We are thrilled to welcome BMW i Ventures as an investor and wanted to share the commentary on the investment from their blog with our readers.
Michael Dell said "Ideas are commodity. Execution of them is not." A great example of alignment of both ideas and execution is Claroty with its innovative industrial cybersecurity platform, go-to market partnership strategy and unique team of industrial automation and cybersecurity experts. BWW i Ventures invests in cutting-edge companies that are important to the automotive and industrial sectors, and we are excited to announce our investment in Claroty (https://www.claroty.com/) – a company securing the world’s most critical industrial networks.
Operational Technology, or OT, describes hardware and software (i.e. programmable logic controllers (PLC) and industrial automation systems) that detects or causes a change through the direct monitoring and/or control of physical devices, processes and events in the manufacturing and other operational processes. This infrastructure is also known as Industrial Control Systems (ICS) and the terms OT and ICS are used synonymously.
Fifty years ago, computer security meant to physically protect computing devices. Ever since Bob Thomas programmed the first computer worm as a proof-of-concept in 1971, threats do not merely exist in the physical realm, but in the digital world as well. With the IT revolution, both the means of attack as well as the need for new defenses have changed dramatically. In the OT realm, the recognition of cyber-risk developed more slowly; cybersecurity protection was often viewed as unnecessary because most OT networks were not connected to the business network, the internet or other outside networks. But this too changed dramatically as industrial operators embraced automation and connectivity to increase efficiency and production.
Technological trends like smart factories, robotics, and automation or Industrial Internet of Things (IIOT) rely on connectivity to and from the manufacturing site. Data acquisition and control allow for new efficiency milestones and insights, but also increase the number of attack vectors into industrial systems. Therefore, while the industrial internet of things (IIOT) offers many advantages, it also opens OT networks to external connections and exposing them to new types of risk.
The growing threat of advanced cyber-attacks on critical infrastructure and industrial control systems presents a unique challenge for organizations. According to a survey by Russian security giant, Kaspersky Lab, 28% of industrial companies surveyed have faced targeted attacks in the last 12 months. Additionally, around 48% of companies in the industrial sector stated that there's insufficient insight into the threats specifically faced by their business. As a result of the heightened awareness of cybersecurity threats and potential, revenue and customer impacting damages, OT-security budgets are growing.
The estimated current market size of Industrial Control System (ICS) security market is still small with $450M (BMW i Ventures estimation), but rapidly growing with 55% CAGR until 2022, reaching $2.5B in 2022.
Due to the sensitive nature of operational technology, sales cycles are typically 6-18 months with small initial average order values between $200-500K. These initial sales often grow into multimillion-dollar accounts as large customers make additional purchases. Once the initial contract is won, and positive results are confirmed, there are many upsell opportunities (e.g. other production plants), additional related products, maintenance and other implementation and managed services and the churn rates are very low. The average order value will also grow over time due to increasing customer demand.
In the last decade, several companies specializing in securing operational assets have been founded. It’s an irreversible trend. The level of awareness for OT security is increasing and will continue to increase further as additional attacks happen and the damage impacts revenue for a range of manufacturing companies and other critical services such as electricity and water.
We’ve now seen one recent acquisition of an OT cybersecurity provider by an IT security firm and believe this trend will continue. As the market matures, and awareness and spending within the sector continue to increase rapidly, we expect to see more OT vendors and IT security firms acquiring the OT security leaders.
IT Security vs. OT Security
There are different paradigms in IT security and securing industrial control systems: While the top priority in IT security is to protect the network and data, OT security vendors must ensure secure operations with no impact on the running operations. Unlike enterprise networks, industrial control systems often run for decades. It is not possible to take a traditional IT security product and use it to secure operational assets. Another challenge is to handle the complexity of very heterogeneous networks. A production site usually includes multiple automation vendors who all use proprietary communication protocols to monitor and control physical processes. The landscape typically differs in each industry vertical. Deep understanding of all processes as well as the communication protocols of sometimes twenty to thirty-year-old technology is required to succeed in this environment.
Most of the time the OT systems have a life-cycle of fifteen to twenty years and fixed structures make them inflexible and difficult to change. Since everything is operationally critical, system integrators often play a major role. While the ICS cybersecurity market is somewhat immature, the specialized products are maturing rapidly, and we believe that the company with the most active installations will learn quicker than the others.
Our Claroty Investment
Our investment in Claroty is a logical consequence of the fast-growing under-served market, its relevance to the automotive industry in general, and the market position Claroty has already established. Claroty emerged, in the past two years, as the distinct champion addressing the challenges of the OT security market in an unrivaled manner and with unprecedented market success. While the market is relatively young, Claroty has secured significant contracts and gained the trust of large multi-nationals in multiple vertical market segments from manufacturing to oil and gas, electric utilities, mining, pharmaceuticals water and more.
With headquarters in New York, and offices in Israel, Europe, and Asia, Claroty was founded in 2014 by CEO Amir Zilberstein, Chief Business Development Officer Galina Antova, and CTO Benny Porat. Amir has assembled an unmatched interdisciplinary team of security researchers with knowledge gained from both industrial careers and work within Unit 8200, an elite cybersecurity unit of the Israeli Defense Forces. Claroty emerged from Team8, Israel’s leading cybersecurity think tank and company creation platform, and is led by the kind of radically ambitious management team that we love to back.
Claroty’s growth is also impressive. The company expanded its bookings by more than 300 percent last year as demand for industrial cybersecurity solutions increased, and this followed a prior year of triple-digit growth. Based on this, Claroty can claim much of the credit for how quickly cybersecurity in OT networks has become established in production sites of the world’s largest and most influential companies.
For any of our investment decisions, but particularly in industrial sectors, a company’s partnerships are very important. Industrial customers are both cautious and cost sensitive and looking for a good cost-benefit (risk) ratio. They are looking for suppliers that have been tested, validated and approved by the major industrial automation vendors. Customers are also more inclined to buy a solution package from companies bundling security into network infrastructure such as switches, or from companies that can bundle security capabilities with productivity features such as asset management.
Given the challenges we have highlighted above, we believe an excellent partner network, deep knowledge in industrial automation and cybersecurity including broad coverage of ICS communication protocols, and the ability to execute are essential for a winner in this market. Sales cycles are rather long, but it’s a land-grab with high customer retention and upselling potential once an account is won. We are convinced the OT security market will grow rapidly over the two next years and Claroty is well positioned to address the challenges in this market. We are looking forward to working with the company to secure the safety and reliability of industrial control networks that run the world.