• Return on Security
  • Posts
  • 💰 Security, Funded #146 - AI's Got 99 Problems, But CRM Ain't One

💰 Security, Funded #146 - AI's Got 99 Problems, But CRM Ain't One

Insights for the week of May 27, 2024

Security, Funded is a weekly deep dive into cybersecurity funding and industry news captured and analyzed by Mike Privette. This week’s issue is presented together with Wiz, Nudge Security, and iVerify.

Hey there,

I hope you had a great weekend!

Tech software didn’t have a great week last week. Salesforce showed signs of demand weakness and missed hitting its numbers for the first time in 73 quarters 😲. Other software players also missed earnings, sending the collective tech sector downward.

Salesforce cited missing their numbers (which was hardly a miss) because companies are spending more on AI these days, which leaves them with less money to spend on core software like CRMs. Markets like to overcorrect on things like this, and publicly traded software companies took an L across the board last week. We’re just starting to see how this will play out with public cyber companies, and market corrections aside, it’s worth looking at how this will affect the cybersecurity industry.

More IT budgets are being used on AI - which is no surprise given the rush to inject AI into all parts of a business and product offerings. From a security standpoint, this means that more money will be (or already is) going to secure AI applications and AI business use cases. This may not mean buying tons of “AI Security” or “Security for AI” products (much to the chagrin of many reading this), but it does mean a more focused effort on securing new business efforts using AI. Focus = time, priority, and money.

Onward to this week's issue.


Kubernetes Security for Dummies

How to implement a container security solution and 10 Kubernetes Security best practices all rolled into one.

Wiz partnered with Wiley to create the Kubernetes Security for Dummies eBook. This free guide includes everything essential to know about building a strong security foundation and running a well-protected operating system.

😎 Vibe Check

Does your cyber budget for the rest of 2024 have a carve-out for securing the use of AI?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What do you see as the biggest economic challenge for your company's security program over the next 12 months?
🟨🟨🟨⬜️⬜️⬜️ 💰 Increased prices for cyber tools and services (12)
🟩🟩🟩🟩🟩🟩 ❌ Budget constraints/cuts (26)
🟨🟨🟨🟨⬜️⬜️ 🆙 Rising costs of cyber insurance (21)
🟨🟨🟨⬜️⬜️⬜️ 🥹 Hiring challenges (16)
75 Votes

Last week’s vibe check made people feel like we’re not out of the budget-cutting woods yet. Budget reconciliation is starting to kick in since we're almost halfway through the calendar year. The normal flow is to have a tight spending Q1, relax a little on Q2 to spend some, recalibrate in Q3 to spend a bit less, and then realize you have a budget surplus in Q4 (if you’re doing well) or cut back even harder if you’re not doing well.

The most interesting response was the rising costs of cyber insurance, which came in at number two. As more breaches happen, more insurance claims are filed, and more money is paid out, premiums will really have to adjust. Insurance companies are really good at making money, and they really hate having to pay money out. Interestingly enough, breaches have only ever gone up since the introduction of cyber risk insurance. 👀 

“The other items are near constants, but the dramatic change in premiums are a knock on already constrained budgets with larger implications to the business.”

💰 Market Summary

  • 4 companies raised $44.7M across 4 unique product categories in 2 countries

  • 1 company was acquired or had a merger event across 1 unique product category

  • 100% of funding went to product-based cybersecurity companies

  • 3 public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Last week was the second-lowest week of cybersecurity funding for 2024. This same post-RSA dip occurred in 2023, but unlike in 2023, this week, only one-third of the transactions occurred.

Also, it was an unusually quiet week on the M&A front, with only one transaction, but still a high-profile one to boot.

🤙 Earnings Reports

Here are notable earnings reports from public cybersecurity companies. This section is Powered by Quartr, where I track all the latest earning reports.

Earnings reports this week: Okta, SentinelOne, and Zscaler

Okta (OKTA)

The Teflon Don of the cybersecurity world, Okta, had strong Q1 results mostly on the back of large public sector deals. I call Okta the Teflon Don because companies don't stop buying their services no matter how many breaches they have.

A few key financial highlights include:

  • Raised its full-year guidance

  • Added 150 new customers in Q1

  • 111% net retention rate (NRR) for the last 12 months

Despite the good quarter, Okta still noted macroeconomic headwinds and a bit of a drag in the SMB market. As a result, some analysts questioned their ability to execute, and its stock dropped ~9%.

SentinelOne (S)

SentinelOne had a bang-up quarter. Revenue increased 40% year-over-year, ARR grew 35% and they finally got free cash flow positive.

Even still, its stock dropped ~22% after the earnings call. SentinelOne lowered its full-year guidance, citing continued macroeconomic challenges, but analysts weren’t having it. They said more could be spent on marketing and sales so they could turn up the heat on its growth.

SentinelOne also cited some weakness in selling in the SMB market, where they normally shine, and said it was still trying to strengthen its enterprise sales muscles. (Call me, Tomer! 👀)

Zscaler (ZS)

Zscaler reported strong results after experiencing significant growth in selling zero-trust and SASE services to large customers last quarter and increased its full-year guidance. All of this was achieved despite a challenging macroeconomic environment and the departure of key sales personnel.

A few highlights include:

  • Revenue up 32% year-over-year to $533 million

  • Grew customers spending over $1 million ARR up 31% year-over-year

  • Gross margin was 81.4%

Despite all of this and analysts being generally impressed with Zscaler’s performance, its stock was down ~7% after the call. The consistent theme last week was software companies taking hits more generally with the continued rise of AI eating into budgets.

See the public cyber company tracker, which shows all public cybersecurity companies worldwide, along with market data, funding raised, product categories, and more.


Discover, secure and govern GenAI use

Nudge Security provides immediate discovery of all GenAI accounts ever created by anyone in your org.

Within minutes of starting a free trial, you’ll have a full inventory of all GenAI apps and users, along with security profiles for each provider to quickly vet new or unfamiliar apps.

Nudge Security’s patented discovery method can identify virtually any new SaaS app without agents, browser plug-ins, or any prior knowledge of the tool’s existence.

🧩 Funding By Product Category

  • $40.0M for Data Privacy across 1 deal

  • $2.7M for Data Protection across 1 deal

  • $2.0M for Artificial Intelligence (AI) Governance across 1 deal

  • An undisclosed amount for Data Access Governance across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $42.0M for the United States across 3 deals

  • $2.7M for The Netherlands across 1 deal

🤝 Mergers & Acquisitions

This chart really says a lot this week!

  • BastionZero, a United States-based secure remote access company, was acquired by Cloudflare for an undisclosed amount. (more)

📚 Great Reads

  • Challenges in Security Engineering Programs - Rami McCarthy writes a guest post at Venture in Security about Security Engineering programs and how their adoption and success are not evenly distributed.

  • *Analysis of a Pegasus Spyware Sample - iVerify recently presented its takedown of a BLASTPASS exploit discovered on an enterprise customer’s phone. Check out the summary and slides from their talk at Black Hat Asia.

  • Cybersecurity Trends in 2024 - Bessemer Venture Partners discusses 2024 cybersecurity trends, highlighting CISO priorities, AI's dual role, market consolidation, and the importance of identity management.

  • Rather Than Measuring Risk, Fix an Interesting Problem - Andy Ellis, former CSO at Akamai, discusses the challenges of measuring risk in enterprise security and suggests focusing on fixing specific problems instead.

*A message from our sponsor

🧪 Labs

They feed us poison (AI screen recording) while taking away our medicine (Clippy📎)

How was this week's newsletter?

Login or Subscribe to participate in polls.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Join the conversation

or to participate.