💰 Security, Funded #162 - Surfing Economic Waves

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of September 16, 2024

Author

Mike Privette
September 23, 2024 • Reading Time: 11 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Chainguard and Nudge Security.

Hey there,

I hope you had a great weekend, and Happy Rate Cut Season to all those who celebrate! 🫡 

The US Federal Reserve Chair, Jerome Powell (my boy JPow), cut interest rates in the U.S. by 50 basis points, or half a percent for regular folks.

Lower interest rates can eventually mean more startups, investments, and hiring across industries, so many people are excited about this move. As we rapidly approach the start of Q4, we need to see how the economic and jobs data shape up over the next quarter to see if the cuts are working. 🤞 Meanwhile, the data for early-stage and late-stage companies alike are ripping from last week. 🏄️ 🤙 

Onward to this week's issue.

TOGETHER WITH

The Hidden Costs of Container Vulnerability Management

Chainguard reveals the real costs of container vulnerability management.

Developers will often prioritize convenience, even if it means leaving unaddressed CVEs in container images. How many annual hours are engineering teams spending on vulnerability management — including scanning, triaging, and remediation? Research by Chainguard, based on interviews with engineering leaders, reveals a surprising answer and other key findings.

😎 Vibe Check

With Q4 just around the corner, do you think we will see a cybersecurity company go IPO this year?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
If money wasn't an issue, what is the first thing you would prioritize spending on for your security program?
🟩🟩🟩🟩🟩🟩 🙋‍♀️ Hire more people (21)
🟨⬜️⬜️⬜️⬜️⬜️ 🧑🏾‍💻 Buy more software (4)
🟨🟨🟨⬜️⬜️⬜️ 💰 Give everyone raises (13)
38 Votes

So it seems that the answer to doing better in cyber is actually more people and better pay/quality of life — who would have guessed that?! It’s a rare case that you have all people you need, at the market-appropriate level of pay, but not enough software.

Some of the top comments from last week:

“Hire more people - Everyone out there is purporting to "do more with less" while there are any number of qualified candidates looking for good work. Why not instead "do more with more" and preserve some amount of quality of life for my team? Looks good on the company PR side for future hires too!”

“Give everyone raises - Public sector wages don’t compete well with private, and benefits have been cut to below many private benefits now (in our US state, at least). Raises could help offset that, but only so much…”

“Hire more people - If I had more people to develop our tech platform, I could use the software we´re already paying for PLUS free tools to increase productivity and improve financial performance. Having more people would lead to raises for everyone.”

💰 Market Summary

  • 14 companies raised $239.6M across 12 unique product categories in 5 countries

  • 1 company was acquired or had a merger event across 1 unique product category

  • 70% of funding went to product-based cybersecurity companies

  • No public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

This past week, there was a lot of activity across the spectrum of early-stage and late-stage companies. With that week down, the total amount of cybersecurity funding for 2024 has surpassed $10 billion and is trending ahead of the year-to-date (YTD) total from this same time period last year. We are heading into the remaining months of the year that are traditionally lower in funding volume and transaction amounts, however, so there is still a chance that 2024 may not surpass 2023.

Last week was a really quiet week compared to this same time last year. YTD, cybersecurity acquisitions are down ~17% compared to last year's timeframe, but with the same amount of money exchanging hands. So far, 2024 has been a year of high-impact M&A activity and will easily surpass last year.

☎️ Earnings Reports

Cyber Market Movers

As of markets close September 20, 2024.

Earnings reports from last week: None

Macro Context:

  • The U.S. Fed cut interest rates by 50 basis points, and just about everyone rode that wave onward and upward as the whole market went to new highs.

  • Expect this trend to last for at least another week or so, but it’s anyone guess as to how the upcoming U.S. Presidential election will continue to sway public markets.

  • CrowdStrike rallied back hard last week with its annual Fal.Con conference and all but recovered from being down bad from creating the world’s worst IT outage in history. That’s even with some businesses claiming to switch to a competitor because of the outage. This is actually a much more involved problem that many realize if you’ve never had to rip and replace an entire EDR stack (I have). It’s a multi-year, much-pain process to go through that may not even put you in a better place than you were before. ¯\_(ツ)_/¯

Earning reports to watch this coming week:

  • None

🧩 Funding By Product Category

  • $70.0M for Managed Security Services Provider (MSSP) across 2 deals

  • $45.0M for Continuous Threat Exposure Management (CTEM) across 2 deals

  • $33.0M for Security Operations across 1 deal

  • $20.0M for Email Security across 1 deal

  • $19.7M for Firmware Security across 1 deal

  • $17.0M for Personal Cybersecurity across 1 deal

  • $12.0M for Software Supply Chain Security across 1 deal

  • $6.0M for Internet Security across 1 deal

  • $5.0M for Cloud Native Application Protection Platform (CNAPP) across 1 deal

  • $5.0M for Application Security across 1 deal

  • $4.4M for Identity Threat Detection and Response (ITDR) across 1 deal

  • $2.5M for Professional Services across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $199.1M for the United States across 10 deals

  • $33.0M for Israel across 1 deal

  • $5.0M for Estonia across 1 deal

  • $2.5M for Japan across 1 deal

  • An undisclosed amount for the United Kingdom across 1 deal

🤝 Mergers & Acquisitions

lol

📚 Great Reads

*A message from our sponsor

🧪 Labs

We live in a society

Smash that connect/follow button with your boy while you’re at it!

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.