Not every startup exit is as successful for its founders as it may appear. For one, an IPO is a pipe dream for most companies. But generally, companies will only go public once they reach $100-150 in annual recurring revenue, and an average of 51% growth year over year. Most cybersecurity companies will not go public, especially because we’ve entered an area of expense management after years of high growth.
Ventureinsecurity.net
With inflation and a lower tolerance for risk setting the bar even higher, the truth is that most cyber startups will be better off figuring out a plan B.
Some founders might hope to be acquired by cybersecurity giant Palo Alto, which has acquired 19 startups so far. But it has specific criteria in mind around location (and culture): it has only acquired those with Israeli founders or that are based in the Bay Area.
Founders, investors, and employees will very rarely see a life-changing payout. The data on how much money changed hands in an acquisition is limited - for instance, in 2023, there were 259 acquisitions in cybersecurity, 226 of which were for an undisclosed amount. In most cases, we can assume this is because the price was so low that the founders and investors rather it be kept confidential. In a worst-case scenario, investors will receive barely anything back on their investment, while founders and employees will miss out completely.
Other factors that can influence how much the people involved make include whether VCs have liquidation preferences, and so can receive a multiple of their original investment; whether the company was acquired in exchange for cash, stock in the other company, or both; and the amount of capital the startup originally raised.
Another point to consider is that according to the Harvard Business Review, between 70% and 90% of acquisitions fail in practice, often because the product doesn’t integrate as well as expected, there’s a poor cultural fit or because of external factors outside of the businesses’ control.
