Cofense removes the Red Threat

by Brenon Daly

 

After a long and torturous process, email security startup Cofense has landed where it appeared headed pretty much the whole time: deeper in the portfolio of existing investor BlackRock. The private equity firm, which picked up roughly one-quarter of Cofense in a recap of the company in early 2018, added the 43% stake that had been held by a Russian investment firm. But it wasn’t an easy deal.

BlackRock’s transition from minority investor to majority owner of Cofense only came after some highly unusual – and highly disruptive – regulatory scrutiny from a secretive US national security agency. A few months after the deal was announced last year, the Washington DC-based Committee on Foreign Investment in the US (CFIUS) began pushing for the Russian investor, Pamplona Capital, to be removed from the syndicate. The reason? Perceived threats to national security.

Under scrutiny from CFIUS, business at Cofense stalled. Customers didn’t want to be buying from a potentially insecure security vendor. (Is the Kremlin reading your email?) Cofense’s growth rate, which had topped 40%, fell to about half that level, according to our understanding. The company had to do some layoffs due to the slowdown.

As growth tailed off, valuation followed suit. Although the exact price couldn’t be learned that BlackRock paid Pamplona for its stake, the transaction is understood to value Cofense at less than the $400m the two buyout shops paid for the company a year and a half ago. For comparison, rival email security provider KnowBe4 raised money this summer at a valuation of more than $1bn.

Still, with the removal of the Red Threat, Cofense at least has the opportunity to get back to business. And a fair amount of business is available. Our surveys of information security buyers and users continually show, broadly, that phishing and the related concern of user behavior is the top-ranked security ‘pain point’ facing organizations. That’s the good news for the company. The bad news: Cofense didn’t even make it into the top-five most-popular vendors for security awareness training, according to the 451 ResearchVoice of the Enterprise: Information Security, Workloads & Key Projects 2019.

Figure 1: Security awareness vendors