Thomvest Research: Understanding the Native Advertising Ecosystem

by Nima Wedlake on May 19, 2016

As investors in the digital advertising space, we’re always interested in new approaches to delivering brands messages online. Over the last several years, native advertising has clearly emerged as one such approach. The ad format — which follows the natural form and function of the site or app where it is placed — is common on social platforms (e.g. Facebook’s News Feed ads) and media sites like Buzzfeed and Vice. Many studies have shown that native ads perform better than traditional display advertising, often yielding higher CPMs for publishers and better performance for advertisers.

More recently, we’ve seen a wave a startups build the infrastructure to buy and sell native ads programmatically. What was historically a very high-touch, direct sales process between brands and publishers to create custom “branded content” is evolving into something that more closely resembles the display advertising ecosystem: automated, real-time buying of native ad inventory across thousands of publishers. Many refer to this as “programmatic native”.

Programmatic Native Spend

Although programmatic native is still relatively nascent, spend is expected to increase rapidly over the next several years and will likely surpass other forms of programmatic ad spend in the US by 2020. To better understand this emerging ad format, we’re publishing a research report on native advertising that covers the following:

  • Who are the market leaders across the native advertising tech stack (DSPs, SSPs, exchanges)?
  • Who are the primary buyers of native inventory (brands, direct-response advertisers, etc.)?
  • How does the native ad format perform vs. other ad formats?
  • Who are the primary sellers?
  • How do we expect the market to grow in the next several years?

We’ve embedded the research report below, and you can download directly here. Some key takeaways from the report:

Native is not ‘display 2.0’ — it’s a novel format with unique advantages and challenges

While native ad units often yield better user engagement, the process for deploying native ad campaigns is unique to the format. The creative process, pricing model, success metrics, and user experience with native advertising programs challenge traditional display advertising execution patterns, which has likely resulted in slower than expected adoption of the format.

Native works best in mobile environments, where banner clickthrough rates are near zero

We expect much of the growth in native advertising spend to be funneled into mobile; according to IHS, native will account for 63% of all mobile advertising spend by 2020. Additionally, Facebook has reported that 83% of impressions on its mobile-only Audience Network are in the native format & that native ads perform 6x better than traditional banner ads.

The rise of ‘programmatic native’ has been limited by slower adoption on the buy side

According to Business Insider, advertisers will spend $5.7B on programmatic native by 2018 — but large buying platforms have been slow to integrate native into their offerings. We expect the multi-channel demand-side platforms to accelerate integrations with native vendors in the back half of 2016.

Thomvest Native Advertising Overview from Thomvest Ventures

What’s happening in late stage AdTech? A look at fundraising and M&A

by Nima Wedlake on April 11, 2016

There has been plenty of discussion recently about a downturn in the advertising technology (adtech) sector. This gloomy outlook has been fueled in part by lackluster performance among public adtech companies, which in turn compressed valuations in private markets and likely delayed IPO plans for later stage adtech companies.

While the choppy IPO markets are certainly not specific to adtech (we’ve yet to see any technology companies go public in 2016), the prospects of public adtech companies have certainly dimmed overall sentiment in the sector. Specifically, some of the early adtech companies to hit public markets positioned themselves (incorrectly) as technology platforms with predictable revenue, when in reality their businesses were largely contract-based and tied to media spend. This led to a misalignment in investor expectations, and ultimately a loss of faith in the entire sector.

But what the headlines don’t capture is the level of innovation that’s occurred within the digital advertising ecosystem over the last several years — specifically, the value of programmatic buying, real-time bidding infrastructure, and accurate, actionable data to inform targeting. We’ve witnessed a dramatic shift in how ad inventory is bought and sold — two-thirds of US digital ad spending is now transacted programmatically, according to eMarketer. This shift will continue to drive opportunity for startups in the sector.

