- Return on Security
- Posts
- 💰 Security, Funded #146 - AI's Got 99 Problems, But CRM Ain't One
💰 Security, Funded #146 - AI's Got 99 Problems, But CRM Ain't One
Insights for the week of May 27, 2024
Mike Privette
June 03, 2024 • Reading Time: 9 minutes
Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz, Nudge Security, and iVerify.
Hey there,
I hope you had a great weekend!
Tech software didn’t have a great week last week. Salesforce showed signs of demand weakness and missed hitting its numbers for the first time in 73 quarters 😲. Other software players also missed earnings, sending the collective tech sector downward.
Salesforce cited missing their numbers (which was hardly a miss) because companies are spending more on AI these days, which leaves them with less money to spend on core software like CRMs. Markets like to overcorrect on things like this, and publicly traded software companies took an L across the board last week. We’re just starting to see how this will play out with public cyber companies, and market corrections aside, it’s worth looking at how this will affect the cybersecurity industry.
More IT budgets are being used on AI - which is no surprise given the rush to inject AI into all parts of a business and product offerings. From a security standpoint, this means that more money will be (or already is) going to secure AI applications and AI business use cases. This may not mean buying tons of “AI Security” or “Security for AI” products (much to the chagrin of many reading this), but it does mean a more focused effort on securing new business efforts using AI. Focus = time, priority, and money.
Onward to this week's issue.
TOGETHER WITH
Kubernetes Security for Dummies
How to implement a container security solution and 10 Kubernetes Security best practices all rolled into one.
Wiz partnered with Wiley to create the Kubernetes Security for Dummies eBook. This free guide includes everything essential to know about building a strong security foundation and running a well-protected operating system.
Table of Contents
😎 Vibe Check
Does your cyber budget for the rest of 2024 have a carve-out for securing the use of AI? |
Last issue’s vibe check:
What do you see as the biggest economic challenge for your company's security program over the next 12 months?
🟨🟨🟨⬜️⬜️⬜️ 💰 Increased prices for cyber tools and services (12)
🟩🟩🟩🟩🟩🟩 ❌ Budget constraints/cuts (26)
🟨🟨🟨🟨⬜️⬜️ 🆙 Rising costs of cyber insurance (21)
🟨🟨🟨⬜️⬜️⬜️ 🥹 Hiring challenges (16)
75 Votes
Last week’s vibe check made people feel like we’re not out of the budget-cutting woods yet. Budget reconciliation is starting to kick in since we're almost halfway through the calendar year. The normal flow is to have a tight spending Q1, relax a little on Q2 to spend some, recalibrate in Q3 to spend a bit less, and then realize you have a budget surplus in Q4 (if you’re doing well) or cut back even harder if you’re not doing well.
The most interesting response was the rising costs of cyber insurance, which came in at number two. As more breaches happen, more insurance claims are filed, and more money is paid out, premiums will really have to adjust. Insurance companies are really good at making money, and they really hate having to pay money out. Interestingly enough, breaches have only ever gone up since the introduction of cyber risk insurance. 👀
“The other items are near constants, but the dramatic change in premiums are a knock on already constrained budgets with larger implications to the business.”
💰 Market Summary
4 companies raised $44.7M across 4 unique product categories in 2 countries
1 company was acquired or had a merger event across 1 unique product category
100% of funding went to product-based cybersecurity companies
3 public cyber companies had an earnings report
📸 YoY Snapshot
This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.
Last week was the second-lowest week of cybersecurity funding for 2024. This same post-RSA dip occurred in 2023, but unlike in 2023, this week, only one-third of the transactions occurred.
Also, it was an unusually quiet week on the M&A front, with only one transaction, but still a high-profile one to boot.
🤙 Earnings Reports
Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.
Earnings reports this week: Okta, SentinelOne, and Zscaler
Okta (OKTA)
The Teflon Don of the cybersecurity world, Okta, had strong Q1 results mostly on the back of large public sector deals. I call Okta the Teflon Don because companies don't stop buying their services no matter how many breaches they have.
