- Return on Security
- Posts
- 💰 Security, Funded #197 - All Eyez on Me(trics)
💰 Security, Funded #197 - All Eyez on Me(trics)
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of June 2, 2025.
Mike Privette
June 09, 2025 • Reading Time: 16 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Intruder.io and Cydea.
LEAD PARTNER
Hey there,
I hope you had a great weekend!
My first time at Infosecurity Europe in London last week was a success! For me, the event packed a ton of value into a compact space, and the after-hours events sparked some really great conversations, meetups, and future partnership opportunities. Everyone I spoke with had a similar experience, and I'll definitely be back next year. Thanks to all who came up to say hello!
Huge amount of activity this week, too, so make sure to go to the full blog post.
PARTNER
How River Island Scaled Security Without Increasing Headcount With Intruder
When you’re a 3 person security team responsible for a national retail chain, you have to work efficiently.
River Island’s InfoSec Officer knew they needed a solution that was simple, effective, and easy to trust.
With Intruder’s unified exposure management platform, they turned do more with less into a reality:
No more blind spots or second-guessing what’s exposed
No more scrambles when new threats drop
No more blockers - teams fix fast without InfoSec
Reports so clear, the CIO cancels 1:1s
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What’s the most overhyped source of “security truth” inside companies? |
Last issue’s vibe check:
What’s the most overrated security KPI?
🟩🟩🟩🟩🟩🟩 Number of vulnerabilities (88)
🟨🟨⬜️⬜️⬜️⬜️ Mean time to detect (MTTD) (24)
🟨🟨🟨⬜️⬜️⬜️ Phishing click rate (36)
🟨⬜️⬜️⬜️⬜️⬜️ Compliance coverage (24)
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave a comment) (3)
175 Votes (Newsletter + LinkedIn Poll)
Last week’s vibe check said the quiet part out loud = most security KPIs are broken.
The clear “winner” was Number of Vulnerabilities. It’s a metric we all have to deal with that tells us almost nothing, and it’s one of the most contested fields in the industry. I would also argue we have wasted more time here than on just about anything else.
Multiple readers pointed out the obvious that without context like severity, exploitability, and asset criticality, this metric is totally useless. Worse, it drives bad incentives where companies optimize for a lower number rather than reduced risk.
Some of the top comments from last week’s vibe check:
💬 Vulnerabilities - “Complete lack of contextualization for this number inevitably leads to misdirected resources (i.e., focusing on "getting this number down" when the actual risk is low).”
💬 Other - “Hint: There's only one metric in this list where the denominator is "we have literally no idea"
💬 Other - “All of the above. They all just lack any semblance of context or real value as a leading risk indicator. I get mad just reading those.”
Use your anger
💰 Market Summary
Private Markets
17 companies from 8 countries raised $1.3B across 14 unique product categories
98% of funding went to product-based cybersecurity companies
12 companies were acquired or had a merger event for $170.0M across 10 unique product categories
Public Markets
1 public cyber company had an earnings report
As of markets close on June 6, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Not a big uptick in volume, but a huge one in dollar value. Last week was heavily skewed by one of the major public companies raising a huge debt round.
The M&A train won’t quit this year. We’re not even halfway through Q2, and we’ve already matched the volume for all of Q2 2024. It’s going to be a big year!
PARTNER
How do you make cyber security make sense to the business?
In our first episode of Communicating Cyber series, Robin Oldham is joined by Tim Grieveson, Chief Security Officer at THINGSRECON, to reveal his storytelling playbook.
Tim and Robin also dig into:
Why listening to critics can strengthen your message
How to shift from blockers to enablers in your comms
What it takes to create shared ownership around security
If your cyber security message isn’t landing with decision-makers, this is the blueprint you need.
☎️ Earnings Reports
Earnings reports from last week: $CRWD ( ▲ 1.31% )
CrowdStrike - $CRWD ( ▲ 1.31% )
CrowdStrike came in with a fairly strong first quarter. oasting a 20% revenue growth to $1.1 billion. This surge was fueled by the continued adoption of its Falcon platform and a significant $3.2 billion in Falcon Flex total account deal value. Notably, CrowdStrike continued to see strong demand across geographies, with significant contributions from international markets, and 60% of new business was sourced from channel partners.
Even with all of those impressive numbers, CrowdStrike offered weaker forward-looking guidance on revenue for the rest of the year. CrowdStrike also has some challenges related to revenue recognition and ongoing regulatory inquiries that are creating uncertainty in the short term. They remain optimistic about the future, even doing a $1 billion share buyback as a vote of confidence, but that wasn’t quite enough for investors (it felt more defensive than offensive). Its share price fell ~5% after the earnings call but has moderately rebounded since.
Still, CrowdStrike has what most in the space don’t - consistent execution, operational scale, and real profitability. The market may be jittery in these systemically uncertain times, but the long-term thesis looks very intact.