It’s also important to recognize that adtech companies continue to operate in a sector that is growing rapidly. Digital advertising in the U.S. is expected to exceed $66 billion in 2016, surpassing television as the largest media category. And in our last research report we covered the advertising opportunity specifically on mobile, which is expected to grow by 30% annually through 2019. So while the pace of investment dollars into the sector has slowed slightly, there remain many promising adtech companies that continue to scale their business and raise capital.

To help illustrate this, we’ve compiled data on late stage adtech financings over the last several years, as well as a summary of M&A activity in the sector. Here are some of the highlights:

Late stage financings: Investment in late stage ad tech companies (defined by Pitchbook as “usually Series B to Series Z+ rounds”) peaked in 2014, both in terms of number of deals and total dollars raised. While we saw a drop in the number of companies raising capital in 2015 (41 vs. 64), the total amount of capital raised dropped only slightly (down 12% YoY to $753M). What this tells us: investors are placing bigger bets on fewer companies, usually those that have reached sufficient scale, are profitable (or approaching profitability) and have a defensible technology advantage. Late Stage AdTech Financings

Adtech M&A: We saw a huge spike in the number of adtech acquisitions in 2014, including Datalogix (acq. by Oracle for $1.2B), Brightroll (acq. by Yahoo! for $640M), and LiveRail (acq. by Facebook for $500M). While the total number of acquisitions was down in 2015 (69 vs. 103), it was the second-most active year for adtech M&A over the last decade. Notable transactions in 2015 include Verizon’s $4.4B acquisition of AOL, comScore’s $770M acquisition of Rentrak, and Twitter’s $530M TellApart acquisition. Note: We used the excellent M&A tracker from AdOpsInsider, excluding publisher, agency, and martech acquisitions from this analysis.

AdTech M&A

We’ve embedded our complete findings below and you can download the presentation here.

AdTech Late Stage Deal & M&A Analysis (Thomvest Ventures) from Thomvest Ventures

Looking ahead

While we don’t expect the IPO markets to fully reopen for adtech companies (or the broader tech sector), we do expect the pace of adtech acquisitions to rise in 2016. A few key drivers of M&A:

  • Compressed valuation multiples of public adtech companies make this a buyers market compared to years past.
  • New buyers of adtech are emerging that are looking to better monetize their unique data assets or audiences. We’ve already seen some noteworthy acquisitions in 2016, including the $360M acquisition of Tapad by Norwegian telecom company Telenor and the $1.2B buyout of Opera Mediaworks by a Chinese consortium led including Qihoo 360 & Kunlun.
  • We believe the “marketing cloud” vendors (think Adobe, Oracle, Salesforce) will start to move more aggressively into adtech. Media buying capabilities at large brands are increasingly moving in-house, which presents an opportunity for these vendors to expand their adtech offerings.

On the venture side of things, we expect total capital invested in late stage adtech companies to keep pace with 2015 levels. We’ve already seen several large financings in the first quarter of 2016, including MOAT’s $50M raise and PlaceIQ’s $25M funding round. Companies with a unique advantage — be it data, technology, or platform integrations — will continue to find bullish adtech investors.

Cybersecurity No Longer Needs to be Damaged by Flawed Architecture

by Jonathan Barker on March 30, 2016

As Buckminster Fuller, the great American architect, systems theorist, author, designer and inventor put so aptly: “We are called to be the architects of the future, not its victims.”  Unfortunately, the current cybersecurity solutions being deployed today are typically victimized by the old architecture on which they ride.

Thomvest is keenly aware of this underlying problem and so we were excited by the solution offered by Skyport Systems, leading to our investment in the Company’s $30M Series C financing together with Google Ventures, Cisco’s VC arm, Intel Capital, Northgate Capital, Instant Scale, Index Ventures and Sutter Hill Ventures.  Put simply, Skyport has re-architected the x86 hardware (Intel-based CPUs that started being manufactured in 1978) and software stack into a trusted compute platform with embedded security.


