Return on Security
Posts
💰 Security, Funded #165 - Garbage In, Garbage Out

💰 Security, Funded #165 - Garbage In, Garbage Out

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of October 7, 2024

Mike Privette
October 15, 2024 • Reading Time: 10 minutes

Security, Funded is a weekly deep dive into the financial transactions, industry news, and economic activity in the cybersecurity market. This week’s issue is presented together with Tarsal and Chainguard.

Hey there,

Hope you had a great weekend and a nice long one if you’re in the US!

Public markets are ripping in various formats from last week, and despite the claims from various major outlets that cybersecurity funding was down 50%+ in Q3, the reality is less than half of that.

According to Return on Security data, Q3 was short 22% compared to Q2. While that sounds like a lot, that puts the total for the year-to-date at a ~16% deficit, or just $2 billion short of meeting 2023 totals. To put that into perspective, that’s only slightly more than Wiz has raised in total. Lightweight baby*! 😤 👊

It’s a good time to be bullish on cyber, even with the doomer headlines. Onward to this week's issue.

_{(*if you got that reference, we are legally best friends now)}

_{TOGETHER WITH}

Get visibility into your SaaS audit logs with Tarsal

One-click, zero-maintenance connectors to your SaaS audit logs

Tarsal helps SecOps teams (e.g., at Robinhood, TripActions, etc.) onboard SaaS audit logs with one-click, zero-maintenance connectors. Tarsal's connectors automatically normalize IOCs, making correlations dead simple, and plug into the SIEM or data lake of your choice. Get visibility into your SaaS sprawl today with Tarsal.

_{Partner With Us}

😎 Vibe Check
Market Summary
📸 YoY Snapshot
☎️ Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
📚 Great Reads
🧪 Labs

😎 Vibe Check

In your experience, what's the hardest part about running a cyber program?

Last issue’s vibe check:
Do you think security awareness training actually works?
🟨🟨🟨⬜️⬜️⬜️ 🙋‍♀️ Yes! (19)
🟩🟩🟩🟩🟩🟩 🤔 Somewhat effective (36)
🟨🟨🟨⬜️⬜️⬜️ 🙈 Not really (17)
72 Votes

Last week, 74% of the people who responded to the vibe check said they felt security awareness training was either somewhat effective or not effective at all. As a sub-industry that tends to reinvent itself every two to three years, this was not at all surprising to see.

Some of the top comments from last week:

“Yes - It's not a perfect solution to any problem, but there is solid actuary proof that it has a noticeable effect on the chances of a company to get breached.“

“Somewhat effective - It can help to make the information more fresh in people's minds (assuming brains are like a LRU cache), but it can't prevent attacks, only maybe detect and possibly thwart. The benefit probably outweighs the cost in most scenarios, but it isn't a great... "Return on Security" 🕶️” (I see what you did there, well played! 👏 )

“Not really - I think it’s a checkbox that is the same thing every year. People just skip past everything and submit the answers or let it play in the background.”

💰 Market Summary

10 companies raised $112.1M across 9 unique product categories in 4 countries
4 companies were acquired or had a merger event across 4 unique product categories
90% of funding went to product-based cybersecurity companies
No public cyber company had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

Weekly funding volume continues on a more muted pace as we go further into Q4 2024, but the year is still running strong.

Acquisitions have also continued on their slow and steady march this year of around four acquisitions per week. As a point of comparison, the 2023 cyber M&A transaction average per week was five.

_{Partner With Us}

☎️ Earnings Reports

Cyber Market Movers

As of markets close October 11, 2024

Earnings reports from last week: None

Macro Context:

Markets in the US were up big time last week, even with a higher-than-expected CPI print for September.
JP Morgan declared the economy’s “soft landing” has arrived.

Earning reports to watch this coming week:

None

🧩 Funding By Product Category

$45.0M for Fraud and Financial Crime Protection across 1 deal
$32.0M for Data Privacy across 1 deal
$19.0M for Breach & Attack Simulation (BAS) across 1 deal
$13.0M for Cyber Risk Management across 2 deals
$3.1M for Software Supply Chain Security across 1 deal
An undisclosed amount for Secure Networking across 1 deal
An undisclosed amount for Managed Security Services Provider (MSSP) across 1 deal
An undisclosed amount for Data Protection across 1 deal
An undisclosed amount for Continuous Automated Red Teaming (CART) across 1 deal

🏢 Funding By Company

HUMAN, a United States-based platform helping to defend against bot impersonation attacks, raised a $45.0M Venture Round from WestCap. (more)
Relyance AI, a United States-based privacy and data governance solution allowing for collaboration of data protection and compliance efforts, raised a $32.0M Series B from M12 - Microsoft's Venture Fund and Thomvest Ventures. (more)
watchTowr, a Singapore-based breach and attack surface (BAS) platform using automated and continuous testing, raised a $19.0M Series A from Peak XV Partners. (more)
CYRISMA, a United States-based cyber risk management and quantification platform for MSPs and MSSPs, raised a $7.0M Series A from Blueprint Equity. (more)
Prime Security, a United States-based security review automation and risk management platform, raised a $6.0M Seed from Foundation Capital. (more)
EdgeBit, a United States-based software supply chain security platform, raised a $3.1M Seed from Haystack. (more)
Owl Cyber Defense, a United States-based secure networking platform for IoT and national defense applications, raised an undisclosed Debt Financing round from Marathon Asset Management. (more)
Precursor Security, a United Kingdom-based managed security services provider (MSSP), raised an undisclosed Venture Round from North East Innovation Fund. (more)
Rubrik, a United States-based data management and protection platform, raised an undisclosed post-IPO secondary from Cisco. (more)
Vidoc Security Lab, a Poland-based continuous automated red teaming (CART) platform, raised an undisclosed Seed from Pebblebed. (more)

🌎 Funding By Country

$93.1M for the United States across 7 deals
$19.0M for Singapore across 1 deal
An undisclosed amount for the United Kingdom across 1 deal
An undisclosed amount for Poland across 1 deal

🤝 Mergers & Acquisitions

Assured Data Protection, a United States-based managed security services provider (MSSP), was acquired by Oakley Capital for an undisclosed amount. (more)
Kivera, a United States-based cloud workload protection and posture management platform, was acquired by Cloudflare for an undisclosed amount. (more)
Parablu, a United States-based secure data management and recovery platform for Microsoft 365 deployments, was acquired by CrashPlan for an undisclosed amount. (more)
Penten, an Australia-based professional services firm focused on cyber and national security services, merged with Amiosec Limited for an undisclosed amount. (more)

📚 Great Reads

The Insurance-Fueled AI Governance Wave - Cyber insurance changed the game for cybersecurity programs, and it's about to do the same for all things AI governance, security, safety, and risk management.
*The True Cost of CVE Management in Containers - Vulnerability management is vital for securing containerized applications. Chainguard discovered that organizations spend thousands of hours annually on CVE management tasks like scanning and remediation. The complexity of upgrades often leads developers to prioritize convenience, impacting both security and productivity
The NHI Index - A centralized resource for understanding, managing, and securing Non-Human Identities (NHIs). This is the first resource I’ve seen that clearly explains what NHI is and how to secure the various parts.
How to Think About Foundation Models for Cybersecurity - After years of AI-washing by security vendors, this podcast explains why the hype is legitimate this time, as AI provides a real opportunity to help security teams cut through the noise and automate away the types of drudgery that lead to mistakes.

_{*A message from our sponsor}

🧪 Labs

If this isn’t the definition of dialed-in, I don’t want to know what is.

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.