• Return on Security
  • Posts
  • 💰 Security, Funded #119 - Navigating the Cyber Seas: Funding Ebb, M&A Flow 🌊

💰 Security, Funded #119 - Navigating the Cyber Seas: Funding Ebb, M&A Flow 🌊

A deep dive on cybersecurity funding and industry news from the week of November 6th, 2023.

Hey there,

Happy Monday, and I hope you had a great weekend. In this week’s issue, we’ve got:

  • 📉 Funding's Dip, M&A's Grip

  • 💰 $93.5M raised from 15 companies

  • 🌍 Global Cyber Moves: From USA to UAE

  • 📚 From Cyber Caricatures to AGI Futures: A Reading Adventure

The cybersecurity landscape continues to evolve in the face of global macroeconomic shifts.

While some companies wrap up their spending for the year, others are actively seeking year-end deals. This cautious spending behavior suggests a mindful approach in a recovering economy. The industry is also witnessing a notable decline in funding compared to previous weeks, yet mergers and acquisitions remain strong, indicating a strategic consolidation in the market.

Even still, as the industry navigates through these changes, the focus remains on adopting advanced technologies like AI, balancing security needs with economic realities. Let’s get this bread 🥖

Onward to this week's issue.


Close more enterprise deals

Automate security and privacy compliance

With a streamlined workflow and expert guidance, Secureframe automates the entire compliance process end-to-end. What makes Secureframe different?

  • Get audit-ready and achieve compliance in weeks, not months, with built-in remediation guidance and 100+ integrations.

  • Stay compliant with the latest regulations and requirements, including ISO 27001, GDPR, HIPAA, PCI, and other standards.

  • Automate responses to RFPs and security questionnaires with AI.

  • Trusted by hyper-growth organizations: AngelList, Ramp, Lob, Remote, and thousands of other businesses.

Vibe Check - Hiring Santa Rally?

Has hiring for cybersecurity talent rebounded for your company yet?

Login or Subscribe to participate in polls.

Last week’s vibe check:
As the year winds down, are you looking to spend excess budget now, or are you already pushing to next year?

Last week 60% of people said that they were done spending for the year, but that still leaves a healthy 40% that is still looking for year-end deals. Companies are still spending cautiously and need to make sure their investments are worth the trouble, but there are signs of a broader economic rebound(ish) coming into 2024. Your move cyber vendors 😤

🔮 Earnings Reports

A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies.

No public earnings calls to report on from last week. 🫡 

📸 YTD Snapshot

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

Last week marked a ~61% drop in the previous 12-week rolling average in funding. This is quite a stark change from the high-flying numbers from the last few weeks.

Still a relatively strong with on the M&A front last week, and we are currently ~14% shy of the total M&A activity from 2022.

💰 Funding Summary

  • 15 companies raised $93.5M across 12 unique product categories

  • 6 companies were acquired or had a merger event across 5 unique product categories

🧩 Funding By Product Category

  • $35.0M for Data Protection across 1 deal

  • $20.1M for Software Supply Chain Security across 3 deals

  • $8.0M for Managed Security Services Provider (MSSP) across 1 deal

  • $6.8M for Threat Detection and Response (TDR) across 2 deals

  • $5.0M for Threat Informed Defense (TID) across 1 deal

  • $4.3M for Brand Protection across 1 deal

  • $4.0M for Artificial Intelligence (AI) Security across 1 deal

  • $4.0M for Artificial Intelligence (AI) Privacy Assurance across 1 deal

  • $3.6M for Attack Surface Management (ASM) across 1 deal

  • $2.4M for Threat Intelligence across 1 deal

  • $336.3K for Hardware Security across 1 deal

  • An undisclosed amount for Professional Services across 1 deal

🏢 Funding By Company


The Secret’s Out: Announcing Semgrep Secrets Public Beta

We're excited to announce the Public Beta for Semgrep Secrets. Semgrep Secrets scans your code and identifies secrets while ignoring things that look like secrets – regardless of their syntax. And to help you prioritize triaging vulnerabilities, we validate if the secret is still live.

Here's what we're excited about with Semgrep Secrets:

  • Semantic Analysis - Go beyond grep and entropy and use Semgrep’s data-flow engine for detecting Secrets accurately

  • Custom rules - Write your own rules to detect and validate secrets specific to your internal services and databases

  • Entropy Analysis - Detect whether a string is entropic/random enough to be a secret

  • Validation - Detect secrets and validate whether they are active

  • Eliminate developer friction: Get secrets-related findings as PR comments for validated secrets

🌎 Funding By Country

  • $57.3M for United States across 7 deals

  • $12.3M for India across 3 deals

  • $7.7M for United Kingdom across 1 deal

  • $6.0M for Israel across 1 deal

  • $4.3M for Ireland across 1 deal

  • $3.6M for Canada across 1 deal

  • $2.3M for Saudi Arabia across 1 deal

🤝 Mergers & Acquisitions

📚 Great Reads

  • Caricatures of Security People - Phil Venables provides a tongue-in-cheek exploration of different caricatures within the security industry, outlining 16 distinct types of security roles, from a self-appointed thought leader to a cyber-savvy board member, each with its own humorous descriptions and typical sayings.

  • *The Critical Interplay of Cyber Resilience and IAM Resilience - In an age of increasing digital threats, understanding and differentiating between Cyber Resilience and Identity and Access Management (IAM) Resilience becomes paramount.

  • Why We'll Have AGI by 2025-2028 - Daniel Miessler talks about why he believes we will have Artificial General Intelligence (AGI) much sooner than many people think and what it may mean.

  • The Importance of Key Rotation - Olivia Gallucci talks about how key rotation enhances the security of application programming interfaces (APIs)—emphasizing the necessity of key rotation alongside the conventional practice of identifying and deleting leaked secret keys—to mitigate security risks and ensure the long-term integrity of digital systems.

*Sponsored content and/or affiliate link.

📆 Events

  • VantaCon - San Franciso, CA on December 5th, 2023 - See the future of trust in an AI world at Vanta’s annual user conference - use code VC23100 for early bird pricing

🧪 Labs

It’s Harry Potter DNS outage szn

How was this week's newsletter?

Login or Subscribe to participate in polls.

Join the conversation

or to participate.