Skyport’s platform brings together zero-trust computing, virtualization and a full stack of security technologies that makes managing and deploying a company’s workloads cost-effective and fast.  This new architectural paradigm is comprised of: 1) a secure architecture that substantiates architectural integrity from the ground up, 2) a hardware-enforced security policy and forensic logging at the application edge, & 3) abstracts security execution from application execution.

The traditional architectural environment typically forces companies to either build a perimeter around their environment, which results in lowest common denominator protection within that perimeter, or bring the security solutions close to the application of concern, which impacts the performance of the application itself.

For applications, Skyport creates a full micro-segmentation DMZ that proxies all traffic from layers 2 through 7 into the application and as such, there is no need for agents to manage or deploy.  In fact, there is no need to change an application or the OS at all. Because of these capabilities, Skyport’s remote management systems allows a company to manage its branches without proxies, firewalls, MPLS or other approaches.

For those readers who are unfamiliar with the layers referred to in the previous paragraph, they are related to the Open Systems Interconnection model and are listed in the table below:

7 Application Layer Message format, Human-Machine interfaces
6 Presentation Layer Coding into 1s and 0s; encryption, compression
5 Session Layer Authentication, permissions, session restoration
4 Transport Layer End-to-end error control
3 Network Layer Network addressing; routing or switching
2 Data Link Layer Error detection, flow control on physical link
1 Physical Layer Bit stream: physical medium, method of representing bits


One can compare the power and ease of Skyport’s ground up zero-trust compute approach to the Xbox’s technology, which was built to play videogames in a networked and secure way.

“By strictly restricting the apps that could run on the platform to XBox-formatted games or apps, it could keep the delivery mechanism from having too many edge-cases or permutations which allowed the system to be more streamlined and stable. By including hardware that was specifically designed for the system, there were never compatibility issues. By networking the consoles into a purpose-built and console-specific management regime, the platform could stay patched, updated, and easily accessible and interoperable with other consoles, apps, and services which were designed to operate in the XBox environment. By tightly restricting the types of access that were permissible within the network, and building software security into all of the apps and consoles, malicious behaviour was reduced, and by building security into the hardware itself, it was entirely eliminated.” [Source]

We believe that Skyport is a first mover and in a great position to win in the Hyper-Secured marketplace – an integrated system that seeks to combine the disparate elements of the IT stack (networking, compute, storage, and security) in a single form factor under a common management interface.

The use cases for Skyport’s technology include securing systems that must operate in the DMZ of a data center and are fully exposed to the Internet, systems that deliver key infrastructure resources – such as Active Directory and other directory services that house key credentials, and systems that must be deployed in the field in untrustworthy locations such as branch offices in foreign countries. Skyport focuses on verticals that are particularly security- and privacy-sensitive, including financial services, healthcare, high tech, energy, retail and government.

The Hyper-Secured Opportunity


Per a September 2015 Guggenheim Securites LLC report – The Missing Link: Hyper-secured Infrastructure:

“While the market opportunity for this kind of system is clearly not ‘every server,’ we believe it could easily come to represent 1% to 3% of unit volume, but delivered at 3x to 5x the traditional server price. This could represent a market with between $1.5 billion and $7.5 billion in revenue, and gross margins in the range of 70% to 75%. This 1% to 3% figure is based on addressing servers/applications that are internet-facing, remotely deployed, branch offices, high value systems, control point systems, SCADA industrial control, urban infrastructure, etc. Many of the systems in use today are running on outdated versions of Microsoft Windows that are past their support period; however, government and commercial organizations do not have the budget or time to rewrite and re-qualify them onto modern operating systems. With increasing public focus on the security vulnerabilities of government agencies and critical infrastructure, replacing legacy servers with hyper-secured infrastructure represents a relatively painless solution to a problem that has been neglected for far too long.”

