• Return on Security
  • Posts
  • 💰 Security, Funded #145 - The Economic Shifts Heard Round the World

💰 Security, Funded #145 - The Economic Shifts Heard Round the World

Insights for the week of May 20, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Tenchi Security.

Hey there,

I hope you had a great week last week and a long weekend if you live in the US or the UK.

The economic vibe around the world is continuing to shift up and down. The US is still hinting at rate cuts, but maybe now, not until 2025. The UK officially “exited” its current recession with 0.6% GDP growth, and inflation dropped 2.4% in the European Union area.

You’re starting to see this play out in the public markets in the middle of Q2 earnings season, where revenue growth outside of the US is climbing at a higher clip than inside the US (more below). This waving up and down pattern is familiar as we climb out of the knock-on effects of monetary policies and the past several years. I even did a podcast episode that walks through this and its impact on the cybersecurity world in the Great Reads section.

Onward to this week's issue.

Submit a deal here: [email protected]

😎 Vibe Check

What do you see as the biggest economic challenge for your company's security program over the next 12 months?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
Which sector inside of cybersecurity is ripe for the next set of M&A roll-ups and take-privates?
🟨🟨🟨🟨🟨⬜️ 🧑🏾‍💻 Application Security (14)
🟨🟨🟨🟨⬜️⬜️ ⛈️ Cloud Security (11)
🟨🟨🟨🟨🟨⬜️ 👾 Data Security (15)
🟨⬜️⬜️⬜️⬜️⬜️ 💻 Endpoint Protection (3)
🟩🟩🟩🟩🟩🟩 🆔 IAM (16)
59 Votes

The “I(AM)’s” have it! Last week, most people thought the IAM space was the next M&A target, and then CyberArk went and acquired Venafi to bring machine identities into the fold (details below). Data Security and Application Security were very close seconds and thirds, which means a lot of people expect a lot of consolidation.

💰 Market Summary

  • 14 companies raised $290.9M across 12 unique product categories in 4 countries

  • 6 companies were acquired or had a merger event for $4.5B across 5 unique product categories

  • 100% of funding went to product-based cybersecurity companies

  • One public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

The industry is back on the grind after a quiet week. With over a month left in the quarter, Q2 2024 funding has reached $3.1B and has surpassed both Q1 2024 and Q2 2023 funding totals.

M&A activity continues the consistent trend of transactions on par with last year but with bigger and higher price tags. Q2 2024 M&As are 16% below this same time last year.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.

Earnings reports this week: Palo Alto Networks

Palo Alto Networks (PANW)

Palo Alto was met with mixed results yet again, even after delivering strong quarterly results. The mixed results came because Palo Alto did not raise its forward-looking guidance for the rest of the year but did cite a stronger-than-expected sales pipeline. A few other financial facts:

  • Revenue was up 15% year-over-year

  • Operating income was up 25% year-over-year

  • Revenue in EMEA jumped 20% and in the Americas by 15%

  • Fiscal year revenue guidance increased 16%

  • Even though ARR for customers on the full platform (platformization) rose from $2 million to $14 million, analysts expected this to be higher (which I think is premature - let Nikesh cook! 🧑‍🍳)

The struggle to sell the platformization messaging to analysts is real. You can tell Palo Alto is feeling frustrated when Nikesh starts laughing at an analyst's question.

Fun fact: Customers are not the street, and the street is often not the customer. It’s the same way that people say the stock market is not the economy. However, it is a leading indicator and all about perception in the public equities world, flawed as it may be.

🧩 Funding By Product Category

  • $143.7M for Application Security across 2 deals

  • $35.0M for Identity Governance & Administration (IGA) across 1 deal

  • $27.5M for Artificial Intelligence (AI) Governance across 1 deal

  • $25.2M for Attack Surface Management (ASM) across 1 deal

  • $17.0M for Artificial Intelligence (AI) Security across 1 deal

  • $14.0M for Fraud and Financial Crime Protection across 1 deal

  • $9.7M for Software Supply Chain Security across 1 deal

  • $8.0M for Data Access Governance across 2 deals

  • $8.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

  • $1.7M for Internet of Things (IoT) Security across 1 deal

  • $1.1M for Data Privacy across 1 deal

  • An undisclosed amount for Security Analytics across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $148.7M for the United States across 11 deals

  • $140.6M for China across 1 deal

  • $1.7M for the United Kingdom across 1 deal

  • An undisclosed amount for Israel across 1 deal

🤝 Mergers & Acquisitions

  • AuditBoard, a United States-based audit, risk, and compliance monitoring and automation platform, was acquired by Hg for $3.0B. (more)

  • Venafi, a United States-based certificate and secrets management platform, was acquired by CyberArk Software for  $1.5B. (more)

  • Aspisec, an Italy-based professional services firm focused on offensive security, was acquired by Abissi for an undisclosed amount.

  • Informer, a United Kingdom-based external attack surface management (ASM) platform, was acquired by Bugcrowd for an undisclosed amount. (more)

  • Netsurion, a United States-based managed detection and response (MDR), was acquired by Lumifi Cyber for an undisclosed amount. (more)

  • Pillr, a United States-based managed detection and response (MDR) platform, was acquired by OpenText for an undisclosed amount. (more)

📚 Great Reads

  • CyberBytes: RSA 2024 Edition - The CyberBytes podcast interviewed Shan Kulkarni, co-founder and CEO of Nullify, about the goal of building AI Agents to augment security teams and help them reach AppSec maturity faster with less.

  • *Alice in Supply Chains Newsletter - Issue #21 - Get the inside scoop on the Cyber Safety Review Board's Microsoft cloud breach report, the surprising Sisense breach, and the latest on third-party breaches, including the UnitedHealth Group ransomware attack.

  • The Future of Cybersecurity: Economic Impacts and AI Security - Daniel Miessler invited me to his podcast to discuss the lingering economic impacts of COVID-19, AI in application security, and trends in cybersecurity startups and investments.

  • AI and Problems of Scale - Generative AI means things that were always possible at a small scale now become practical to automate at a massive scale, and sometimes a change in scale is a change in principle.

*A message from our sponsor

🧪 Labs

What stopping you from unlocking the true potential of your cyber program? 🤔

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our own system at Return on Security, and we write all of the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.