💰 Security, Funded #177 - Born in the US(AI)

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of January 13, 2025.

Security, Funded provides a weekly analysis of economic activity in the cybersecurity market. This week’s issue is presented together with Intruder.io and Intezer.

Hey there,

Hope you had a great weekend!

Last week, the US had a pretty exciting week. There was a new executive order on AI and cyber from the outgoing US President (which likely won’t last), a TikTok ban (and then an unban?), and there were some good old-fashioned presidential pump-and-dump cryptocurrency schemes!

The coming years will be very interesting worldwide, and Return on Security will be here to help keep you informed about the financial and economic impacts related to the cybersecurity industry and the startup landscape.

Also, thank you to everyone who has been consistently answering the weekly Vibe Check! 🙏 If you voted at all in 2024, stay tuned because you’ll be some of the first people to get access to a new report series I’m making that aggregates all of that data and signals. If you want in on the 2025 group, start smashing those Vibe Checks. 🫡 

Lettuce get this bread, family. 🥬 🥖 

TOGETHER WITH

Moving Beyond VM: Why Attack Surface Management Is the Next Step

Insights from Intruder’s Founder & CEO, Chris Wallis

Many companies are transitioning from traditional Vulnerability Management (VM) to Attack Surface Management (ASM) - and it’s easy to see why. ASM provides greater insights into your assets and exposures, helping you reduce your attack surface and stay ahead of future threats. In this guide, we explore the importance of ASM and highlight what to expect from your tooling, so you can implement the most effective program possible.

😎 Vibe Check

Who has the most influence over cybersecurity budget decisions in your organization?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
How is your organization’s cybersecurity function perceived at the executive level?
🟨🟨🟨⬜️⬜️⬜️ A compliance-driven necessity (6)
🟩🟩🟩🟩🟩🟩 A risk management partner (10)
🟨🟨⬜️⬜️⬜️⬜️ A cost center with limited influence (4)
🟨🟨🟨🟨🟨⬜️ A business enabler, directly contributing to growth (9)
🟨🟨🟨⬜️⬜️⬜️ Other (comment below) (6)
35 Votes

This distribution is interesting to me. Nearly 30% of the respondents said their cybersecurity function is still perceived as a cost center or a compliance-driven necessity.

It seems that overcoming perception is one of the harder challenges in our industry, but it’s good to see 54% of respondents said their cyber program is perceived on the up-and-up

Some of the top comments from last week:

Cost Center - We're in an industry behind-the-times, and largely seen as "the department of 'no'", to be excluded if considered at all. Our fiefs influence trends with recent risk-focused communication, if any.

💰 Market Summary

  • 11 companies raised $61.7M across 9 unique product categories in 6 countries

  • 6 companies were acquired or had a merger event for $150.0M across 3 unique product categories

  • 99% of funding went to product-based cybersecurity companies

  • No public cyber companies had an earnings report

📸 YoY Snapshot

This is a rolling 12-week chart comparing funding and acquisitions each week in a year-over-year (YoY) view between the end of 2023 and the start of 2024 and 2025.

Bringing the 2023 data back in by request, so there’s some continuity here. Thanks for the suggestion! With this new view, we can see just how quiet this year is starting off compared to how 2024 ended. I’m not too worried about the slow start, though. I think it’s all a matter of timing in these early innings.

I did the same for M&A data, and here we see a year that is starting the way the previous one ended with a health market. “Start how you intend to finish” or some other such aphorism should be inserted here.

☎️ Earnings Reports

Cyber Market Movers

As of markets close on January 17, 2025

Earnings reports from last week: None

Macro Context:

A bit of a mixed bag overall coming into the new year.

  • US inflation rose again in December 2024, but it was less than expected. While that sounds good, the market hates to miss what it expects, especially if it sends a mixed economic recovery signal like this.

  • That mixed economic data and tech stock dragged most of the major US indexes downward last week.

  • The US Federal Reserve is now likely to hold interest rates steady or even increase rates again due to a faster-than-expected jobs market.

Earning reports to watch this coming week:

  • None

🤘 IPO-h Yeah

  • SailPoint, a United States-based enterprise identity and access management (IAM) platform, filed an S-1 form to go to IPO. If successful, this would not only be the first cyber IPO of 2025, but it would also be the second time that SailPoint has gone public! 🤯 (more)

🧩 Funding By Product Category

  • $36.0M for Identity Threat Detection and Response (ITDR) across 1 deal

  • $10.0M for Brand Protection across 1 deal

  • $7.0M for Social Network Security across 1 deal

  • $3.1M for Passwordless Authentication across 1 deal

  • $2.0M for Secure Access Service Edge (SASE) across 1 deal

  • $1.6M for Trust & Safety across 1 deal

  • $1.2M for Cybersecurity Education & Training across 1 deal

  • $717.2K for Professional Services across 2 deals

  • An undisclosed amount for Managed Security Services Provider (MSSP) across 2 deals

  • An undisclosed amount for Cyber Insurance across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $37.6M for the United States across 5 deals

  • $10.0M for France across 1 deal

  • $9.0M for Israel across 2 deals

  • $3.1M for Czech Republic across 1 deal

  • $1.2M for the United Kingdom across 1 deal

  • $717.2K for Finland across 2 deals

🤝 Mergers & Acquisitions

  • Alterya, an Israel-based fraud protection platform for cryptocurrency transactions and applications, was acquired by Chainalysis for $150.0M. Alterya has not publicly disclosed any prior funding rounds. (more)

  • BlackSwan Technologies, a United Kingdom-based fraud data intelligence platform, was acquired by HUB Security for an undisclosed amount. BlackSwan Technologies has not publicly disclosed any prior funding rounds. (more)

  • Devensys Cybersecurity, a France-based professional services firm focused on offensive security and penetration testing, was acquired by Inherent for an undisclosed amount. Devensys Cybersecurity has not publicly disclosed any prior funding rounds. (more)

  • Haekka, a United States-based security awareness and education platform for organizations using Slack, was acquired by Hook Security for an undisclosed amount. Haekka had previously raised $120.0K in funding. (more)

  • Kerberos, a France-based professional services company focused on network security, was acquired by Tersedia for an undisclosed amount. Kerberos has not publicly disclosed any prior funding rounds. (more)

  • Paymints.io, a United States-based wire fraud protection platform for the real estate industry, was acquired by CertifID for an undisclosed amount. Paymints.io had previously raised $3.0M in funding. (more)

📚 Great Reads

  • How Barcelona Became an Unlikely Hub for Spyware Startups - This post discusses Barcelona's emergence as a hub for spyware startups, highlighting the city's appeal to Israeli security researchers due to tax benefits and lifestyle.

  • *AI in Action. - This looks at four ways AI tools are making a big impact for SOC teams by making investigations more effective and reducing MTTR, from Itai Tevet at Intezer.

  • Things we learned about LLMs in 2024 - A lot has happened in the world of Large Language Models over the course of 2024. Here’s a review of things we figured out about the field in the past twelve months.

  • The Economics of Cybersecurity and Trends - I joined my friend Ashish Rajan on the infamous Cloud Security Podcast to talk about all things cybersecurity economics and forward-looking trends coming for 2025.

*A message from our sponsor

🧪 Labs

Wingardium Levi-oh no, not again! 🪄 💀 

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using our system at Return on Security, and we write all the company descriptions.

  • Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

  • Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market.

Follow me on LinkedIn or Twitter to never miss Return on Security updates.

Reply

or to participate.