Return on Security
Posts
💰 Security, Funded #175 - M&Alps ⛷️

💰 Security, Funded #175 - M&Alps ⛷️

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week from December 16, 2024 to December 31, 2024

Mike Privette
January 06, 2025 • Reading Time: 12 minutes

Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with Intruder.

Hey there,

Happy New Year, and welcome to 2025! I hope you all had some quality downtime with friends and family, some nice time off from work, and a December to remember.

A bit of housekeeping - the first issue of a new year is always a bit different. Instead of just covering the activities from the previous week, I’ll cover the final three weeks of December, which has more activity than you might think, with last-minute deals becoming finalized. Next week’s issue will cover January 1 - January 12, and then it’s business as usual after that.

As for me over the holiday season, I traveled to Switzerland for the first time and spent a lot of quality time enjoying snow activities over the new year. ⛷️ 🛷

You may also start to notice some newsletter changes over the next few weeks based on the feedback I’ve received from the 2024 year-end survey (which is still open here). I’m always trying to improve this newsletter, so your feedback is really important!

Also, if you missed it last year, Return on Security now has a Spotify playlist for all your dealmaking, fundraising, and log analysis needs. 🫡 👌

_{TOGETHER WITH}

Stop Breaches Before They Start With Intruder

Discover your true attack surface

Attack surfaces are changing constantly, and security teams are often too stretched to keep up.

Intruder empowers one SecOps analyst to handle the work of an entire team by finding unknown assets, quickly reacting to changes in dynamic environments, and reducing noise, all while delivering greater coverage of attack surface issues than any other platform.

Take control of your attack surface - book a demo with Intruder today.

_{Partner With Us}

😎 Vibe Check
Market Summary
📸 YoY Snapshot
☎️ Earnings Reports
🧩 Funding By Product Category
🏢 Funding By Company
Funding by Country
🤝 Mergers & Acquisitions
📚 Great Reads
🧪 Labs

😎 Vibe Check

What’s the biggest driver for your company’s investment in “AI for Security” or “Security for AI”?

Last issue’s vibe check:
For the practitioners, how much money do you estimate your company will spend on "AI for Security" or "Security for AI" in 2024?
🟩🟩🟩🟩🟩🟩 Less than $100K (13)
🟨🟨⬜️⬜️⬜️⬜️ More than $100K but less than $250K (5)
🟨🟨🟨⬜️⬜️⬜️ More than $250K but less than $500K (6)
🟨🟨🟨⬜️⬜️⬜️ More than $500K (7)
🟨🟨🟨🟨⬜️⬜️ Not sure / hard to quantify (9)
40 Votes

While “Less than $100K” received the most votes for a single category, 15% of respondents plan to spend $100K to $250K, 15% plan $250K to $500K, and 17.5% expect to invest more than $500K in “AI for Security” and “Security for AI” solutions. These results signal a growing trend: companies are increasingly prioritizing significant AI investments to address operational security challenges while simultaneously elevating and enhancing their existing workforce capabilities.

Some of the top comments from last week:

More than $500K - “We are going all in on this internally to improve efficiency and "eat our own dog food." Then, of late, I have seen our teams using some of those takeaways from our internal security team through the lens of a security vendor.”

💰 Market Summary

8 companies raised $408.4M across 8 unique product categories in 4 countries
10 companies were acquired or had a merger event for $160.0M across 9 unique product categories
97% of funding went to product-based cybersecurity companies
No public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between 2023 and 2024.

A final surge of funding rounds to cap off the Santa Rally at the end of 2024. This was also the behavior we saw in 2023, people try to get their rounds announced right before the holiday break, followed by a very quiet week.

While I’m still double-checking all the final numbers, this brings the total cybersecurity funding for 2024 to just over $14 billion across 500+ transactions. These numbers are higher than 2023’s funding total of $13.5 billion but fall short of the 667 transactions (which I think is a net positive).

Different chart, but the same story as funding goes. Closing and announcing those last-minute M&A transactions so everyone can knock off for a few days.

In 2024, M&A activity exceeded that of 2023 in both volume and dollar value, with 270 transactions totaling over $45 billion. In contrast, 2023 saw 258 cybersecurity M&A transactions totaling just over $40 billion.

_{Partner With Us}

☎️ Earnings Reports

Cyber Market Movers

As of markets close on December 31, 2024

Earnings reports from last week: None

Macro Context:

An interesting observation - if you held the top 10 public company cybersecurity stocks for all of 2024 in your portfolio, you would have received an annualized return of ~21.4%. If you held the S&P500, you would have received an annualized return of ~25%. It’s really hard to beat the market, even when you’re really close to a specific industry!
Tech markets (which account for most of the S&P500 gains) were down slightly in the last days of 2024, partly due to the SEC's still inconsistent treatment of cryptocurrencies and regulation.

