By Wendy Jarchow, Chief Investment Officer, River SaaS Capital
Last Friday Silicon Valley Bank (SVB) collapsed, causing the second largest bank failure in U.S. history. On Sunday, New York Signature Bank’s customers began withdrawing their cash, causing the regulators to take control and shut down the bank. Fortunately, due to the rapid response from regulators, the deposit outflows from small and midsized lenders have slowed, and it looks like any other major collapse has been avoided.
How did this happen?
According to Pitchbook, venture capital deal activity sank over 30% last year and a slowdown in initial public offerings and continuing drawdown in valuations signaled trouble for 2023. However, startup spending hadn’t slowed, even with the expected decline in funding.
Silicon Valley Bank had been seeing an influx in deposit accounts and a declining need for loans with total client funds having fallen for the last five quarters. With the declining need for loans, SVB needed to offset its assets with a new revenue stream and turned to government securities while the interest rates were at zero. This left the bank open to vulnerabilities, given that the government started to raise interest rates since SVB invested.
Last Thursday, the CEO of SVB announced his intention to sell those government securities at a loss to offset its current assets. This spurred venture capitalists to turn to social media and other online platforms and recommend that their portfolio companies and borrowers immediately withdraw their money.
These social media conversations induced panic and fear while providing a sense of uncertainty for all organizations that trusted the institution with their assets. The alarm of organizations withdrawing funds publicly sparked a run on the bank that SVB could not handle. Late Friday, SVB was closed by regulators due to being insolvent.
Luckily, the U.S. government took action on Sunday night and announced that depositors will be made whole.
Over the weekend, companies who banked with SVB had to scramble to open new bank accounts and communicate with their customers and employees about the changes and potential impact. Had the regulators not acted quickly, many startups could have had to shut their doors overnight, not being able to make payroll or other recurring expenses.
In hindsight, had venture capitalists and startup founders stayed calm, this immediate collapse could have been avoided.
However, that doesn’t mean that the venture and startup community is out of the woods yet.
Where do we go from here?
Venture capital exists in order to help startup companies that a traditional bank won’t invest in grow and scale. They prioritize tech innovation and growth along with growing the bottom line. There are higher risks, but much bigger rewards.
Silicon Valley Bank was arguably the epicenter of the financial system for the startup ecosystem because it was not only the bank for these startups, but also provided loans to venture capital and private equity firms. With that said, the future is uncertain, but here are a few things to keep in mind.
Cyber startups will continue to flourish
In 2022, cybersecurity companies raised a total of $18.5 billion in venture capital funding and cyber security valuations didn’t fall as radically as other industry valuations fell indicating that the area is ripe for innovation and growth.
Cyber startups should be whole even with the fall of SVB. The government did the right thing when SVB and Signature Bank failed and that was to use the FDIC insurance fund, called the Deposit Insurance Fund, that banks pay into to pay customers at each bank back in full. Although the cap on insured deposits is $250K, to stop panic from spreading, regulators successfully made the exception to make customers whole.
However, access to capital will continue to shrink
With a projected recession on the horizon, venture capitalists were already pulling back on new investments and concentrating on solidifying their existing portfolio. With the fall of SVB, their appetite for risk will continue to dwindle. Plus, one of their main sources of loans for venture capital is now gone.
The venture market is not going away because of what happened in the banking industry recently; however, it will be more difficult to get access to capital, at least initially as investments are less available, and likely more expensive.
We will see a bounce back in venture investing and likely new resources to fill the gap that SVB leaves, but the timing is uncertain. Startups need to preserve cash and closely manage their burn in an effort to extend their runway. Bridging to a larger equity raise by borrowing money from an independent debt provider could be a good resource for some strong growth companies.
The future of SVB and what it means for venture capital is still up in the air
If SVB gets absorbed by a larger bank like, it’s hard to say if they will be funding startups at the same rate. Some large banks will make loans to startups if those startups meet the loan criteria, usually with strong collateral.
