There’s no doubt that 2021 has seen record-setting attacks, including last week’s announcement about an Atlassian Confluence vulnerability being exploited in the wild. Driven in part by the geopolitical climate, cyberattacks against U.S. federal, state, and local governments are growing in frequency, sophistication, and boldness. Between high-profile attacks such as the SolarWinds and Kaseya breaches and a shift to cloud computing that has rendered traditional perimeter security obsolete, government agencies are facing an increasingly urgent need to prioritize security.
With a $200 billion annual spend for public-sector IT solutions, of which about $120 billion is federal, the U.S. government is the largest market in the world. It’s also a critical path for cybersecurity startups looking to transition into the next phase of growth. While startups serve as a fertile ground for much-needed innovation in cybersecurity, navigating the federal market is incredibly complex for any emerging company, and doubly so for those based outside the U.S. Even knowing when the right time to actively engage these markets can be difficult, and getting it wrong can cost startups, both in terms of direct spend for unnecessary outlays and the potential for missed opportunities.
For starters, a company must invest in certain compliance regimes in order to even sell into federal. For SaaS companies, one particular challenge is FedRAMP authorization, which, depending on your approach, can cost as much as $2 million and take as long as two years to complete. The good news is there are faster, more efficient approaches, but understanding them and having a trusted voice to turn to throughout the process is key. But even beyond compliance, federal sales are expensive and time-consuming; it can easily take 18 months to see revenue coming out of the federal market. That’s why having someone there to advise and help you on that journey is so important.
Given that opportunity, most companies eventually reach a point where they realize the need for a strategy for tackling the government market. But that point often comes a bit later than it should, when their competitors are already in the market and they have a lot of ground to make up. That was one of the drivers behind creating Merlin Ventures – to find companies that were strong fits for government and help guide and prepare them to enter the market at the best time for them.
So which companies are we looking to invest in? Merlin Ventures looks for visionary companies on the cybersecurity frontier that address the nation’s most critical cybersecurity challenges. Technologies especially essential for the security and resiliency of the country – and most sought after – include those addressing supply chain security, cloud security, Zero Trust, identity and multi-factor authentication – as well as those that align with the recent Executive Order.
Given the size of federal agencies, our ideal candidates have the ability to scale to large enterprises, but we also recognize that not every Series A startup is ready to conquer organizations with hundreds of thousands of employees on Day 1. What we’re looking for is the desire to get there, along with the expertise to make it happen so that they can tackle the problems of the largest, most complex enterprises in the world
Every investment in our portfolio benefits from our expertise within the public sector markets and enjoys critical engineering, go-to-market, sales, and support services from Merlin’s team. By investing in companies at the Seed to Series B stage before they are ready to take on the federal market, we can provide guidance that will help them achieve commercial traction and ultimately propel them into the U.S. public-sector market faster.
A success story for us is to strategically invest in promising startups at the Seed or Series A level before they are necessarily ready to focus on federal. We want our companies to be as successful as possible, and a big part of that is knowing when is the right time to pursue government markets. Go too early and you risk distracting from the faster sales cycle of commercial. Wait too long and you risk letting competitors become entrenched in this very lucrative market.
While Merlin Ventures’ greatest strength lies in our government knowledge, we work with our companies to help them succeed wherever we can. Sometimes that means introductions to commercial advisors and partners. Sometimes that means working with them on their commercial marketing strategies. And when they are ready, we work with them on their federal strategy to help them accelerate into that market as quickly as possible. Initially, that means working with you on your government go-to-market strategies, staffing, and certification timelines. But as those take hold and you start to build up a sales pipeline, that also includes working with our Merlin Cyber sales team to come up with pricing and procurement strategies, get you onto the right federal contracts, and help you close your sales.
Like any investor, Merlin Ventures’ ultimate goal is to see our companies be wildly successful with strong outcomes for all involved. But where we differ is our ability to leverage a toolbox we’ve built over 25 years of bringing some of the world’s most successful cybersecurity companies into government. Will yours be next?