2018 saw a spate of major cyber attacks, including the hacks of British Airways, Facebook and Marriott, and according to a 2018 survey by the Association of Corporate Counsel’s Chief Legal Officers, data breaches moved to number 2 on the list of worries for GCs. Fear of a cyberattack is on the rise, considered imminent at best, real at worst.
“We predict a rise in cyber incident associated litigation - whether by compensation claims for loss of personal data (GDPR), straight breach of duty of care claims or breach of fiduciary duty claims,” points out Simon Shooter, Commercial partner at Bird & Bird, adding “I expect continuous addition and enhancement to cyber specific regulation. From the lawyers’ perspective, this points to regulatory compliance programmes and then defence work related to compliance actions.”
Odia Kagan, Chair of GDPR Compliance and International Privacy at Fox Rothschild LLP, agrees regulation is key. “Data protection has become a key business point, differentiator or Achilles heel. With the sweeping EU data protection legislation, the EU General Data Protection Regulation (GDPR), the upcoming privacy law in California, the California Consumer Privacy Act (CCPA) and other data protection regulation – companies need to heed the words of the regulators and pay attention to enforcement actions. Data protection regulation (GDPR, CCPA and others) poses regulatory challenges for companies that handle personal data of individuals. Google in its recent filing with the US Securities and Exchange Commission specifically mentioned changes in data privacy regulation as something that could affect its business.”
Funding passes USD 1 billion With more and more companies being set up to tackle these threats to privacy and security, more and more countries are turning to Israel for insight, and tapping into the opportunities available for investment.
“We are seeing a stable and continuing VC investment in cyber security,” said Dr. Adi GIllat, one of the co-founders of HF & Co., where she leads the IP, IT and Tech-Transactions practice. In 2018, total funding for Israel cybersecurity companies (across all stages) grew 22% to over USD 1 billion, with 66 new companies created, 10% up on 2017, with average seed round investment up to USD 3.6 million, from USD 3.3 million, a rise for the 5th straight year.
Israel is the second largest exporter of cyber products and services after the U.S. According to a recent report by Start-Up Nation Central (SNC) a Tel Aviv-based non-profit organization managing a database of Israeli tech companies, Israeli cybersecurity firms bagged a fifth of all venture capital investments in the domain in 2018, and only U.S. firms topped Israeli firms in terms of overall cybersecurity investments.
Of the 33 seed rounds raised in 2018, 20 (61 percent) went to companies in emerging fields. In 2018, the emerging fields among start-ups in Israel comprised new verticals within IoT security, security for blockchain and cryptocurrencies, cloud-native security and SDP (“Software Defined Perimeter”). These fields attracted more interest than “traditional” cyber sectors such as network security, email security and endpoint protection. Of all the emerging sectors, IoT drew the most investment with funding reaching USD 229.5 million across all stages, increasingly attractive as it continues to branch out into various new sub-domains including automotive, drones and medical devices.
And while one challenge Israel faces, like the rest of the world, is the skill gap, Israel continues to punch far above its weight. The reasons may be well known but the combined effect is magnetic. Israel combines an innovative, can-do, entrepreneurial spirit with a strong engineering knowledge, boosted by after school programs set up by the country’s Education Ministry as well as cutting-edge technical training in the IDF - with many start-ups founded by elite units, such as the 8200 unit, among others.
There has been generous support by the Israeli government for public and private endeavors in this area and more of a collective approach. In the U.S., issues of cyber security are addressed by one body, the National Security Agency (NSA), Israel has both public bodies and private companies that are encouraged to cooperate – especially critical as the interconnectedness of online systems and the role of mobile devices make every business a target. Furthermore, there are initiatives with Europe and the U.S. In the UK, the British Embassy’s UK Israel Tech Hub, a public private initiative founded in 2011, promotes innovative partnerships and has been running TeXchange programs since 2013 and is focusing on opening up the UK market to Israeli smart-city oriented solutions for energy, telecoms and transportation. At the 2017 Cyber Week conference, a US-Israeli bilateral cyber working group was announced by Thomas Bossert, Assistant to the President for Homeland Security and Counterterrorism in the United States.
A spate of cross-border deals and government initiatives show that this has not gone unnoticed abroad.
“We are also experiencing a stable flow of cross border acquisitions of Israeli cyber security start-ups, also in very early stages,” said H-F & Co.’s Gillat. This January, Amazon Web Services (“AWS”), the world’s biggest cloud computing platform for individuals, enterprises, and governments, bought six-year-old Israeli cybersecurity firm CloudEndure, a provider of cloud-based disaster recovery services, after buying Israeli-founded chipmaker Annapurna Labs for USD 370 million in 2015. In late 2018, buyout firm, Thomas Bravo agreed to pay USD 2.1 billion for Imperva, founded by Israeli Shlomo Kramer in 2002, while Singapore-based investment company, Temasek acquired Israeli cybersecurity consulting start-up, Sygnia, founded in 2015, for a fee believed to be around USD 250 million.
This pattern follows key deals in 2017, such as Symantec’s acquisition of SkyCure and Fireglass for USD 280 million and USD 250 million respectively; Microsoft’s purchase of start-up Hexadite, which uses AI to identify and protect against attacks, for a rumored USD 100 million; Palo Alto Networks’ USD 105 million acquisition of private cybersecurity company, LightCyber; and Germany’s Continental’s purchase of Argus Cyber Security by for over USD 400 million – these last two deals involving H-F & Co., with the Argus acquisition was one of the largest deals in the cyber security sector in recent years, notable for its size but also for the shown by the global automotive industry in the Israeli high-tech sector.
With such a variety of companies operating in the cyber space, “law firms who can see that an effective cyber support is more than IT and who adopt a multidisciplinary approach will serve their clients better,” adds Shooter of Bird & Bird.