10 Jun Cybersecurity Barometer: Blue Skies Ahead

VCs pour billions more into cyber defense startups and emerging players in 1H 2022

– David Braue

Melbourne, Australia – Jun. 10, 2022

Energy prices are soaring. Dizzying inflation is driving up interest rates. Gas prices are at record highs. Geopolitical instability is damaging supply chains and perpetuating systemic instability.

Everywhere you look, uncertainty is shaking established markets to the core — but somebody forgot to copy the memo to the cybersecurity venture capital (VC) community, where a steady flow of funding and merger and acquisitions (M&A) activity continues to breed new cybersecurity unicorns, drive market consolidation, and facilitate development of innovative new security technologies.

Funding new ideas…

Cybersecurity Ventures’ VC Report, which keeps a running list of VC capital deal flow, has been running hot with activity through the first half of 2022 — with many deals funding innovative startups that are taking new approaches to time-tested security technologies.

Wing Security, for example, emerged from stealth mode with a $26M seed and A funding round that will fund a hiring spree to build out what the company is pitching as a “holistic SaaS security platform delivering end-to-end security.”

Taking a new approach to email privacy, Boston-based Cloaked secured a $25M Series A funding round for its technology, an app and browser extension that preserves user anonymity by generating “cloaked” identities with details that are automatically filled into websites as needed. Think password manager, but for personal details.

Startup OwnID, which is building out an authentication platform build on smartphone-based biometrics, raised $6.2M in a seed round that further supports the idea that passwords are well and truly out of favor.

Meanwhile, investors chipped in $45M in a Series B round for Strider Risk intelligence, which has built a platform to help companies identify which intellectual property and sensitive document systems are most likely to be targeted by nation-state actors — a very real consideration given today’s unstable political climate.

---

Cybercrime Radio: 1H 2022 Deal Flow

Who’s raising venture capital.

---

…and doubling down on the old ones

Even as some investors poured funds into promising new technologies, others were falling over themselves to get a piece of tried-and-tested early-stage companies — with nine-figure equity injections minting several new unicorns and rewarding the success of a range of fast-growing companies.

Global VPN provider NordVPN, for example, completed its first-ever round of funding and catapulted into unicorn status, raising $100M for a valuation of $1.6M.

Reflecting overall growing concern about the vulnerability of critical-infrastructure assets, defense-focused supply-chain cybersecurity company Fortress Information Security LLC raised $125M.

New player Veza, for its part, emerged from stealth mode with a bang — and $110M in funding from a roster of all-star cybersecurity players drawn to its authorization-based cybersecurity platform.

Israeli startup Island, which brought its secure enterprise browser out of stealth mode in February, completed a $115M Series B round that values the company at $1.3b.

And Tailscale, which is executing on a plan to “transform” enterprise VPNs using mesh technology, landed $100M in a Series B round that values it at more than $1B.

Software code security firm SonarSource gathered $412M in new funding to boost its total valuation to $4.7B, confirming that tools for baked-in security have gained strong recognition in the investment community.

Ditto zero-trust security, with ThreatLocker completing a $100M Series C funding round and Twingate raising $42M in a Series B round that raises that company’s valuation to $400M.

Meanwhile, a $90M Series C injection for application-security firm Obsidian Security nearly quadrupled that company’s total capital raising to date — highlighting the continuous growth of an application-security sector that also invested $60M in small business-focused SaaS protection Coro.

The new normal is even better than the old one

These and dozens of other strong capital-raisings highlight the market’s enduring recognition of the value of cybersecurity — which, despite or perhaps even because of the escalating unrest in financial markets, is being recognized as more important than ever.

“Last year was the first full year of financing rounds where [$200M or more] actually became the norm in terms of growth-stage deals,” Richard Seewald, founder and managing partner at Evolution Equity Partners, told Cybercrime Magazine.

“That’s a function of the size of the market, the size of the opportunity, and the competitiveness in the market with regards to talent, technology, and land grabbing.”

“All of this is indicative of a high-growth market where, in some cases, there’s winner takes all and in other cases, there are many who take all — but it’s indicative of substantive and robust opportunity in the cybersecurity space.”

Yet that rosy outlook is not without its qualifiers: Crunchbase, for one, has flagged a slight first-quarter easing and noted a moderate dip in funding during April — in which funding fell to $47B, compared with $53.5B a year earlier when the world was rebounding from the economic chaos of the COVID-19 pandemic.

Those figures don’t necessarily reflect the experience of every VC firm, Seewald warned, noting that $100M-plus financing rounds in Evolution-backed companies like Beyond Identity showed there was plenty of capital to go around.

“On average, we’re more or less in the same place, if not ahead of last year in terms of financing rounds,” he said, “and there have been some supersized rounds concentrated in billion-dollar financing rounds — not billion-dollar valuations — that have skewed the numbers a bit.”

Picking the winners — or buying them

Slowdown or not, staying ahead of the curve requires close monitoring of cybersecurity industry trends.

That has seen investors pouring money into startups in high-profile categories like Web3 and Blockchain, where security startup CertiK raised $88M for a $2B valuation, Web3 privacy startup Privy raised $8.3M in seed funding, and decentralized-identity firm Spruce Systems was backed to the tune of $34M in a Series A round.

Also performing strongly in the new-tech space were AI/ML startups like Mixmode, which secured $45M in Series B funding for its self-learning “third-wave” AI system, designed to proactively secure customers against previously unknown cyberattacks.

Recognizing the growing value of “digital twin” techniques for facilities management and security, Israeli startup BeamUP raised $15M in seed capital.

Also looking overseas, fast-growth crowdsourced security platform Intigriti raised €21.1M ($19.7M) in a strong showing for that increasingly popular market segment.

Yet even as VC firms weighed the advantages of the rolling tide of cybersecurity startups looking for support, other firms were cashing out as they were snapped up by larger firms seeking to fill out their own capabilities or capture new markets.

Cybersecurity Ventures’ M&A Report, which chronicles merger and acquisition activity across the cybersecurity sector, has also been buzzing as innovative companies are snapped up at a healthy clip.

Offensive-technology startup Randori, for example, was purchased by IBM for an estimated $50M to $100M while security “force multiplier” purchased threat-intelligence firm Digital Shadows for $160M.

Showing the continuing appeal of the government market, Washington, D.C. area firm The Carlyle Group paid $4.2B to acquire Defense-focused IT and technical services provider ManTech.

Yet even that paled beside Google’s $5.4B purchase of security stalwart Mandiant, whose broad and deep base of cybersecurity response and forensics skills will be positioned to complement Google’s cloud business.

It was a move that Seewald said “fits in particularly well” with Google’s cloud strategy — and he expects to see more M&A activity throughout the year: “Our view is that with regard to consolidation in the market,” he said, “Big Tech would be engaged in some subsequent moves to shore up categories that are mission-critical.”

“There are also smaller acquisitions and public companies that have relative areas of technology that, when consolidated into larger players to make their offering a lot more attractive,” he explained, citing firms like Splunk that “fit in nicely as large tuck-ins for big tech companies that are addressing gaps in their security stack.”

Despite the headline deals, however, overall M&A activity was down for the quarter — including a one-third drop in $1b-plus deals overall — suggesting, GlobalData said, that “this is a sign that activity is going back to ‘normal’ after the staggering growth seen in 2021.”

Just what that “normal” looks like in the long term remains to be seen — some have suggested that even the busy cybersecurity sector won’t be able to escape the gravity of the global economic slowdown forever — but for the many companies that continue to win over investors, the forecast certainly is for blue skies ahead.

– David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.

---