World’s First Cybersecurity Special Purpose Acquisition Company (SPAC) to Build a New Cybersecurity Platform
Cybersecurity-focused venture capital firm Strategic Cyber Ventures (SCV) has announced the initial public offering (IPO) of SCVX — the world’s first cybersecurity-focused Special Purpose Acquisition Company (SPAC).
An SPAC is a financial vehicle designed to raise money for the purpose of acquiring an existing company (or in this case, companies). It is a publicly traded company formed from money raised through an IPO. Shareholders in the SPAC become shareholders in the acquired companies.
The SCVX IPO has been priced at $200 million, and SCVX is now listed on the New York Stock Exchange. Credit-Suisse is the sole book-running manager, and will provide the prospectuses through which the offering is made.
SCVX now has 24 months to find an asset for purchase. When found, the potential purchase is taken to a share-holder vote. If approved, the asset purchase is acquired from the capital raised in the IPO. In theory, an asset could go from start-up with promise to a public company instantly. The first target, however, will be an existing company with proven pedigree that lies somewhere between venture capital investment and going public. It is worth noting, for example, that SCV’s existing portfolio of companies are all too early stage or Series A investments to be considered for purchase by the new SVCX.
The ability of the SPAC’s Board to find a new company or companies and recognize evolving trends is vital to the future of the company — and the SCVX line-up includes a recent director of national intelligence, the current CISO from the Bank of New York, a former Goldman Sachs managing director, and a former chief security scientist from the Bank of America.
SecurityWeek talked to Mike Doniger (SCVX CEO) and Hank Thomas (SCVX CTO) about the direction and purpose of the new SPAC. “Some SPACs,” Doniger explained, “are broad in nature, saying they will buy an industrial company or an energy company. We’ve taken a different approach, with the targeted purpose of buying a cybersecurity firm.”
The purpose goes beyond this. The team sees a problem in the cybersecurity market which it hopes to help solve. The market is fractured, with new startups with new ideas every week. There are too many niche vendors that address one or two threat vectors without scaling across all the threat vectors that need to be addressed; and the result is that larger enterprises can use up to a hundred different security products to defend their networks and data. This causes multiple problems: potential gaps between products; overlapping, costly and redundant security in some areas; and unnecessary cost in money and time to make best use of so many different products.
The business plan for many of the startups is simply to be acquired by existing large companies with existing security platforms. This helps control the overall spread of security vendors, but is not very efficient. New technology must be bolted on, or integrated into, older technology — and it is not always an easy fit. The need, suggests Doniger and Thomas, is for a new platform to absorb new ideas and cover a wider area of cybersecurity to reduce enterprise reliance on too many point products. Finding the new platform is the first task.
“We’ve got to the point where the current marketplace is madness,” commented Thomas. “Some sort of consolidation is going to occur. I see our SPAC as a vehicle to build a revolutionary platform for the cybersecurity industry. In the not-too-distant future I see the number of vendors in the CISO landscape going from 75 to 100 down to 25 to 30 with a couple of major platforms — one of which we intend to build through the SVCX SPAC vehicle. The timeline is this. First, we find our initial business combination, which is a platform security company already based on next-generation technologies that will allow it to be cloud native. Then, we inject it with the capital it needs to innovate and make additional acquisitions down the line. The new acquisitions will complement the core technology of the cornerstone platform we’ve chosen.”
“We are targeting companies that have achieved critical mass in the cybersecurity industry globally, with enterprise valuations in the range of $600 million to $1.5 billion,” Thomas commented in a LinkedIn post.
The theory is relatively simple. The best security solution is not to bolt new technology on to old, but to build a new integrated platform entirely using new technology. The SPAC will first find and acquire the cornerstone technology, and then that company will expand its offerings through the acquisition of new, small and innovative products.
The SCVX SPAC is a vehicle for bringing new finance to the marketplace so that a new solution can be found and developed. It would be impossible for a single platform to solve all security needs — identity and access management is entirely different to endpoint security. Nevertheless, said Thomas, if you consider a CISO might have a hundred parts to his security requirements, “we would like to build a cornerstone platform that starts out with managing 25% of the average CISO’s attackable surface, and then build on it from there.”
*Updated with additional comment from SCV’s Thomas