The use of venture capital to support cybersecurity firms is one of the most divisive topics in the industry.

On the one hand, founders of startups compete with the fury of novelists seeking publishers for the attention of investors. If a company’s technology requires a protracted period of covert development in advance of any client income, it will not be able to expand without investment cash.

There is a distinct difference between investors and security practitioners. This is hardly unexpected, given that venture investors may be seen as making money by taking a chance on technology necessary to safeguard people and companies against threats.

Everyone can agree on one thing, however: the aggregate investment in this market is growing at an incredible rate. Cybersecurity venture capital now accounts for over $21 billion in funding, up from over $9 billion a year earlier, according to Statista.

Investors, entrepreneurs, and practitioners have a similar desire to see their investments pay off in the form of better solutions. Password-free approaches and machine learning to forecast where the next attacks will arise are among the technologies being financed. If these investments are successful, everyone will be better off since the threat of assault is rising on a daily basis

It’s possible, given the current crisis in Ukraine, that nation-state offensive cyber operations may attack businesses and civilian organisations all over the globe — either to target their opponents or just to cause havoc. There will be a need for new commercial security solutions and services to deal with this expanding threat.

Over the last three years, we’ve met with more than 2,000 cybersecurity businesses, many of which have received funding from venture capital firms. According to our research, commercial success in the cybersecurity sector may be attributed to three main elements. But when I tell venture capitalists what I’ve learned, it frequently doesn’t fit the conventional investment formula. When it comes to evaluating potential investments, most venture capital firms are preoccupied with things like total market size, the issue being addressed, and the sorts of rivals that are already in the market. Despite the importance of these concerns, I don’t believe they are the most essential factors in a company’s success.

Three variables that I and my team employ when advising security professionals on whether businesses are worthy of long-term cooperation are summarised below:

Factor 1: Belief system.

Most of the time, when we ask the founding team of a company why they began it, they give us a vague explanation of what they do. If you create a firm “to stop danger X because the world needs to stop threat X,” you won’t be able to connect with clients on an emotional level.

Think about the philosophy of IronNet Cybersecurity co-founder General Keith Alexander, who just finished a successful SPAC. Inquiring minds want to know why the founders, like General Alexander, set out to build the corporation in order to serve their nation, whether it be in uniform, on the field of combat, or through virtual networks.

Buyers are drawn to people with these kinds of personal beliefs. It’s a good exercise for entrepreneurs to describe why they began their business without ever mentioning the product they’re selling. Getting to see what their firm is really all about is an exhilaratingly terrible experience. Start-ups that can only explain their existence in terms of how much money they make are doomed.

Factor 2: Focus on aesthetics

It’s common for a startup to use one of two ways to define their business when we ask them to do so. We’ll be led into PowerPoint hell by a team that will bombard us with slide after slide of overused keywords, jumbled graphics, and useless quotations. As if the technology were an afterthought, the platform diagrams in these presentations are carelessly ripped and pasted from the engineers.

However, every now and then, we come across a start-up that really appreciates the importance of good design. This is an example of a well-crafted narrative, built from top to bottom by the platform developers, marketing team, and leadership group working together. When done well, elegance is the only word that springs to mind. Moreover, it’s not only the story’s general beauty; it’s not merely the technology’s as well.

Consider the SentinelOne. This now-public company’s attention to detail while describing its behavioural analytics impressed us the first time we met them in person. To use this method, it is necessary to first determine what is considered typical conduct, and then to raise an alert when anything seems out of the ordinary. Clearly, they had put in a great deal of time and effort to perfect the clarity of their message to us.

It’s also difficult to pin down what constitutes “design elegance” in any given solution (think Apple). However, once you see it, you’ll immediately recognise it.

Factor 3: Expertise in the subject matter

Final question: we usually ask new firm founders to talk about their experience in the industry they are entering. Worst-case scenarios include serial entrepreneurs from other fields jumping on the security bandwagon and causing chaos. Cybersecurity is a thorny issue, and novice founders will ultimately pay the price.

Startup founders and CEOs that have made a lifelong commitment to their field tend to provide the most insightful comments. One of our favourite questions to ponder is whether or not a startup founder would be willing to continue their work for free. When it comes to this subject, only a select few entrepreneurs can honestly say “yes.”

Consider Netskope CEO and founder Sanjay Beri, Palo Alto Networks founder and CTO Nir Zuk, and Fortinet CEO and founder Ken Xie. Even if they never made a cent, these successful entrepreneurs would continue doing what they’re doing today. This sort of domain enthusiasm is attractive to buyers, and investors should keep it in mind while making a purchase.