We believe that Skyport has developed a highly secure, novel, comprehensive and cost-efficient way for governmental entities and companies to deploy their workloads.  And as such, we believe that the team at Skyport is helping enterprises to literally re-architect their future in a trusted manner and thus to avoid becoming victims of future attacks.  We’re excited at the chance to partner with the team at Skyport and look forward to helping them deliver on this promise.

Which Online Lenders Will Survive the Next Recession?

by Laura Cain on March 9, 2016

Most people think of online lenders as a homogenous group of companies with the same upsides and risks. When analyzing the potential impact of a downturn, many analysts and investors lump Lending Club, Prosper, OnDeck, Kabbage, SoFi, etc. into one group. On the surface, this makes sense. All these companies raise loan capital from outside investors, had small or non-existent loan books during the last recession, and rely heavily on technology to facilitate the loan process.

However, this simplification is wildly misleading when predicting the outcome of a downturn. Just as the last recession had a vastly different impact on Bank of America than on Lehman Brothers, each of the online lenders will fare differently during the next recession.

This is not to say that times will be better during a downturn. In a fear-driven market, investors’ risk appetite will decrease and the total available capital on the platforms could shrink. Default rates across the board will increase, putting dual pressure on these online lenders. While the growth of online lenders will be stunted, profitability will be determined by the loan products, sources of capital, and risk culture of the firm.

Loan product flexibility

One of the most important aspects to consider is the average duration of a loan that a company originates. Lending Club’s loans typically have a 3-5 year duration, while Kabbage’s loans average closer to 3-6 months.


Loan duration is extremely important because it enables the lender to have the flexibility to respond quickly to changes in the market. If a lender of short-duration loans sees a tick upwards in default rates, within 3-6 months the lender can recycle loan capital, implement tighter underwriting criteria, and raise rates. A company with a short-duration loan book could operate as a balance sheet lender and completely turn over its loan book 2-4 times a year.

On the other hand, long-duration loans typically lock in an interest rate over multiple years. This introduces higher interest-rate risk. If default rates rise, the deployed capital cannot be recycled nearly as quickly. The performance of the loan book will rely on the online lenders having provided enough cushion to absorb the losses from increased interest rates and rising default rates.

Investors recognize the risk that comes with longer duration loans. With “untested” underwriting models, when investors sense a weakening of the market, it is possible that student loan and mortgage lenders will have more difficulty securitizing and selling off their paper than SMB or personal lenders. A reduction in the ability to securitize loans limits the lenders ability to originate new loans – slowing the business and reducing the company’s ability to adjust to market conditions.

Sources of loan capital

Hedge funds seem likely to be the most problematic source of funds for online lenders if markets turn. Hedge funds are often heavily leveraged and could pull their money off the given platform with signs of a weakening economy. Online lenders that rely on hedge funds could then find it difficult to secure new capital to fund their loans.

In contrast, consumers tend to be slower to react. On P2P platforms, many consumers reinvest their funds automatically and are not expected to flee the market at the first signs of trouble. A lender who secures a significant portion of funds from consumers will have several months lead way to respond.

Risk culture

While all online lenders tout their underwriting as being cutting-edge, the company culture towards risk is extremely important. During good economic times, lenders often become lax. A lender which has prioritized growth over loan quality will undoubtedly experience greater default rates when times change.

Small distinctions in metrics used to track a borrower’s financial health can indicate how conservative an online lender’s practices are. For example, when evaluating at a borrower’s cash flow, some lenders take into account all debt payments for which the customer is liable (mortgage payments, auto loan payments, etc.), and some do not. The lender with the most conservative view of the customer will be most adept at detecting potential problems.

Exponential growth is not necessarily a good thing in online lending. Before scaling, a lender should have several cohorts of data to prove out their underwriting models. Practices such as allowing the sales team to offer discounted rates should be taken as red flags that the company is operating under a short term vision.

How online lenders are preparing

The smartest companies have been preparing for a downturn since inception and have prioritized reaching profitability. Recently, many online lenders have lowered their growth targets, implementing stricter underwriting practices on their longer duration, higher value loans.