Earning reports to watch this coming week:

None

🧩 Funding By Product Category

$300.0M for Quantum Security across 1 deal
$50.0M for Data Protection across 1 deal
$30.0M for Fraud and Financial Crime Protection across 1 deal
$8.0M for Artificial Intelligence (AI) Security across 1 deal
$7.7M for Mobile Application Security across 1 deal
$6.5M for Managed Security Services Provider (MSSP) across 1 deal
$6.2M for Cybersecurity Education & Training across 1 deal
An undisclosed amount for Professional Services across 1 deal

🏢 Funding By Company

SandboxAQ, a United States-based post-quantum cryptography (PQC) security platform, raised a $300.0M Private Equity Round from [Alger , T. Rowe Price, and Breyer Capital. (more)
Keepit, a Denmark-based cloud and SaaS data backup and protection platform, raised a $50.0M Series C from Export and Investment Fund and One Peak. (more)
Bureau, a United States-based no-code identity verification and fraud prevention platform, raised a $30.0M Series B from Sorenson Capital. (more)
Mindgard, a United Kingdom-based threat detection, red teaming, and security platform for AI models, raised an $8.0M Seed from .406 Ventures. (more)
INKA Entworks, a South Korea-based mobile application security and digital rights management (DRM) platform, raised a $7.7M Venture Round from SV Investment Corp.
CISO Global, a United States-based managed compliance and cybersecurity services company, raised a $6.5M post-IPO debt round.
Cloud Range, a United States-based cybersecurity training and simulation platform, raised a $6.2M Funding Round.
Valiant Solutions, LLC, a United States-based professional services firm focused on cybersecurity for national defense efforts, raised an undisclosed Private Equity Round from Bluestone Investment Partners.

🌎 Funding By Country

$342.7M for the United States across 5 deals
$50.0M for Denmark across 1 deal
$8.0M for the United Kingdom across 1 deal
$7.7M for South Korea across 1 deal

🤝 Mergers & Acquisitions

Cylance, a United States-based endpoint detection and response (EDR) platform, was acquired by Arctic Wolf for $160.0M. Cylance had previously raised $297.0M in funding. (more)
Fend, a United States-based company providing physical devices for securing critical infrastructure networks, was acquired by OPSWAT for an undisclosed amount. Fend had previously raised $150.0K in funding. (more)
Hexagate, an Israel-based cryptocurrency and Web3 application security platform, was acquired by Chainalysis for an undisclosed amount. Hexagate had previously raised $8.6M in funding. (more)
Imprivata, a United States-based single sign-on (SSO) platform for sensitive health data, was acquired by SailPoint for an undisclosed amount. Imprivata had previously raised $45.0M in funding. (more)
ITbuilder, a United Kingdom-based managed security services provider (MSSP), was acquired by Evergreen Services Group for an undisclosed amount. ITbuilder had not publicly disclosed any prior funding rounds. (more)
PrivacyMSP, a United States-based professional services firm focused on data privacy assessments and governance, was acquired by Compliance Scorecard for an undisclosed amount. PrivacyMSP had not publicly disclosed any prior funding rounds. (more)
SecureLayer, a South Korea-based security analytics and operations platform, was acquired by SK Shielders for an undisclosed amount. SecureLayer had not publicly disclosed any prior funding rounds. (more)
SnapAttack, a United States-based security analytics and intelligence platform, was acquired by Cisco for an undisclosed amount. SnapAttack had previously raised $8.0M in funding. (more)
Tidelift, a United States-based software supply chain security company that also pays the maintainers of Open Source Software (OSS), was acquired by SonarSource for an undisclosed amount. Tidelift had previously raised $73.5M in funding. (more)
Xari Group, an Australia-based managed security services provider (MSSP), was acquired by First Focus for an undisclosed amount. Xari Group had not publicly disclosed any prior funding rounds. (more)

📚 Great Reads

The 2024 Year End Letter - In case you missed it before the holiday break, here's a recap of what I've been up to the past year and where I see the future of the Return on Security brand.
Security Anti-Patterns in the AI Era - Srajan Gupta discusses AI-era security anti-patterns, emphasizing the evolving security landscape and the importance of recognizing and addressing these systemic risks.
How Narrative Ate Reality in 2024 - Something a bit different to kick the year Kyla Scanlon discusses 2024's narrative-driven reality and its implications for 2025, emphasizing algorithms' influence and society's existential anxieties.

_{*A message from our sponsor}

🧪 Labs

Huge if true

they have played us for absolute fools
— goosewin (@dan_goosewin)
4:34 PM • Dec 14, 2024

How was this week's newsletter?

Data Methodology and Sources

All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using our system at Return on Security, and we write all the company descriptions.
Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.
Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.