Corporate chief information-security officers, or CISOs, have long been the primary buyers of security solutions for enterprises. All told, these executives have been spending significant amounts of money–$172 billion on information-security and risk-management tools and services this year, as estimated by Gartner— to protect their business’s “attack surfaces” (generally networks and corporate software applications) from intruders.

But in the meantime, other parts of big organizations, such as sales-and-marketing departments, haven’t received the same type of cybersecurity attention—despite increasing threats to their systems that have 1) exposed them to potential bad actors, and also 2) increasingly interfered with their ability to leverage crucial internal data to track potential customers and increase their companies’ revenue. It’s an emerging threat area and one we think new cybersecurity startups would be smart to target.

The need for more solutions geared toward non-CISO executives inside companies is clear: More than 40% of all web traffic is believed to be driven by “fake actors”—bots, fake accounts, malicious site visitors, fraudsters, click farms, automation tools, and proxy users, among others. The threat to go-to-market (GTM) organizations posed by these fraudsters is increasing large, as teams run by CMOs, CROs, corporate data-chiefs and others routinely collect and leverage critical user data through online channels affected by these nefarious agents. These channels include web forms, paid marketing campaigns, tag managers, analytical tools, and various other sources, and they are all part of the “fake actors” attack surface.

For different purposes including BI, analytics, and target-audience compilation, all the data (valid and invalid) collected is then fed into teams’ CRMs/marketing funnels/BI systems, etc.

When such a high proportion of traffic entering these channels is invalid, it’s no longer clear for GTM teams whether a marketing lead is valid or not. So they can no longer draw conclusions from that data, and this erodes the GTM teams’ ability to make accurate strategic decisions. Moreover, forecasting, budget planning, A/B testing, optimization, and measurement are all compromised. Fake actors can also create problems that drive up customer-acquisition costs and cost-per-acquisition or action, decrease contract value, and lengthen deal cycles.

Additionally, inaccurate data fed into the company’s core data repositories could introduce an issue with data drift; a machine-learning model’s accuracy only holds up if the data fed into it during production is sufficiently similar to the data on which it was trained, so it’s important for GTM teams using ML to ensure they get rid of any invalid data.

Finally, fake actors can significantly affect a company’s performance in the public markets. In February 2022, 4.5 million PayPal accounts were found to be fake, created by bots to take advantage of the free cash “welcome incentive” for new PayPal accounts. The discovery contributed to one of the company’s largest stock plummets. And of course, Elon Musk is famously trying to get out of his offer to buy Twitter for $44 billion because he’s argued the site is rife with fake accounts.

All in all, the lack of GTM security solutions leads to a significant waste of marketing dollars, a particularly serious problem in today’s volatile market environment, in which most organizations are striving to be more efficient and restrain costs. In the US alone, $62 million out of $407 million in advertising spending was wasted due to digital ad fraud, which made up 15% of the total spend. Impreva’s Bad Bot Report, is estimating to bot problem to be getting worse, as bad bot traffic maintains its upwards trend, amounting to 27.7% of all website traffic in 2021.

From an e-commerce perspective, it is estimated that 470 million so-called online shoppers are actually bots and fake users, according to GTM security-suite provider CHEQ*. Global e-commerce accounts for 22% of total sales, up from 15% in 2019. Given the post-Covid rise in e-commerce and digital offerings more broadly, at the expense of brick-and-mortar, the fake web problem is becoming even more acute. Case-in-point: Online retailers lose $5.7 billion annually to bots abandoning carts.

Our portfolio company CHEQ*, which makes an integrated GTM security suite, isn’t the only company attacking this issue. HUMAN Security, which just merged with competitor PerimeterX; Netacea; Cloudflare; and DoubleVerify are also active in the space. We have been impressed with CHEQ’s specific ability to help customers battle web scraping, account takeovers, lead-gen fraud, user hijacking, carding attacks, chargeback fraud, click fraud, new account fraud and other issues, and the company just today strengthened its position in the market by announcing the acquisition of security startup Ensighten. The landscape is only getting more hostile, and more CMOs and CROs will need to get smart about security to keep their businesses running efficiently.