Six years ago, I met the founding team of what is today Ordr*, a leading connected device security company. At that time, I was CMO of Palo Alto Networks, a company I helped grow into the largest independent player in the cybersecurity market. What struck me most then was how little concerned the security industry seemed to be with the risks associated with connecting devices – managed or unmanaged – to enterprise or government networks.
In true “non-Zero Trust” fashion, we assumed that because these devices are mostly closed systems, we didn’t have to fear them being attacked or being used as vectors to attack our networks and datacenters, let alone being successful at it. And while we already knew from Target, Mirai, and Stuxnet that PLC’s, HVAC, SCADA, and PoS systems could be hacked and used for such malicious purposes, we assumed it took nation-state level resources to do that. We didn’t think of Internet-of-Medical Things (IoMT) devices such as insulin pumps; MRI or EKG machines; physical-security devices like security cameras; or Operational Technology (OT) devices such as digital oscilloscopes or metal detectors in the same way.
A lot has changed since. Significant issues and breaches have been disclosed in the past years in which medical and industrial devices were targeted and compromised by all types of cybercriminals in order to gain access to confidential data, disrupt operations, and extort organizations. Governments and regulatory bodies like the FDA stepped in and outlined both risks and approaches to deal with this issue. It became clear that a different approach was needed in order to protect environments and organizations whose very existence depends on providing access to large numbers of diverse, connected devices to their networks and datacenters.
Battery Ventures was the lead investor in Ordr’s $33 million Series B round in late 2019 alongside Wing Venture Capital, 1011 Ventures, Kaiser Permanente Ventures, Mayo Clinic, and Unusual Ventures. The round helped Ordr further its mission to effectively manage and secure the explosive growth of connected devices. And today, we are proudly doubling down on our investment in the company’s $40 million Series C round announced today.
Our rationale for backing the company was and remains simple.
Every second, another 127 devices connect to the Internet, according to McKinsey. That’s 328 million “things” per month. By 2025, we’ll see 75 billion connected devices, from traditional IT devices to newer and more vulnerable IoT, IoMT, and OT devices.
Annual spending on connected-device security measures has increased to $631 million in 2021. Already back in 2019, 86% of healthcare organizations were using IoT & IoMT technology in some way; a number that has gone up even more in the past two years.
Our own research shows that in 2021, IoT security spending in healthcare alone reached close to $200 million annually, growing well over 20% year-over-year. And that’s just the tip of the iceberg, as globally there are close to 20,000 hospitals, of which about 6,200 are in the USA, according to the American Hospital Association, which would indicate there’s a market opportunity of well over $1 billion in annual spending on just IoMT security.
In order to better serve the medical-device security community, Ordr recently introduced its Clinical Defender product, which was co-designed with the help of healthcare security and operations professionals and based on experience the company gained at health-delivery organizations such as Cleveland Clinic and Mayo Clinic.
Outside of IoMT, the opportunity is even larger. We believe from our research that there is close to a $15 billion market opportunity for the combination of IoT, IoMT, and OT security, which will continue to grow double-digits.
Our continued investment in Ordr expresses our confidence in the team, the technology, and the market opportunity. It also expresses our belief that the market needs an independent, strong, and focused device-security specialist rather than a generalist security provider. What sets Ordr apart is its ability to make connected device security simple through its zero-touch agentless deployment, one common platform for multiple stakeholders, and automation of policies to secure devices. Ordr customers see exactly what’s connected to their network, in real time, all the time. And they know what’s vulnerable, what’s behaving maliciously and why. That then allows them to automate policies and response to secure any connected device, enforced on any networking and security infrastructure.
Battery Ventures provides investment advisory services solely to privately offered funds. Battery Ventures neither solicits nor makes its services available to the public or other advisory clients. For more information about Battery Ventures’ potential financing capabilities for prospective portfolio companies, please refer to our website.
*Denotes a past or present Battery portfolio company. For a full list of all Battery investments, please click here. No assumptions should be made that any investments identified above were or will be profitable. It should not be assumed that recommendations in the future will be profitable or equal the performance of the companies identified above.
Content obtained from third-party sources, although believed to be reliable, has not been independently verified as to its accuracy or completeness and cannot be guaranteed. Battery Ventures has no obligation to update, modify or amend the content of this post nor notify its readers in the event that any information, opinion, projection, forecast or estimate included, changes or subsequently becomes inaccurate.