1. Analysis
February 22, 2022updated 21 Feb 2022 5:05pm

Beyond Identity bags $100m in cybersecurity boom

Beyond Identity has secured a $100m Series C funding round, continuing cybersecurity startup's pandemic-induced victory lap.

By Eric Johansson

Beyond Identity has secured a $100m Series C funding round, but it’s not the only cybersecurity startup raising money at the moment; a wave of digital defence providers have been securing record cash injections during the pandemic.

Beyond Identity’s new raise sees the grand total invested into the company jump to $205m. Evolution Equity Partners led the round, following the closure of the venture capital firm’s second $400m cybersecurity fund in October 2021. It has previously invested in fraud detection startup Quantexa and digital asset protection company Unbound Security. New Enterprise Associates, Potentum Partners, Expanding Capital and HBAM also participated in the round.

US-based Beyond Identity will use the cash injection to fund research capabilities and expand into Asia Pacific and Latin America.

Beyond Identity is part of a growing group of identity and access management developers. This group includes companies like ForgeRock and OneLogin as well as tech giants such as Oracle, Salesforce and IBM who provide their own solutions. The identity and access management market will be worth $24.76bn by 2026, according to Fortune Business Insights.

Despite the growing competition in the market, CEO Thomas “TJ” Jermoluk believes Beyond Identity stands out from the crowd. He co-founded the startup with Jim Clark, the founder of web browser company Netscape, in 2020. They founded Beyond Identity on the belief that the growing number of cyber attacks in the world was due to companies’ dependence on passwords.

They had a point: the highly publicised SolarWinds and Colonial Pipeline hacks both started with a single compromised password.

The Beyond Identity CEO believes “[password] managers, phishable MFA, and outdated VPN technologies are not the answer, and will not close the wide-open door that criminals waltz through every day.”

To him, the solution is to eliminate this vulnerability altogether. In other words: Beyond Identity wants to get rid of passwords.

“As an industry, we are coming dangerously close to being complicit in cybercrime,” said Jermoluk. “Truckloads of VC and PE money for legacy authentication technology will not protect companies. By throwing money at security “controls” that criminals consistently evade, in an attempt to inexplicably protect and preserve the gaping hole that is passwords, is not only funding failure, it’s knowingly failing companies and customers.”

Instead of passwords, Beyond Identity relies on multi-factor authentication (MFA). In short, what MFA a la Beyond Identity means is that a user logs into a secure device using a local biometric solution or a PIN. Once logged in, the user is then free to go about their business on the device.

That way, the user has already proven that they are who they say they are in two steps: they have the authorised that the device is in their possession and they know the right PIN or have the right biometric identifier.

The rest is done with a combination of asymmetric cryptography keys and recurring checks to see if the device is still secure enough to meet the organisation’s requirements.

Cybersecurity funding skyrocketed during Covid-19

Beyond Identity is not the only cybersecurity company to have raised a big capital round of late. While digital defence ventures have always been able to pick up hefty funding rounds on the back of big hacks, the last two years have seen interest in this sector skyrocket.

The number of financing, M&A and public float deals reached a fever pitch at the height of the pandemic. The figures speak for themselves.

Back in 2017, GlobalData recorded 641 deals worth $103.29bn in total. Jump forward to 2021 and the number of deals had jumped to 1,383 deals worth $220.93bn in total.

During the same period, the number of patents filed in the cybersecurity industry rose too. The number of patent publications jumped from 75,746 in 2017 to 124,811 in 2021, according to GlobalData.

Several high-profile cybersecurity companies have also gone public in the past two years. These include the likes of SentinelOne and Darktrace.

Several cybersecurity companies – such as Israeli Snyk – are rumoured to follow suit in 2022.

The growing interest in this space is linked with the pandemic. The SARS-CoV-2 crisis meant more people had to work from home, beyond the safe networks of their offices. This created new vulnerabilities for cyber criminals to exploit.

Ransomware gangs also took the opportunity to attack essential institutions such as hospitals, knowing that they would be pressured to pay the ransom to regain access to their IT infrastructure.

There has been no shortage of high-profile breaches even as the pandemic started to come under control. The hacks against software developer SolarWinds, meat processing company JBS and software company Kaseya crippled tens of thousands of businesses in 2020 and 2021.

These attacks have also raised awareness about the risks of weak digital defences. Research from the Pearson Institute and The Associated Press-NORC Center for Public Affairs Research shows that about nine in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities.

By October last year, The Identity Theft Research Center reported that the number of data breaches had already surpassed the total number in 2020 – also a record year – by 17%.

“Companies and individuals have faced high-profile ransomware attacks during the pandemic, there’s also been an increase in attacks such as log4j, which has drawn cybersecurity into international conversation, and reinforced security as a board-level topic,” Jesper Frederiksen, VP and general manager EMEA at cybersecurity company Lacework, tells Verdict.

However, several of the underlying factors behind the surging interest in the sector were in place long before rumours of a virus came out of Wuhan in late 2019. These include a growing reliance on the cloud, the growing use of smart devices connected via the internet of things and the looming threat of quantum computers able to break through modern encryption in milliseconds.

“There is a great deal of futureproofing going on at present, with a growing realisation that new solutions are needed to secure the computers of the future,” Amelia Armour, partner at Amadeus Capital Partners, tells Verdict.

“Quantum computers will soon become more commonly used across many industries, opening companies up to completely new threats. More and more institutions are becoming aware of this and are looking for startups that are developing solutions which can help businesses stay ahead of the curve when it comes to the management of cybersecurity solutions.”

Several market stakeholders Verdict has spoken with believe cybersecurity investments are expected to continue to grow into the next year.

“The initial cybersecurity scramble caused by the pandemic is now a thing of the past, and businesses and employees everywhere have successfully adapted to the changes it brought,” says Anthony Di Bello, VP of strategic development at information management firm OpenText, tells Verdict. “However, in 2022, we face a new problem: remaining secure while hybrid working becomes increasingly more prevalent in our professional lives.”