The Expert's View with Michael Novinson

Application Security , Governance & Risk Management , IT Risk Management

Which Cyber Vendor Will Be First Off the IPO Starting Block?

Cato Networks, Rubrik, Snyk Are Interested in Going Public, But Have No Firm Plans
Which Cyber Vendor Will Be First Off the IPO Starting Block?
Shlomo Kremer, co-founder and CEO, Cato Networks (Image: Cato Networks)

A number of cybersecurity startups wish to take an initial public offering for a test drive, but nobody wants to be the crash test dummy.

See Also: Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

The cybersecurity IPO car has been parked in the lot since ForgeRock went public in September 2021, and nobody has any idea how well it'll handle following a hard economic reset that made profitability more important than growth and performance more important than potential. Due to this dramatic shift in investor preferences, lots of cybersecurity startups want to go public, but nobody wants to go first.

Rubrik dipped its toe in the IPO waters last spring, and Reuters reported the high-flying data protection vendor is working with Goldman Sachs, Barclays and Citigroup in preparation for an initial public offering that could take place this year if the market becomes more welcoming. After pushing its plans back, The Information said in January that Rubrik has scheduled additional meetings with potential IPO investors (see: Why Rubrik Is Looking to Break Cybersecurity's IPO Dry Spell).

Now, another company is considering testing its luck in the public market. Tel Aviv-based Cato Networks hired Goldman Sachs, JPMorgan Chase and Barclays to prepare for an initial public offering in New York that could come by 2025, Reuters reported Tuesday. The late-stage SASE startup wants to raise more than $500 million and could go public late this year if equity capital markets rebound, Reuters reported.

Cato Networks declined an Information Security Media Group request for comment. The Reuters story aligns with The Information's January report that Cato planned to hire bankers by March for an IPO. The company in September received a $238 million investment from LightSpeed Venture Partners at a $3 billion valuation to facilitate access to cloud apps and safeguard sensitive data in motion and at rest (see: Cato Networks Raises $238M on $3B Valuation to Move Upmarket).

The company's valuation was up 20% from $2.5 billion in October 2021 despite a significantly worse macroeconomic climate. Cato Networks is founded and led by Shlomo Kremer, who previously started and helped take public application, API and data security vendor Imperva as well as network security provider Check Point. Cato wants to better address the feature and capabilities needs of big enterprises.

What Other Cybersecurity Vendors Might Pursue an IPO?

Rubrik and Cato Networks aren't the only security startups eyeing the public markets. The Information reported in January that Snyk was drafting its IPO investor prospectus and could file it confidentially with regulators in the next few months. The company is more likely to go public in 2025 than 2024 due in part to a bigger-than-expected slowdown in sales growth, which was between 45% and 50%.

The Boston-based application security vendor in 2022 lost $266 million on sales of just $247 million, according to public filings in the U.K. The company narrowed its losses in 2023, but The Information wasn't able to determine by exactly how much. A Snyk spokesperson declined to comment on the report by The Information.

Snyk in December 2022 completed a $196.5 million Series G funding round at a $7.4 billion valuation to expand its developer security platform through organic investments and acquisitions. That's down $1.1 billion from the $8.5 billion valuation Snyk received in September 2021 following a $530 million Series F round. T. Rowe Price in mid-2023 marked down Snyk's valuation to $6.9 billion (see: Snyk Raises $196.5M Weeks After Laying Off 14% of Workforce).

The company has been extremely acquisitive since then, buying Israeli application security posture management startup Helios in January to help enterprise security teams more effectively manage their application security programs. Three months earlier, Snyk bought Portuguese startup Reviewpad to help developers secure pull requests. All told, Snyk has made 10 deals since its founding eight years ago.

At the same time, Snyk has carried out three rounds of layoffs, axing 128 workers - or 11% of its staff - in April 2023 amid projections of challenging market conditions persisting into early 2024. Those cuts came less than six months after Snyk had cut 198 people and less than 10 months after it had axed 30 staffers. Snyk's headcount has fallen 20% since October 2022 to 1,148 staff today, IT-Harvest found.

In contrast, Cato Networks has increased its headcount by more than 40% over the same time frame to 869 employees while Rubrik has grown its staff by nearly one-fourth since October 2022 to 3,588 workers. Despite the feelers, none of these companies is firmly committed to going public this year, next year or at any specific point in the future.

For now, Cato Networks, Rubrik and Snyk are content to sit around the garage along with several other cybersecurity startups, waiting for another company to put its keys into the IPO ignition.



About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.