Early-stage benchmarks for young cybersecurity companies

We’re quick to celebrate the extraordinary victories of Israel’s multiplying cybersecurity unicorns, but every success story must start somewhere. The early days of any young startup decide how successful it can be, which is why we’ve developed a focused, value-add program to support cybersecurity founders during this most critical stage and maximize their potential in building market-leading companies.

However, the early stages of cybersecurity company-building are often shrouded in mystery, only coming into the light for fundraising and feature announcements. This leaves many entrepreneurs we speak with asking what exactly cybersecurity companies are achieving behind the curtain to earn these huge victories.

Though every company’s journey is unique, we can tease out trends and patterns to establish performance benchmarks for the cybersecurity ecosystem as a whole. To most entrepreneurs, however, the sensitive data required to understand the early success of a company is often unavailable or obscured. Moreover, the industry has yet to formally define proxies for growth and momentum beyond fundraising — leaving cybersecurity founders aiming for landmarks without guideposts.

When it comes to contracts, timing can provide important insight into the quality and performance of the sales pipeline. On average, successful companies will have closed their first paying customers in the U.S. within 12 months of their seed round.

Entrepreneurs require guideposts to aspire to when building large companies, and critical customer and revenue expectations can be best established by looking at what already successful cybersecurity companies have accomplished. Such metrics have been previously established for wider areas of technology, such as SaaS.

Leveraging our experience and resources, we collect this knowledge to keep our founders informed with the most up-to-date cybersecurity-specific metrics for long-term and large-scale growth. We hope that sharing these unique insights into early-stage cybersecurity companies — based on our own portfolio companies’ average performance — will help entrepreneurs in the wider Israeli ecosystem more confidently build their budgets and roadmaps with industry evidence.

Image Credits: YL Ventures

What should revenue look like over the first few years?

Though today’s investors are growing more aggressive, $500,000 in annual recurring revenue (ARR) is a traditional baseline requirement for a successful Series A from strong investors, and hitting that mark quickly should remain every entrepreneur’s goal. Hitting this target indicates product-market fit and customer willingness to commit to your solution.

Discounting variances in pricing, the best companies we’ve seen are able to reach the $500,000 benchmark in less than 18 months. From there, top-performing companies can expect to gain momentum and reach $1 million in ARR in 18 to 24 months. Such momentum is contingent on a number of factors for Israeli cybersecurity entrepreneurs, but growth is mainly reliant on how well founders connect with relevant customers outside the Israeli market.