A few key financial highlights include:
Raised its full-year guidance
Added 150 new customers in Q1
111% net retention rate (NRR) for the last 12 months
Despite the good quarter, Okta still noted macroeconomic headwinds and a bit of a drag in the SMB market. As a result, some analysts questioned their ability to execute, and its stock dropped ~9%.
SentinelOne (S)
SentinelOne had a bang-up quarter. Revenue increased 40% year-over-year, ARR grew 35% and they finally got free cash flow positive.
Even still, its stock dropped ~22% after the earnings call. SentinelOne lowered its full-year guidance, citing continued macroeconomic challenges, but analysts weren’t having it. They said more could be spent on marketing and sales so they could turn up the heat on its growth.
SentinelOne also cited some weakness in selling in the SMB market, where they normally shine, and said it was still trying to strengthen its enterprise sales muscles. (Call me, Tomer! 👀)
Zscaler (ZS)
Zscaler reported strong results after experiencing significant growth in selling zero-trust and SASE services to large customers last quarter and increased its full-year guidance. All of this was achieved despite a challenging macroeconomic environment and the departure of key sales personnel.
A few highlights include:
Revenue up 32% year-over-year to $533 million
Grew customers spending over $1 million ARR up 31% year-over-year
Gross margin was 81.4%
Despite all of this and analysts being generally impressed with Zscaler’s performance, its stock was down ~7% after the call. The consistent theme last week was software companies taking hits more generally with the continued rise of AI eating into budgets.
See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.
TOGETHER WITH
Discover, secure and govern GenAI use
Nudge Security provides immediate discovery of all GenAI accounts ever created by anyone in your org.
Within minutes of starting a free trial, you’ll have a full inventory of all GenAI apps and users, along with security profiles for each provider to quickly vet new or unfamiliar apps.
Nudge Security’s patented discovery method can identify virtually any new SaaS app without agents, browser plug-ins, or any prior knowledge of the tool’s existence.
🧩 Funding By Product Category
$40.0M for Data Privacy across 1 deal
$2.7M for Data Protection across 1 deal
$2.0M for Artificial Intelligence (AI) Governance across 1 deal
An undisclosed amount for Data Access Governance across 1 deal
🏢 Funding By Company
Transcend, a United States-based data privacy governance and management platform, raised a $40.0M Series B from StepStone Group. (more)
Q*Bird B.V., a Netherlands-based quantum key distribution (QKD) data protection platform, raised a $2.7M Seed from QDNL Participations and Cottonwood Technology Fund. (more)
Zendata, a United States-based AI data risk governance platform, raised a $2.0M Seed from PayPal Ventures. (more)
QueryPie, a United States-based data access governance and control platform, raised an undisclosed Venture Round from Shinhan Venture Investment.
🌎 Funding By Country
$42.0M for the United States across 3 deals
$2.7M for The Netherlands across 1 deal
🤝 Mergers & Acquisitions
This chart really says a lot this week!
BastionZero, a United States-based secure remote access company, was acquired by Cloudflare for an undisclosed amount. (more)
📚 Great Reads
Challenges in Security Engineering Programs - Rami McCarthy writes a guest post at Venture in Security about Security Engineering programs and how their adoption and success are not evenly distributed.
*Analysis of a Pegasus Spyware Sample - iVerify recently presented its takedown of a BLASTPASS exploit discovered on an enterprise customer’s phone. Check out the summary and slides from their talk at Black Hat Asia.
Cybersecurity Trends in 2024 - Bessemer Venture Partners discusses 2024 cybersecurity trends, highlighting CISO priorities, AI's dual role, market consolidation, and the importance of identity management.
Rather Than Measuring Risk, Fix an Interesting Problem - Andy Ellis, former CSO at Akamai, discusses the challenges of measuring risk in enterprise security and suggests focusing on fixing specific problems instead.
*A message from our sponsor
🧪 Labs
They feed us poison (AI screen recording) while taking away our medicine (Clippy📎)
How was this week's newsletter? |
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.
About Return on Security
Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.
Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.
Reply