The WTFs of an Investor: #1 The Valuation Presentation

In 2013/2014 Inventures asked me to write a series on our experience as a Seed stage fund, about stuff that makes us wonder, but not in a good way. This series originally titled “WTFs of a Business Angel” hasn’t lost its truth it seems, so we decided to revisit the content, update and adapt it where necessary and publish it here on our blog (also because investures.eu sadly is gone from the Web). Have fun!

When we started Speedinvest in 2011, we were a startup ourselves. A very well funded startup, but still, we were a team of people who had some experience in building companies and no experience in building a Venture fund. We are still learning an awful lot, because you can profit tons from other people’s experience, but there is no way around doing things yourself, making mistakes, trying again and again, learning from what you’ve seen so far.

That is the spirit that we like to keep, a positive and pro-founder type of attitude, because the truth is: we love what we are doing. It is fun and exciting to meet visionary people, who have drive and enthusiasm to change whatever tiny bit of their world, step by step. However, there are those rare events where we sit across the table in our office and are having a facepalm moment. When one of us gets an email from a startup or reads a piece of news about our industry that just makes you go “WTF?”. For your reading pleasure, but also to offer you the opportunity to learn, we open up our treasure chest of awkward moments and give you our top WTFs, of course with all due respect to those contributing to them.

WTF #1 The Valuation Presentation

A clear leader on our list of WTFs was an e-mail that we got from a founder with a promising business. He had a nice idea, a good target market and had already launched a product. It was still in an early stage, but you could tell that this could turn out to be a valuable investment. We had had some talks already, everything seemed OK, when all of a sudden his lawyer called our partner Erik in the US asking for a meeting to draft up a termsheet.

What Erik then told him was: “Well, you know, we only had one phone call and before moving forward we would really like to spend more time with the team and see if we could add any value there”. Already awkward, but still only a taste of what happened then. A week later, we got an e-mail from a well-known business consultancy with two presentation decks, one in English and one in German.

The content? A picture perfect, textbook case of company valuation showing a company value well north of 10 million Euro. Valuations like that are not unheard of these days, in Seed stage, still a very high mark for a company with barely a product, let alone customers. But even more surprising giving where we were in the process. Just for the record: we hadn’t even met the team at this point, nor discussed anything about investing in the company.

Good founders can read social situations, even if they are unknown to them

Why did this make us go ”WTF”? 1. Because of the total misjudgement of the process, and 2. Because of the crazy valuation expectations, without even having met the team, looked at the product in detail, etc. Yes, startup valuations do go crazy from time to time, but you have to consider what stage you are in. And where you are located. Although reading TechCrunch for valuation indications might seem reasonable there is a difference in valuations, which can be explained by one simple fact: Neither Vienna, nor Berlin is Silicon Valley – yet.

Just to be very clear on that: I am not saying that an Austrian company could not be worth more than 10 million, a lot of companies have proven the contrary. But in that early stage, sending over a valuation calculation just doesn’t make any sense. The holy grail of valuing a startup is not easy to tackle, but the easiest way is to just talk to someone who knows the game a little and get feedback early on, because you could ruin a relationship that might have been valuable.

After all, getting an investor to support you is basically like a sales process, and sending a quote for 100k for your product to a little retail store across the street, when they haven’t even asked for it is not something many would consider.

It’s Complicated

Insurance against cyber-attacks, AKA cyber insurance, is surely the most exciting domain in insurance today. Companies globally are purchasing cyber insurance for different reasons including skyrocketing cyber security costs, banks that are demanding suppliers to have such a policy in place and board members that are worried with liability due to new emerging regulation such as GDPR next year. Eventually cyber insurance is the only “cyber” solution that will support an organization post-breach and will refund costs.

But many different parts still need to come together to deliver on its promise. While the estimated $5B US cyber insurance market today is still in its early days and is a small part of the approximate $1.2T+ net annual premiums written, it certainly is the fasted growing segment with around 30% CAGR expected for the coming years.

However, this market is still small relative to the size of the cyber risk pool with estimated costs of cybercrime to reach $2T in the US alone in 2019.

And so, a range of issues and concerns must be addressed in order to have cyber insurance realize its full potential:

  • Customer Segments: Clearly an immediate need for cyber insurance is with B2B. Companies need cyber insurance to protect both 1st and 3rd party risk, including smaller companies supplying to third parties. But, consumers should also be able to insure themselves against cyber risk.
  • Data: Insurance companies are mainly dependent on questionnaires which are not only outdated the day they have been filled, but also contain information which is often inaccurate and requires specific expertise to be gathered. In many cases, such collection process cost is higher than the cost of the premium itself. In a world where everything, and certainly IT resources, provide detailed data, attack surfaces expand and attack vectors develop, using real-time data to assess cyber insurance risk is a must.
  • Customer Experience: Signing up for cyber insurance today means filling out long questionnaires regarding infrastructure, data, policies, people, etc. Complex info, hard to collect, introducing significant friction in the process. Hardly a process that scales, and a data-driven world allows for much of the user experience to be almost frictionless.
  • Distribution: As a company, will I buy cyber insurance separately, or as part of other types of insurances? Is there a reason to buy it from an insurance company? Why would I not buy insurance for my customer data with AWS, and DDOS downtime insurance from Cloudflare? I get security updates with Windows – why not a basic insurance against the OS being hacked if I run their endpoint security that’s built in?
  • Risk Modelling: From the outside-in or the opposite, one can automate data collection relevant for the process of underwriting a company, including risk domains such as digital, HR, regulatory and other types of data that can support predicting claims. Breach data is somewhat available in public repositories, however much of the interesting data is collected by ongoing OSINT and dark web intelligence (e.g. breached servers, account credentials, etc) and in some cases even the company itself is not yet aware of the breach. This data can be used in risk modeling to predict cyber claims and attacks impact. Aggregate and systemic risks are a main concern for insurance companies when discussing cyber. When the goal is enlarging market share, aggregated risks are sometimes invisible until a catastrophe hits.

So yeah, it is complicated.

But it is clear that insurance carriers need real-time, data driven technology solutions that can accurately assess cyber risk, to help deliver products across multiple segments and multiple distribution channels and with a great user experience.

Cyberwrite is building the technology to facilitate rapid growth of the cyber insurance industry and we could not be more excited to support Nir and Rotem achieving that goal, and doing so now!