Q1 2024 SaaS Valuation and Investment Trends Report
Stay up to date
Stay up to date
About Arctic Wolf
A Golub Growth partner since 2020, Arctic Wolf is a global leader in security operations, delivering a premier cloud-native security operations platform designed to end cyber risk. Arctic Wolf recently released its 2023 State of Cybersecurity Report, which gives a view into organizations’ current and future concerns and their responses.
Robert
Brian, you have decades of experience leading innovative cybersecurity companies throughout all phases of growth. Tell us a bit about your background.
Brian
I'm currently the Executive Chairman and Founder of Arctic Wolf and I've been doing this 11+ years running. Prior to that I supposedly retired, but that obviously didn't stick. Previously, I was CEO of a company called Blue Coat (once called CacheFlow), and then several networking and security companies before that as well. I've been in this business much longer than I like to even count anymore.
Robert
Over half of the senior IT decision-makers surveyed in Arctic Wolf’s 2023 Cybersecurity Trends Report said their organization suffered a data breach last year. What other big challenges are IT professionals facing this year?
Brian
We were living in a period for so long where capital was very inexpensive, and a lot of projects were getting funded. I think that is changing dramatically.
Speaking to more broad industry trends, the liability issues associated with companies are increasing. The real thing that they're worried about from a breach is the liability that comes along with that: Are they going to get sued by, or challenged by, a government organization? Are they going to get sued by people that are potentially harmed? All those scenarios float in their heads.
I'd like to tell you the risk environment is getting better, but it's not. It continues to degrade and it changes and morphs and evolves, but it's still a very challenging space and I expect cybersecurity is going to be a challenge for a lot of organizations for a long time.
Robert
Arctic Wolf has continued to scale throughout the tech downturn. What makes your business resilient? Has Arctic Wolf adapted its operations in the face of macro challenges?
Brian
There are a couple interrelated things there and we do feel some effect. We’re seeing buying cycles extended with a bit more emphasis on prioritization of spending. For good or bad –good for Arctic Wolf, but bad in general – people still get breached. It doesn't matter whether their business is in a downturn or not. So, the risk profile hasn't changed, and I think that's the core of what causes our business to continue to grow. We see businesses are moving online—it’s not slowing down, and I think that continues to really drive the majority of the growth.
Separately, in terms of security operations, we enable organizations to be more robust and more resilient in that environment, especially in the face of a lack of talent or spending or budget. We're very economical, and in some ways, probably lower risk for an organization than looking for more complete security operations capability.
Robert
In the current purchasing environment, have you seen the competitive set change at all? Have you seen fewer small organizations involved in RFP processes due to funding? Or has that remained the same in the last 12 to 18 months?
Brian
I'd say the purchasing environment for our category of customers is broad-based; sometimes it can be a large enterprise, medium, small. There is some pullback and prioritization, more inspection of the budget and timing associated with it. But, nothing in particular by size or environment with those companies. We're fortunate in that the risks just haven't changed. What little bit of money they have, they're having to prioritize. I think it's clearly having a negative impact on other areas of the business where they're spending—so there's some challenges there, but not in our business.
Robert
With current macro conditions, have you seen more large corporations moving to platforms like Arctic Wolf versus having a whole host of single solutions or point solutions?
Brian
I'd say we saw a little bit of acceleration, but it was already a trend that was underway. I think that when budgets come under pressure, people start looking for ways to not spend capital. We're a pure expense, not a capitalized item, so that's very attractive to a lot of organizations. If you're trying to build your own security operations function, the challenge is that there are a lot of tools that are required, a lot of tooling that you have to put in place, a lot of configuration work – all of which requires a lot of people. Analyzing that data also requires a lot of people, and all of those requirements come at a heavy cost.
If you didn't already have that up and running entering this challenging economic environment, you weren't going to do it. We're gradually seeing some organizations moving away from that. As budgets come up for renewal or they're looking to change out their security information event management system or some other aspect of their core security infrastructure, they're questioning whether they want to buy that versus use a service like Arctic Wolf.
Robert
In that vein, has Arctic Wolf seen an influx of M&A opportunities? Have you seen a lot of point solutions companies begin M&A processes? Have your larger competitors looked at doing additional M&A given funding challenges for smaller cybersecurity companies?
Brian
I'm an angel investor in a lot of companies—and so a lot of those companies, they see a cliff approaching and they're approaching it at a fairly high rate of speed. I would say it started as a trickle at the beginning of the calendar year, and it’s starting to accelerate. The fundraising environment is much tougher. The cost of capital has really gone up dramatically.
Whether you're getting venture or you're getting debt, clearly everybody is subjecting companies to much higher-level scrutiny. That's an opportunity for Arctic Wolf, being that we are a platform and we have the ability to integrate a lot of other technologies into that. We're afforded a lot of opportunities and we've been fairly acquisitive. We've done a half dozen over the last eight months and I expect we'll do several more opportunistic acquisitions. I think it's clearly a buyer's environment if you're on the M&A side of things right now.
Robert
How is the current macro environment impacting buying patterns and fundraising?
Brian
With buying patterns, we're just seeing a little bit of back pressure and more companies trying to understand “is this the priority where we want to spend our money?”
