or larger US specialist cyber investors that do not have deep knowledge of the European market.

Europe’s cyber industry should seize the moment

None of this is unsurmountable. Europe’s politicians have recognised that there is a problem and an opportunity to fix it. With the publication of the European Commission’s recent report, the groundwork has been laid.

Europe has all the attributes for it to become a serious player in the cybersecurity market, it just needs a thriving venture capital ecosystem that can act as a catalyst. Now is the time to turn words into action.

About the Author

33N Co-Founders and Managing Partners Carlos Alberto Silva and Carlos Moreira da Silva have made more than 20 investments in cybersecurity and infrastructure software over the past 10 years, across Europe, Israel and the US – including most notably Arctic Wolf, the cybersecurity unicorn founded in 2012 by former Blue Coat Systems CEO Brian NeSmith. They have also completed several exits, including one to Thales and one to Qualcomm, both in 2022. Carlos and Carlos also have extensive operational experience in the sector, having grown one the largest independent European cybersecurity services groups – encompassing S21sec and Excellium – from 2014 onwards.

Carlos and Carlos can be reached online at ([email protected]

https://www.linkedin.com/company/33nventures/ , etc..) and at our company website https://33n.vc/