An Ellicott City cybersecurity firm landed the first Baltimore-area megadeal of 2023 on Thursday, offering a glimmer of hope during a down year for technology funding.
Blackpoint Cyber announced a $190 million Series C growth investment round led by Bain Capital Tech Opportunities with participation from Accel and existing investors, including Adelphi Capital Partners, Telecom Ventures, Pelican Ventures and WP Global Partners.
Blackpoint Cyber works with managed service providers, or third-party companies that remotely manage the day-to-day operations of a company’s internet technology infrastructure. The company plans to use the funding to expand its line of products and give customers more options. The firm had already started to branch out into customer education by launching “Blackpoint University” in April to offer technical training to its customers. Other Baltimore-area cybersecurity companies, such as Huntress, have also begun offering more customer education.
The education platform focuses mostly on helping Blackpoint’s customers learn how to better sell their products to companies and showcase the value they can offer to different businesses, CEO Jon Murchison said. Blackpoint is also planning on broadening its international footprint, focusing on Australia and the general Pacific region.
Blackpoint Cyber currently employs 130, with plans to hire an additional 80 staff in the wake of the new funding. The company had just 12 employees in 2018. Blackpoint Cyber was founded in 2014 by Murchison, a former National Security Agency computer operations expert. Since then, the company has raised several rounds of funding, including a $7 million round in 2020 and a $6 million round in 2018.
The two initial rounds raised by Blackpoint were kept intentionally low-profile, Murchison said. Large venture capital rounds and high valuations can often cause early-stage startups to raise a large amount of money without having the revenue or customer base to sustain that growth. Murchison wanted to avoid that trap of early over-expansion by waiting until the business had a more stable customer base and revenue model before targeting big capital raises.
“You can get addicted to that money,” Murchison said. “You burn like crazy, you get the growth, but maybe your customer retention is bad, your net retention is bad, and you don't have real business fundamentals. Then interest rates rise, valuations crater and you're addicted to money. So you have to go back out and get that money and take a bad round.”
The $190 million raise is larger than what all Greater Baltimore companies raised in the first quarter of this year. In the first four months of 2023, local startups raised just $83.47 million, reflecting a national decline in funding. The number of megadeals — traditionally defined as a round of over $100 million — declined nationally from 98 rounds in the first quarter of 2022 to only 19 this year.
The largest round in Greater Baltimore before the Blackpoint Cyber deal belonged to Huntress, another cybersecurity firm that raised $60 million in May of 2023. The Baltimore region has become a hub for cybersecurity companies, due in part to its location near the NSA headquarters at Fort Meade, and has several publicly traded cyber companies including ZeroFox and Tenable Inc.
The Bureau of Labor Statistics believes cybersecurity will continue to grow, predicting a 35% job growth rate over the next 10 years. That growth has come as the number of cyberattacks that companies deal with is steadily increasing due to the move to hybrid and remote work as well as new artificial intelligence tools that make it easier to launch cyberattacks and set up scams. Blackpoint added hundreds of customers in the aftermath of Covid-19 since companies were forced to rely on digital infrastructure to facilitate work, Murchison said.
The types of attacks businesses face have also changed, forcing cyber firms to change their strategies. Cyber criminals rely less on sophisticated malware software to infect a machine and now use programs built into a computer to access into a system without using external files, a tactic called living off the land. The popular business software Microsoft 365 has also become a popular target for cybercriminals, since hackers can often bypass two-factor authentication security techniques.
"Nothing's perfect in this game," Murchison said. "And it never will be."
