This website uses cookies
Read our Privacy policy and Terms of use for more information.
How Return on Security collects, categorizes, and publishes cybersecurity market data.
Every data point in our dataset is captured at a point in time from publicly available sources, such as press releases, SEC filings, company announcements, and verified reporting. Nothing is scraped from paywalled databases or third-party aggregators.
All financial figures are converted to U.S. Dollars (USD) at the spot rate on the date of collection
Company headquarters and country locations are sourced from publicly available records
Deal details, such as lead investor, amount raised, and funding stage, may be updated after publication as new information becomes available
SEC filings may reflect partial or interim fundraising and can understate final round numbers
Companies are classified using the Return on Security taxonomy, a proprietary system built to reflect how the cybersecurity market actually operates, not how analyst firms draw quadrants.
The taxonomy uses two layers: category domains (broad areas like Data Protection, Identity, Security Operations) and product categories (specific functions like DLP, PAM, SIEM). Beyond these, thousands of metadata tags capture granular details on specific technologies, target industries, deployment models, compliance frameworks, and more. This enables deep filtering and cross-referencing across the dataset. Categories are assigned based on a company's primary product offering at the time of the deal, and may be reclassified as companies pivot or expand.
We maintain this taxonomy independently. It doesn't map 1:1 to Gartner Magic Quadrants, Forrester Waves, or any other analyst frameworks, and that's by design. Market categories should describe what companies build, not where analysts or marketing efforts place them.
The dataset covers the economic activity of the cybersecurity industry: who's getting funded, acquired, doing layoffs, shutting down, and what the public markets are signaling. This is tracked across several domains:
Public funding rounds: venture capital, private equity, debt, and undisclosed rounds from Angel through late-stage growth
Mergers & acquisitions: strategic acquisitions, PE rollups, asset purchases, and divestitures across product and services companies
Layoffs & shutdowns: consolidations, reshuffles, reductions in force, and bankruptcies
Public market activity: earnings reports, partnerships, and IPO/SPAC activity for publicly traded cybersecurity companies
Geographic scope is global, and the dataset reaches back to the earliest tracked deals in the modern cybersecurity market. This data powers both the weekly newsletter and The Signal, a live intelligence platform for exploring cybersecurity market data in depth.
We take accuracy seriously. If you spot an error in a deal amount, investor attribution, company classification, or anything else, just reply to any newsletter issue or email [email protected] directly. Corrections are applied to the dataset and noted in the following week's issue when material.
This methodology evolves as the market does. When we make meaningful changes to how we collect, categorize, or report data, this page will be updated to reflect the current approach.