Venture capital cash inflows in technology often happen in high-innovation areas. Given the expanding threat surface and financial incentive for attackers, cybersecurity is attracting a lot of that cash.

Diving deeper, what exactly is the temperature within VC firms on cybersecurity investment? How are the startups themselves rewarding this financial trust? And what does the future look like for cloud cybersecurity as a whole?

“As the global economy digitizes, cybersecurity represents the existential threat to that digitized global economy,” said Bob Ackerman (pictured), founder and managing director at AllegisCyber Capital. “On the one hand, it’s an area where investment is non-discretionary — you really don’t have a choice because you can’t afford to get it wrong. That fact alone is what drives so much of the investment activity.”

Ackerman spoke with theCUBE industry analyst John Furrier at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the state of industry attention on cybersecurity from an investment perspective.

Investment is flowing, but more cautiously

With the private and public-sector incentives for cyber warfare at an all-time high, malicious actors aren’t lacking motivation. In fact, they’re actually dictating the pace for cybersecurity innovation as companies and governments work to shield themselves, according to Ackerman.

“You’ve got a dynamic in cyber that you really don’t have in any other area of technology in that there is an offense in cyber, and the offense actually sets the pace and drives the innovation and is technically quite capable, well-funded and basically unconstrained in their behavior,” he said. “So, you’ve got a very determined adversary that wakes up every day looking for ways to compromise all of our digital infrastructure. It really puts the pressure on the defense to work at the pace of the offense.”

While cyber is drawing massive investment and seeing competition, it’s a domain that requires deep technical knowledge to participate in. Investors, therefore, need to understand its nuances before considering long-term financial gains, Ackerman added.

“It’s obviously drawn a lot of investment attention,” he noted. “At the same time, I think sometimes people don’t fully understand the nature of cyber, that it is deeply technical —  it’s not a pickup game. This is an area much like life sciences or biotech, where I think you better be a domain expert. Otherwise, you’re best to step back and step away.”

Moving forward, capital injections will become more cautious. Investors will only back ideas and startups they feel are sustainable and drive value when tested, Ackerman added.

“I think part of what we’re seeing in today’s environment is sort of the great rationalization of let’s sort the wheat from the chaff or the cream from the milk from the curd, and kind of rationalize the environment to something that’s a little more sustainable, a little more value-driven,” he said.

The cream, the milk and the curd

A swathe of startups exists today that are vying for funding in the same competitive space within cybersecurity. With time, a separation always occurs on the merit of product value, where the best ones rise to the top and attract funding and the “undifferentiated companies” are consolidated to create industry cohesion. That is the cream, milk and curd analogy, according to Ackerman.

“They look at things like threat intelligence and say, ‘Well that sounds like a really important thing’ — and it is a really important thing,” he said. “But we have 107 threat intelligence companies today. How many do we actually need? Five will get us there. So, what’s gonna happen with the other 102? They’re going to get consolidated. They’re going to get rolled up. They’re going to go away. And that’s part of this cleansing process that we’re living through today.”

On the question of whether the cybersecurity industry is undercapitalized or overcapitalized, the answer lies somewhere in the middle. On a broader scale, impactful, cutting-edge ideas are undercapitalized while undifferentiated, commoditized startups are overcapitalized, according to Ackerman.

“The difference between [the two] are the people that are writing the checks,” he said. “The people that have spent their careers in cyber are a little better at identifying disruptive ideas or anticipating where the puck will be. That’s really the way you need to approach cyber.”

Watch podcast here.