Six years ago, I met the founding team of what is today Ordr*, a leading connected device security company. At that time, I was CMO of Palo Alto Networks, a company I helped grow into the largest independent player in the cybersecurity market. What struck me most then was how little concerned the security industry seemed to be with the risks associated with connecting devices – managed or unmanaged – to enterprise or government networks.
In true “non-Zero Trust” fashion, we assumed that because these devices are mostly closed systems, we didn’t have to fear them being attacked or being used as vectors to attack our networks and datacenters, let alone being successful at it. And while we already knew from Target, Mirai, and Stuxnet that PLC’s, HVAC, SCADA, and PoS systems could be hacked and used for such malicious purposes, we assumed it took nation-state level resources to do that. We didn’t think of Internet-of-Medical Things (IoMT) devices such as insulin pumps; MRI or EKG machines; physical-security devices like security cameras; or Operational Technology (OT) devices such as digital oscilloscopes or metal detectors in the same way.
A lot has changed since. Significant issues and breaches have been disclosed in the past years in which medical and industrial devices were targeted and compromised by all types of cybercriminals in order to gain access to confidential data, disrupt operations, and extort organizations. Governments and regulatory bodies like the FDA stepped in and outlined both risks and approaches to deal with this issue. It became clear that a different approach was needed in order to protect environments and organizations whose very existence depends on providing access to large numbers of diverse, connected devices to their networks and datacenters.
Battery Ventures was the lead investor in Ordr’s $33 million Series B round in late 2019 alongside Wing Venture Capital, 1011 Ventures, Kaiser Permanente Ventures, Mayo Clinic, and Unusual Ventures. The round helped Ordr further its mission to effectively manage and secure the explosive growth of connected devices. And today, we are proudly doubling down on our investment in the company’s $40 million Series C round announced today.
Our rationale for backing the company was and remains simple.
Every second, another 127 devices connect to the Internet, according to McKinsey. That’s 328 million “things” per month. By 2025, we’ll see 75 billion connected devices, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT devices.
Annual spending on connected-device security measures has increased to $631 million in 2021. Already back in 2019, 86% of healthcare organizations were using IoT & IoMT technology in some way; a number that has gone up even more in the past two years.
Our own research shows that in 2021, IoT security spending in healthcare alone reached close to $200 million annually, growing well over 20% year-over-year. And that’s just the tip of the iceberg, as globally there are close to 20,000 hospitals, of which about 6,200 are in the USA, according to the American Hospital Association, which would indicate there’s a market opportunity of well over $1 billion in annual spending on just IoMT security.
In order to better serve the medical-device security community, Ordr recently introduced its Clinical Defender product, which was co-designed with the help of healthcare security and operations professionals and based on experience the company gained at health-delivery organizations such as Cleveland Clinic and Mayo Clinic.
Outside of IoMT, the opportunity is even larger. We believe from our research that there is close to a $15 billion market opportunity for the combination of IoT, IoMT, and OT security, which will continue to grow double-digits.
Our continued investment in Ordr expresses our confidence in the team, the technology, and the market opportunity. It also expresses our belief that the market needs an independent, strong, and focused device-security specialist rather than a generalist security provider. What sets Ordr apart is its ability to make connected device security simple through its zero-touch agentless deployment, one common platform for multiple stakeholders, and automation of policies to secure devices. Ordr customers see exactly what’s connected to their network, in real time, all the time. And they know what’s vulnerable, what’s behaving maliciously and why. That then allows them to automate policies and response to secure any connected device, enforced on any networking and security infrastructure.
This material is provided for informational purposes, and it is not, and may not be relied on in any manner as, legal, tax or investment advice or as an offer to sell or a solicitation of an offer to buy an interest in any fund or investment vehicle managed by Battery Ventures or any other Battery entity.
The information and data are as of the publication date unless otherwise noted.
Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.
The information above may contain projections or other forward-looking statements regarding future events or expectations. Predictions, opinions and other information discussed in this video are subject to change continually and without notice of any kind and may no longer be true after the date indicated. Battery Ventures assumes no duty to and does not undertake to update forward-looking statements.
*Denotes a Battery portfolio company. For a full list of all Battery investments, please click here.