In a recession, we expect that conservative lenders will remain profitable in contrast to many of the portfolios that banks held before the Great Recession. Portfolios that remain marginally profitable 1-2 standard deviations from the mean during normal times, will likely be able to provide returns to investors in bad times. The loan capital for conservative investors will not disappear, as the risk vs. return profile will still be deemed attractive. As investors, we continue to be bullish on companies in the space that adapt and evolve their lending criteria as the markets tighten.

With Native Advertising, What’s Old is New Again

by Daphne Ewing-Chow on March 4, 2016

Native advertising is a hot topic among marketers and publishers. The ad format has exploded in popularity over the last several years. According to Business Insider, spending on native ads reached more than $10 billion in 2015. Yet despite recent interest in the ad format, we can trace its roots all the way back to the 1800s – all that is really new about native advertising is the term itself.

Native Advertising Market Size

Native advertising’s origins

Coined in 2011 at the Online Media, Marketing, and Advertising (OMMA) Conference, evidence of native advertising is apparent as far back as the 19th century when “The Furrow” magazine, was created to teach farmers how to effectively manage their farms using John Deere products. The magazine still exists to this day, perhaps a testament to the value of native advertising.

In the twentieth and early twenty-first century, the most common forms of native advertising were advertorials, such as Theodore MacManus’ “The Penalty of Leadership” story for Cadillac in 1910 published in The Saturday Evening Post. In 1959, The New Yorker ran a series of branded cartoons in the magazine’s signature style. More modern and easily recognizable forms include sponsored stories on social media and branded content on media sites like Buzzfeed or Forbes.

So why the sudden buzz?

From a purely definitional perspective, the concept of native advertising has remained unchanged from its humble beginnings in the 1800s. The goal of native today is to integrate marketing messages into content that is already being consumed on a particular type of media including text, images, video, and music. Ultimately, this allows marketers to promote their brand while providing a much less disruptive advertising experience.

We can trace the most recent wave of interest in native to the introduction of smart phones, but more specifically the iPhone which played a significant role in re-establishing user experience expectations for interacting with content on a screen. Smaller screens don’t lend themselves well to traditional display advertising, leading to a massive decline in click through rates for banner ads on mobile. By better integrating advertising & content, publishers can ensure a seamless user experience while effectively monetizing their traffic.

The IAB’s Task Force on Native Advertising has identified several different types of native ad units, which include the following:

  • In-feed units: Story form placements that seamlessly match surrounding content. These are typical of articles in online publications such as Facebook, Twitter, Snapchat, BuzzFeed and Mashable representing the closest analogy to the historical advertorial.
  • Paid search units: The biggest revenue driver for most search engines, the first monetization of search results began in the mid-90s with a flat-fee directory listing in online Yellow Pages. In 2000, this was introduced online with Google Adwords.
  • Recommendation widgets and promoted listings: An ad or paid content link that is delivered via a widget under a title such as “articles you might be interested in” or in the case of e-commerce pages such as Amazon, “Customers who bought this item also bought” and integrated into the body of the page. These can be seen historically in print format, with top ten lists and other paid recommendations.
  • In-ad with native elements: These resemble banner ads in IAB containers which are separate from media content but contain contextually relevant content with links to an offsite page. Often, a snapshot of a brand’s products appear in the feeds of site users. As more recent examples, there exists no clear historical analogy.

What’s next for native?

We’re still in the early days of native’s latest incarnation. Almost two-thirds of marketers surveyed by the Association of National Advertisers said they will increase their native ad budgets over the next year. By 2018, native ad spend is predicted to exceed $21B, according to Business Insider. Expect programmatic buying to be a big driver of this growth, which will allow more advertisers to efficiently buy native ads across a variety of publishers.

Thomvest will be publishing additional research on the programmatic native ecosystem shortly. Stay tuned!

