Friends of Paladin,

With 2015 in the rearview mirror, and 2016 sure to provide new opportunities and challenges, we thought we would share our observations of the past year and the year ahead.

In 2015, we witnessed a number of significant events that have shaken the evolving cyber security sector. Hackers are no longer solely focused on obtaining financial information. Whether cyber criminals, hacktivists or state sponsored, they are increasingly targeting personal information that could be used to compromise identities of U.S human assets as well as expose them to blackmail.

The Office of Personnel Management’s (OPM) data breach created new concerns about the U.S. Government’s attempts to secure the extensive personal and sensitive data belonging to its personnel and citizens. The Chinese Government’s reported role in accessing over 22 million employee profiles forced the Administration to consider sanctions and other punitive measures. Similar concerns rattled the health care sector when hackers targeted industry giant Anthem, exposing the health records of one-third of the U.S. population. These breaches reinforce the responsibility of private companies and government entities to protect their systems. Protecting this information has become central to U.S. national security efforts at home and abroad.

The belligerence on display only this past week by North Korea reinforces the reality that the very same state actors who are relentlessly pursuing Weapons of Mass Destruction (“WMD”), are equally intent on developing what we at Paladin have dubbed WMCD – Weapons of Mass Cyber Destruction, which are cyber capabilities not only to steal information but also disrupt and destroy their targets.

WMCD is as an insidious of a threat to the United States as any other which brings to American soil the real threat of direct cyber attacks against all critical infrastructure. Cyber terrorists are increasingly targeting critical infrastructure with greater success. Last month, the U.S. disclosed that the Iranian Government had successfully accessed the computer systems of the Bowman Avenue Dam near Rye, NY. While the attack was not remarkably sophisticated, it was nevertheless the first of its kind.

While America’s reaction to North Korea’s nuclear test will likely be a significant focus of tomorrow night’s State of the Union address, we at Paladin will be listening for the Administration’s plans to bolster both research and partnerships with the private sector to deter and defend against advanced cyber attacks by nation states.

More disturbing examples can be seen outside the U.S. In December, cyber terrorists successfully caused a power outage at three regional power authorities in Ukraine. The outage left thousands of homes without electricity in the middle of winter. Trend Micro and the Organization of American States (OAS) released a report showcasing a dramatic increase in cyber attacks against critical infrastructure owners and operators. Wireless connections continue to prove a vulnerability to these attempts. While the number of access points grows exponentially, advances in technologies are outpacing advances in cyber security.

At Paladin, we are proud to be working with many innovative entrepreneurs, major enterprises, and government organizations at the forefront of this battle against state actors, criminal organizations, and terrorists hoping to threaten our nation. We are helping public and private organizations stop adversaries from obtaining personal data of dedicated leaders and everyday citizens. We are also helping those responsible for the critical systems and infrastructure that support U.S. citizens everyday.

Looking back at 2015, it was a watershed year for Paladin with some significant milestones achieved by our firm:

Paladin Closes New Cyber Fund: We completed the initial close of our new Cyber Fund. The initial closing included commitments from sovereign wealth, institutional, and high net worth investors from Europe, United States, and the Middle East.

Paladin Crosses the Atlantic: In December, Paladin expanded its reach into Europe with the addition of an office in London. Our European presence and team will also enhance our value add capabilities for our U.S. portfolio companies looking to access new markets.

Paladin Enhances its Strategic Advisory Group: Paladin announced the appointments of Professor Sir David Omand, former UK Security and Intelligence Coordinator, Permanent Secretary of the Home Office and Director GCHQ; Dr. Mary Aiken, director of the CyberPsychology Research Center; and Sally Tennant, former CEO Kleinwort Benson Bank.

Looking forward to 2016, here are the trends we continue to watch and expect to receive greater attention as they become better known and understood:

The adoption of the Internet of Things will significantly increase the threat surface, with tens of billions of new access points created through the explosion of home automation and other consumer products. Less understood is the threat posed to the Industrial Internet – the backbone of our critical infrastructure. Large industrial operations in Germany and Saudi Arabia have already suffered such attacks. American utilities, oil/gas operators, and manufacturers are surely targets.

Security strategies will increasingly focus on the human element of cyber security. If an organization is only as good as its people, then a company’s cyber security is only as good as its peoples’ cyber vigilance. Phishing was the method of choice in both the Sony & OPM breaches, relying on the vulnerabilities created by individuals’ mistakes. This has created a dire need for threat management offerings for organizations concerned about human susceptibility to advanced targeted attacks. Companies must adopt the mindset of turning their employees from liabilities into assets in the anti-phishing battle.

As technological innovation continues to outpace security, defenders are overburdened and left to reacting to the previous attack. To enable a more proactive security posture, Threat Intelligence Collaboration and knowledge-sharing platforms will be critical to create a force multiplier of organizations’ limited security talent resources.

We believe 2016 will continue to present a vibrant flow of investment opportunities in cyber as well as another strong year for M&A activity.

We are fortunate that 2015 was a positive year for our team and our portfolio companies. We are equally excited about opportunities in 2016 – both in the U.S. and abroad – as corporations and governments continue to allocate more resources toward developing cyber security solutions.


Mike Steed

Michael Steed is the Founder and Managing Partner of Paladin Capital Group, a leading global investor that supports and grows the world’s most innovative companies. Paladin is headquartered in Washington, DC with offices in Silicon Valley, New York, and London.