By Reid Mitenbuler
When Jeff Shiner became the CEO of 1Password in 2012, one of his goals was to double the company’s size, from 20 employees to 40. Once that was achieved, he set out to double it again. Then again. And so on. By 2023, the company, which provides password management and other online security services, employed over 1,000 people.
During this time, the only thing that grew faster was the need for the Toronto-based company’s products. In recent years, incidents of global cyberattacks have increased anywhere between 38 and 57 percent year-on-year, according to various estimates; the one consistency is that, on a graph, they have the upward trajectory of a rocket. As AI tools become more sophisticated, cybercriminals become savvier, and digital technology entrenches itself even more in our work and home lives, cybercrime will likely grow.
So it’s no wonder that investors would be eager to get involved in the cybersecurity space, especially with companies like 1Password, which has earned one of the top reputations in the industry. For much of its existence, though—and to investors’ dismay—1Password hasn’t really needed outside help. Since the company’s founding in 2005, it has been profitable—and thus free to do things however it wanted, at its own pace.
Then, in 2019, 1Password decided to accept outside money. What, exactly, caused this shift in thinking?
“It became clear that we were missing real opportunities,” according to Shiner. This came as 1Password was in increasing competition to attract world-class talent in marketing, finance, and other areas. Because of the company’s historical self-sufficiency, it was a bit of a black box to outsiders who “knew almost nothing about us,” he said. “We were such a private company that people did not know whether we were successful, whether we were growing.” The funding helped them get experienced advice from investors while showcasing themselves to the world.
In 2022, 1Password brought in an additional $620 million—the largest venture financing in Canadian history, bringing the company to a valuation of $6.8 billion. In addition to Lightspeed, a number of prominent executives such as LinkedIn chairman Jeff Weiner, General Motors CEO Mary Barra, Crowdstrike CEO George Kurtz, and Walt Disney Company CEO Robert Iger as well as celebrities such as Ryan Reynolds, Matthew McConaughey, and Trevor Noah invested in the company. These individuals not only recognized 1Password’s value, but could also help the under-the-radar company market itself. “Everybody knows who these sorts of folks are, and everybody will pay attention,” Shiner said.
According to Shiner, “a big reason why we brought on Lightspeed” was because it offered 1Password yet another opportunity to leverage the valuable knowledge and connections of people who have tread some of the paths 1Password is about to tread. There’s almost no issue someone at Lightspeed hasn’t dealt with that could come in handy to Shiner when making a big decision or dealing with a tricky situation.
Long before 1Password started raising funding, Lightspeed had been eyeing the company. “I’ve been using 1Password personally for a long time,” Anoushka Vaswani, a partner at Lightspeed, said. Not only did she like how easy the product was to use, but she was also impressed by the kind of “forward-thinking” organizations that also used it, such as Gitlab, IBM, Slack, and Under Armour.
Vaswani was also impressed by 1Password’s possession of the kind of “incredible business fundamentals that you just don’t see a lot,” she said. When Lightspeed first met Shiner, 1Password was “well over $100 million in ARR”—annual recurring revenue. She was also impressed that the company had achieved its level of scale without the sort of sales effort which most other companies would need to reach that level.
Regarding 1Password’s growth, Shiner had started registering a fundamental shift in the company’s sales around 2013—one that the company has pivoted to over time. Previously, most of the company’s sales were consumer focused. Then, around the holidays, Shiner noticed that businesses were starting to buy 1Password as a gift for employees. Not only was this a thoughtful thing to do to keep employees safe at home, but it also served the employers’ interest. As technology continued integrating itself into people’s professional and private lives, the links between those two spheres also grew—increasing the risk that a security lapse in one area would spread to the other. Despite their frequent portrayal in movies and television, devastating data breaches aren’t often the result of sophisticated, network-level hacks; they’re often the result of sloppy personal habits, such as using the same password—or guessable passwords—for all of one’s accounts.
Once Shiner saw the demand from companies—he realized the importance of building the company’s business-to-business arm. Companies saw 1Password as a crucial solution in combating their primary reason for data breaches: weak, reused credentials. This revelation was a result of “listening to our customers but also listening to where the value is, so that you’re not just building an innovation and an idea, but you’re building an actual product, where you understand what part of that customers find valuable and are willing to pay for,” he explained.
Today, 1Password has increased its focus on building its B2B business, roughly two-thirds of the company’s ARR comes from that revenue stream, according to Shiner. This fundamental business shift presents the company with a new challenge: informing potential customers just how much the company has changed. “People first encountered us as a consumer password manager more than as a B2B security leader r, even though we’ve got well over a hundred thousand businesses who rely on us every day,” he said.
Going forward, as people’s personal and professional lives increasingly intermingle on digital devices, especially with the rise of hybrid and remote work, and as cybercriminals become ever more capable, Shiner and Vaswani both expect 1Password’s products to become more valuable. Both have witnessed AI’s potential to create phishing attempts that are so realistic and highly specific to the target that they make past phishing attempts seem primitive in comparison. “I think AI just really increases the threat vector,” Vaswani said. “It really increases the need for a solution that can protect credentials across an organization, regardless of what tool you’re using.”
It’s hard to know if AI presents more threats or opportunities to the cybersecurity space. In any case, it’s already having ripple effects that 1Password is poised to address. “One of the things I’m starting to hear now is that companies are struggling to get more cybersecurity insurance,” Shiner said. “It reminds me of what’s happening with natural disaster insurance in Florida—it’s just too costly for the insurance companies. It’s an indication of the increase in risk.” As cybercrime becomes more sophisticated and companies expand the number and complexity of applications employees can access from anywhere, closing the loops across an organization’s security infrastructure becomes even more important.
Shiner has to consider some of the worst things that can happen in the world—cybercrime, natural disasters, ransomware, etc.—in order to prepare to defend against it all. But in person, he’s incredibly upbeat and optimistic. Perhaps that’s because 1Password products offers something that, at its core, is invaluable in this day and age: peace of mind.
Learn more about the Fortune Cyber 60 and Lightspeed CISO Survey.