IoT Security – The Pandora’s Box of Connected Devices

by Jonathan Barker on February 26, 2016

As an active investor in security, we believe that the speedy proliferation of connected devices will place increased demand on security for the Internet of Things (IoT), and so we wanted to offer up our view on the complexity of the IoT ecosystem and attack surfaces therein.

IoT is a large market that is growing at a phenomenal rate.  No longer is Internet connectivity just for smartphones and computers.  There are increasing quantities of sensors and controls being deployed in cars, homes and appliances that seamlessly connect to the cloud and monitor and manage the device.

According to Gartner, at the end of last year there were 4.9B connected devices throughout the world, generating a total of ~$1.2T of revenue at the end-point.  They forecast that by 2020 there will be 20.8B connected devices generating $3.0T in revenue at the end-point – a 4x increase in the number of connected devices and a 60%+ increase in end-point revenues.  This trend is creating compelling opportunities for companies to produce new and better products and services.

jb blog p1

Unfortunately, connected devices expose businesses and consumers to new security vulnerabilities.  Just imagine the damage that can occur when a medical device such as an insulin pump, or a control system for a power plant or vehicle, is hacked or sabotaged.  For example, it was widely reported last August that cybersecurity experts were able to shut down a Tesla Model S while the vehicle was operating.  Such illicit activities will cost consumers and businesses money, and potentially, lives.  When such major security breaches occur, it will undoubtedly impact the growth rate for a new IoT device or service.

IoT protection crosses various security domains, including operations, information, IT and physical.  In so doing, IoT security takes on and combines all the security risks of the previous technologies – e.g. network, application, mobile and cloud.  The potential entry points for bad actors is diverse – from edge nodes, servers, intervening nodes, wires, air between the boxes, and engineering and manufacturing centers to connected phones and computers.

The IoT ecosystem uses various devices, infrastructure and protocols. The below chart was created by the Cloud Security Alliance and provides a diagram of the major players and components in IoT:

jb blog p2

When deploying an IoT product or service, an entity should build a secure solution that contemplates not only the threat and capability of the particular IoT device, but also all the potential attack surfaces that touch the device.   Furthermore, the end device is often a very thin client that is not designed with security in mind.  The Open Web Application Security Project (OWASP), a non-profit organization that focuses on improving the security of software, has studied and created a list of the IoT attack surface areas that are common to all IoT devices.

IoT Attack Surface Areas
–  Ecosystem access control
–  Device management
–  Device physical interface
–  Device web interface
–  Device firmware
–  Device network services
–  Administrative interface
–  Local data storage
–  Cloud web interface
–  Ecosystem communication
–  Vendor backend APIs
–  Third party backend APIs
–  Update mechanism
–  Mobile application
–  Vendor backend APIs
–  Network traffic

In past years, OWASP created top 10 risk lists.  However, the complexity of the IoT ecosystem has caused the Project to expand their IoT focus to vulnerabilities tested at each of the surface attack areas. Each attack surface area controls a certain aspect of an IoT device, and should be tested to determine performance against a particular vulnerability(ies).   For example, the ecosystem access control (the first surface area) handles authentication, session management, the implicit trust between components, enrollment security, a decommissioning process, and loss access procedures.  A test will indicate whether a particular vulnerability only impacts that one surface area or whether multiple surface areas are impacted and need to be patched.

OWASP is now in the process of creating vulnerability lists and test procedures to help guide an entity when determining how well a particular vulnerability performs on the particular surface area of a device.  There are tremendous opportunities for security companies to formulate solutions that can shore-up a particular vulnerability at one or many attack surface layers.

Thomvest has invested in 5 security companies – 3 of which have successfully exited and 2 of which are ongoing ventures.  Our firm is interested to make additional investments in the security space, especially for companies that are focused on securing the emerging vulnerabities that attack IoT surface area(s).

In future blogs, we will discuss the market potential for a company to patch a major security vulnerability in the IoT ecosystem and how such a vulnerability impacts the IoT surface area(s).