As we have seen in the past, most software and tech companies don’t possess the collateral needed to secure traditional bank financing. Venture banks, like SVB, tend to be more nimble than the big banks. That being said, some of the largest banks such as JPMorgan Chase, Bank of America, Citi have groups/bankers focused on small business so perhaps we could see a shift in mindset where the large banks expand their appetite for risk to support emerging companies.
What should startup founders do now?
As startups try to navigate when VC investing will return to pre-2022 levels, there are things they can do to ensure their companies keep moving forward. Entrepreneurs and existing investors will need to focus on a few things to maximize their “dry powder.”
Here are the 3 areas startups should concentrate on in the foreseeable future.
- Focus your time and resources outside of VC
Understand that venture firms will be focused on the most promising companies within their existing portfolios so now is not the time to focus on raising capital from these investors.
- Make the most of resources within your control.
Here are three main areas that you can control over this next period:
- Focus on customer acquisition costs. Marketing spend can be mitigated by focusing on existing customers v acquiring new.
- Be diligent with cash. Focus on bootstrapping, which can extend the runway.
- Streamline operations, including remote working to avoid office expenses where appropriate.
- Leverage existing investors / relationships or focus on independent resources
Not many banks have the startup resources or mindset to support early stage companies. With that in mind, look for financing from your current investors, your cap table or bootstrapping from friends and family.
You can also identify independent resources, such as stand-alone venture debt providers who understand the inherent risks associated with early stage companies and who can partner with you to help you achieve your goals.
- Hang on
We know it’s easy to let panic set in, but strong leaders shine in a time of turmoil. Lean on your network, overcommunicate to your teams and know that this situation inevitably will shift.
WooCommcerce Targeted by Sophisticated Credit Card Skimmers
Posted in Commentary with tags Sucuri on March 24, 2023 by itnerdAs reported by Sucuri, a new stealthy, credit card skimming campaign is evading security scan detections by hiding their malicious code inside WooCommcerce’s Authorize.net payment gateway module making it particularly hard to find and uproot, leading to extended periods of data exfiltration. WooCommerce is used by roughly 40% of all online stores.
The previous strategy of injecting malicious JavaScript into the HTML of the checkout pages became too easy to detect by security software. Innovative threat actors are now injecting malicious scripts directly into the site’s Authorize.net payment gateway modules used to process the credit card payments. When successful, the code generates a random password, encrypts the victim’s payment details, and stores it in an image file for attackers to retrieve.
This innovative extension is harder to detect than traditional skimming methods for a few reasons:
Baber Amin, COO, Veridium:
“Security measures offered by EMV and contactless cards are compromised when a user enters their credit card information during an online checkout. Additionally, this process exposes a user’s identity information, e.g. email addresses, shipping addresses, and possibly passwords.
To ensure a safe online shopping experience, it is crucial for website administrators to regularly update their content management systems and plugins.
For merchants and consumer both, Consider the following measures for increased security.
This is all good advice that we all need to follow when we shop online as the threats related to online shopping are increasing every single day.
UPDATE: Rui Ribeiro, CEO and Cofounder, Jscrambler added this comment:
“This attack highlights an often-overlooked security issue: companies must protect the client-side experience from the moment the visitor is on the site to the moment they leave. In this case, the hacker injected malicious code directly into the payment module, collecting sensitive data. This incident underscores how important it is for security teams to know about all the third-party JavaScript running on their website, what data it is accessing, and when. Not only is the customer experience tainted, but the compromised websites can face issues around data privacy, loss of revenue and reputation. New regulations under PCI DSS v4 will require companies to monitor this type of activity on payment pages. To do that, they will need visibility and control over the JavaScript that’s loaded into their web pages, whatever the source, every time. Whether it’s a hijacking attack, data skimming or a simple configuration error, we must protect each visitor interaction.”
1 Comment »