Commercialization can Unlock the Value of California’s Cybersecurity IP
May 23, 2019 | 5 min readThe global cybersecurity market continues to grow and evolve at a breakneck pace. Perhaps the most significant trend has been the growing role of technology in cyber solutions. While cyber has always been a technology-centric market, legacy solutions also relied heavily on services to address dynamic threats across complex IT infrastructure. However, the proliferation of new, asymmetric threats and the emergence of powerful AI tools have led to the development of pure-play technology solutions.
Applications like OT Cyber, continuous monitoring, and cyber countermeasures are leading this transformation, enabling activities once considered prohibitively complex or resource intensive. These solutions have driven down costs, enabled new business models, and created a vibrant ecosystem of technology.
Despite the upside potential of these new technologies, their near-term impact is limited by an inefficient marketplace that prevents commercialization.
The technology landscape isn’t the only factor driving change in cybersecurity markets. Geographic distribution of cyber innovation is also experiencing tectonic shifts. California, and the Bay Area in particular, still lead the world in IP generation. However, innovation hubs have emerged in cities like Austin and Raleigh. On top of this, companies are increasingly looking outside of innovation hubs in states like Georgia, Colorado, and Oregon to source niche cyber capabilities.
Traditional cyber leaders like California must now compete in an increasingly crowded market to ensure domestic SMEs and research institutions are able to transfer technology into large companies.
The Current Commercialization Landscape
At first glance, macroeconomic data indicate California is still a leader in cyber technology commercialization, despite the challenges posed by a changing technology and geographic landscape. In 2018, California-based companies accounted for 50% of the $4B in cybersecurity VC investments. High-profile exits like Zscaler, Phantom Cyber, and Evident.io further enforced the story of successful technology commercialization. However, a deeper look at the data reveals fundamental challenges that require a proactive and comprehensive response for California to maintain a vibrant start-up ecosystem that is capable of effectively commercializing cybersecurity technology.
Consolidation and Vertical Integration
A key challenge for California is the concentration of IP development and investment around large, established technology companies and a small group of late-stage startups. Of the $2B raised by California cybersecurity “Start-ups” in 2018, 40% went to 3 companies: Tanium ($375M), Anchorfree ($295M), and Crowdstrike ($200M). Beyond that, analysis of IP generation by California companies shows that large companies accounted for 70% of new IP development in 2018. Instead of sourcing new cybersecurity technology from SME’s, large companies are keeping much of their R&D in-house, limiting opportunities for start-ups to leverage corporate partnerships, pilots and licenses to de-risk technology and achieve scale.
Research Institutions
California needs to do more to do more to support IP generation and commercialization at its world-class research institutions. While the impact of California’s national labs and universities extends well beyond IP generation, the fact that California institutions have been patenting cybersecurity technology at declining rates and now trail their peers in Texas and New York is still highly relevant. Lack of IP generation can mean that companies are sponsoring cybersecurity research at lower rates. It can also mean that sponsored research is not translating into technology commercialization either because technology transfer offices don’t see enough market opportunity to justify patenting research or because university technology transfer offices are under-resourced.
At California’s Universities and Federal Labs, commercialization rates for cybersecurity innovations are lower than 10%.
This means that of the ~100 cybersecurity patent families generated by California research institutions in 2018, fewer than 10 made it to market. Licensing officers are expected to support researchers from idea generation through commercialization, often for a portfolio of over 1,000 technologies. As a result, technologies don’t always receive the attention they need for commercialization, and if there is not immediate traction, technologies are put on the back burner. Compounding this challenge is the fact that most of the university commercialization process is labor intensive. Fortunately, new analytics tools are emerging that leverage AI and predictive analytics to automate many elements of IP commercialization; however, there has not yet been widespread adoption across the UC System.
Access to cybersecurity technology is still highly stovepiped. To find cybersecurity innovations across the UC system, a company would have to look through 12 separate technology transfer websites, all with different standards and taxonomies. Accessing technology from private universities and federal labs requires an even broader search, and there is no gateway at all that can serve as a one-stop shop for technologies coming out of startups and SMEs. Subsequently, companies are forced to maintain proprietary technology scouting lists – spending valuable time and resources that could otherwise be spent on actual commercialization.
Improving Commercialization in a Complex Market
While California faces a set of acute challenges in facilitating greater cybersecurity technology commercialization, there are a series of relatively simple options that can deliver outsized results.
Data and Visibility
To make smarter, more effective technology investment decisions, IP generators and large corporations need better data on the cybersecurity IP landscape. The emergence of analytics tools that can turn large messy datasets on IP generation (e.g., new patents, company formation, etc.) into actionable insights presents an opportunity to improve commercialization outcomes.
Universities, labs, and SMEs can leverage these data sources to better understand the cybersecurity requirements of large corporations so they can make market-driven decisions about which technologies to prioritize. Likewise, Large corporations can make better make-buy decisions by leveraging this data to identify all available cyber IP and to quickly evaluate external IP.
Cybersecurity Marketplace
Given the size and diversity of its cybersecurity ecosystem, California has a unique opportunity to build a marketplace that helps to break down the stovepipes that are currently creating headwinds for technology commercialization. A single portal where corporations can connect with IP generators across the UC system, federal labs, and SMEs and evaluate cybersecurity technology would begin to establish the requisite infrastructure to facilitate greater connectivity and partnerships.
Similar initiatives undertaken by federal governments in Australia and Canada have yielded encouraging results. With the predictive analytics technology now available however, California has an opportunity to improve on these passive marketplaces by providing users additional tools that can help IP generators prioritize valuable IP based on market demand and technology strength, and help large corporations cut through the noise to find the RIGHT technologies for their specific requirements.
Alignment of Federal and State Programs
Lastly, California should take advantage of existing Federal and State programs aimed at improving the flow of technology between the private and public sectors. As an early customer, the government can play a valuable role as in de-risking early-stage technologies and helping companies reach the requisite scale to effectively compete in commercial markets. While organizations like SBIR, Defense Innovation Unit, SOFWERX, AFWERX, and Army Futures Command help with this, more can be done to make universities, labs, and SMEs aware of these programs and to coordinate across different programs to optimize impact. Whether this occurs through the aforementioned marketplace or through another pathway, it has the potential to deliver an outsized ROI.
Conclusions
Overall, California has a tremendous opportunity to address the challenges posed by rapidly evolving cybersecurity landscapes. To do so, it must be proactive in supporting innovation and providing the ecosystem with the requisite tools an infrastructure to improve connectivity and foster new partnerships. In doing so, it can develop a framework that is not only relevant for the cybersecurity market, but for its entire innovation economy.