The fundraising environment—for anybody that's passed the early rounds—has gotten way more challenging. I think you're seeing a lot of companies adjust their spending profile to try to extend out their cash to weather this storm. Until the IPO market picks up again, I think that's going to stay.
Without a doubt, the IPO market right now is very challenging and those ripples roll right upstream to other companies. You are seeing seed, Series A, Series B still doing pretty good, but I think the ripple effect will eventually start to affect those early-stage companies as well. So, it’s a lot more impactful to fundraising than it is to buying patterns.
Robert
Any idea when the IPO market might thaw?
Brian
If I had that crystal ball, I'd probably be in a different business. I'm not the person to predict macroeconomic events. Clearly, the current global macroeconomic conditions all create uncertainty.
That said, as we approach the end of this calendar year there are a lot of companies that I think are going to have to go public. They've got too many shareholders; they're going to enter a registration requirement that's going to force them to do something. I think that you'll see a little bit of that pressure. I wouldn't say it's as bad as 2007-2008, but it's got some flavor of that.
Robert
Have recent bank failures shifted the perceived risk of debt for startup founders and investors? How do you think this shift will impact venture debt? Are you seeing any secondary effects?
Brian
From an overall macroeconomic standpoint, it’s obviously not something you'd like to see. Still, I think debt—on the right terms—is extremely attractive and I think it will remain so for companies. That said, I think the suppliers of debt may get a little more cautious in this market. When the cost of capital is very low, it's much easier to provide funding. As it gets more challenging, we all end up being a bit more discerning. I think that companies either raising capital or debt are going to find themselves subjected to more scrutiny.
So far, we haven’t seen many secondary effects of the SVB failure. Operationally, our biggest challenge is that we used SVB for bill collection and small payments and the like. We had a little bit of debt from them, but we obviously had to move away from them in the midst of what was going on. We would not move back, at least not at this point in time.
Robert
What’s next for Arctic Wolf? We’d love to hear what the plan is for the next 12, 18, 24 months for the business.
Brian
At Arctic Wolf, we're looking to enrich the capabilities within the security operations market, and its various submarkets—MDR (Managed Detection and Response), EDR (Endpoint Detection and Response), IAM (Identity and Access Management). We think it's still a very lightly tapped market and there's a lot of room for growth.
For us specifically, we've been expanding into a few countries in Europe, and we've started expanding into Asia. We’re really at the beginning of our international expansion and we continue to see growth upmarket. Otherwise, it's more of the same: adding more capability, getting better at detecting failures of infrastructure and when people have been breached and being able to remediate it quickly. We continue to invest in those areas.
The big wild card is the new technologies related to machine learning and how they could potentially create risk from a privacy or a breach standpoint. Or they could enhance how well we perform. We have historically invested a lot in ML/AI-type capabilities, and I think we'll increase that amount of our R&D budget because there's so much value to be had there. On the other side, we're having to invest a lot more in detection capabilities for tools that can be used to attack organizations. I guess you could call it a win-win for Arctic Wolf but call it a win-lose for our industry overall, because those tools are enablers for hackers just as much as they are for companies trying to defend against attacks.
Robert
Is there anything related to the business that keeps you up at night?
Brian
Not in particular. I'd like to see the IPO market come back, but I don't know if that keeps me up at night. I can't control that event, but that's probably about it.
Quick Questions
Robert: What do you love about your job?
Brian: I love the people and the mission. Helping people keep their organization safe is really rewarding for me and I think the overall organization feels the same.
Robert: If you weren’t doing this, what would you be doing?
Brian: Probably starting another company. I'm a glutton for punishment.
Robert: What’s the best career advice you’ve received?
Brian: I'd say this advice is more for people that want to be entrepreneurs: be willing to fail. You're going to get advice from everybody—your bankers, your team, your partners, your board and everyone else—but if you are really worth your salt, you'll listen to those things, but in the end you'll make your own decision. And even if it's against what everybody else is telling you, it might cause you to think about it a little harder but be willing to fail. Every time that I've let myself get talked into something that I didn't really want to do, I regretted it. And so that advice was given to me early on.
A simpler way of putting that…we were having to contemplate a change in strategy at a previous company and it was option A, B, or C. It was clear the management team wanted A, the venture guys wanted B, and nobody wanted C, so that was off the table. We left the meeting, and the venture capitalist sat down and he says, "Well, if you choose A, you're going to get fired." And I'm taken aback by that and I pause, and then he says, "But if you choose option B and it doesn't work out, you're going to get fired anyway." A more succinct way of saying it: be willing to fail.
Robert: What’s your advice for future SaaS leaders?
Brian: My advice for SaaS leaders is probably no different than anybody that's starting a business. Be paranoid, keep up with what's going on, try to anticipate inflections of the business and how it might change. And I think with some of the machine learning models and other things, we're reaching a really dramatic inflection point that everybody needs to be rethinking the way they're looking at business and what it might do, both positively and negatively.
Any views, thoughts, and opinions expressed by Brian NeSmith herein are solely that of Brian NeSmith and do not reflect the views, opinions, policies, or position of Golub Growth. Golub Growth is not responsible for the information or views communicated by representatives of other companies. This material is not indicative of the past or future performance of any Golub Growth product and should not be considered as investment advice or a recommendation by Golub Growth of any particular security, strategy or investment product. Golub Growth has distributed this material for informational purposes only.