Earning reports to watch this coming week: $SAIL ( ▲ 4.36% )
🧩 Funding By Product Category
$1.1B for Privileged Access Management (PAM) across 2 deals
$55.8M for Secure Networking across 2 deals
$39.9M for Endpoint Protection across 1 deal
$30.0M for Data Loss Prevention (DLP) across 1 deal
$25.0M for Email Security across 1 deal
$16.0M for Data Protection across 1 deal
$14.0M for Threat Informed Defense (TID) across 1 deal
$13.7M for Cyber Insurance across 1 deal
$12.0M for Governance Risk and Compliance (GRC) across 1 deal
$12.0M for API Security across 1 deal
$6.9M for Web Application and API Protection (WAAP) across 1 deal
$1.7M for Identity and Access Management (IAM) across 2 deals
$338.3K for Penetration Testing across 1 deal
An undisclosed amount for Hardware Security across 1 deal
An undisclosed amount for Distributed Ledger Technology (DLT) Security across 1 deal
🏢 Funding By Company
Product Companies:
CyberArk Software, a United States-based suite of identity security and privileged access management (PAM) tools, raised a $1.1B post-IPO debt round. (more)
Zero Networks, an Israel-based zero-trust and network segmentation platform, raised a $55.0M Series C from Highland Europe. (more)
F-Secure, a Finland-based suite of endpoint and digital identity protection tools, raised a $40.0M post-IPO debt round from Nordic Investment Bank. (more)
MIND, a United States-based data loss prevention platform focused on securing data for AI applications, raised a $30.0M Series A from Crosspoint Capital Partners and Paladin Capital Group. (more)
Trustifi, a United States-based email security platform, raised a $25.0M Series A from Camber Partners. (more)
Infisical, a United States-based encrypted secrets management platform, raised a $16.0M Series A from Elad Gil. (more)
ThreatSpike, a United Kingdom-based threat informed defense (TID) platform, raised a $14.0M Series A from Expedition Growth Capital. (more)
Compyl, a United States-based governance, risk, and compliance (GRC) platform, raised a $12.0M Series A from Venture Guides. (more)
Impart Security, a United States-based API security platform, raised a $12.0M Series A from Madrona Venture Labs. (more)
NightVision, a United States-based web application and API protection platform, raised a $6.9M Venture Round from Sparring Capital Partners. (more)
Ironchip, a Spain-based location-based digital identity management platform, raised a $1.7M Venture Round from Sabadell Venture Capital and an undisclosed Debt Financing from ENISA. (more)
Goldilock, a United Kingdom-based secure networking platform, raised an $800.0K Grant from Enterprise Singapore and Innovate UK. (more)
Backbone, an Austria-based hardware security platfor, raised an undisclosed Venture Round from Sparring Capital Partners. (more)
CyberQP, a Canada-based privileged access management (PAM) platform for managed service providers, raised an undisclosed Debt Financing from CIBC Innovation Banking. (more)
OneKey, a China-based security-focused wallet app for cryptocurrency transactions, raised an undisclosed Series B from YZi Labs. (more)
Service Companies:
Baobab, a United States-based cyber insurance company, raised a $13.7M Series A from eCAPITAL ENTREPRENEURIAL PARTNERS and Viola FinTech. (more)
Melius CyberSafe, a United Kingdom-based penetration and application security testing platform, raised a $338.3K Venture Round from North East Fund. (more)
🌎 Funding By Country
$1.2B for the United States across 8 deals
$55.0M for Israel across 1 deal
$39.9M for Finland across 1 deal
$15.1M for the United Kingdom across 3 deals
$1.7M for Spain across 2 deals
An undisclosed amount for China across 1 deal
An undisclosed amount for Canada across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Corellium, a United States-based mobile threat detection and response platform, was acquired by Cellebrite for $170.0M. Corellium had previously raised $25.0M in funding. (more)
AudITech, an Israel-based IT controls governance, risk, and compliance (GRC) platform, was acquired by Scytale for an undisclosed amount. AudITech has not previously disclosed any funding events. (more)
Borneo, a Singapore-based data security, privacy, and observability platform, was acquired by Atlassian for an undisclosed amount. Borneo had previously raised $18.0M in funding. (more)
DarkLight, a United States-based continuous threat exposure management (CTEM), was acquired by Liongard for an undisclosed amount. DarkLight had previously raised $8.0M in funding. (more)
Exium, a United States-based cellular wireless security platform, was acquired by NETGEAR for an undisclosed amount. Exium had previously raised $6.0M in funding. (more)
Fletch, a United States-based AI-assisted security operations platform, was acquired by F5 for an undisclosed amount. Fletch had previously raised $44.2M in funding. (more)
Nok Nok Labs, a United States-based authentication platform, was acquired by OneSpan for an undisclosed amount. Nok Nok Labs had previously raised $70.3M in funding. (more)
Service Companies:
CyberInsider, a United States-based cybersecurity news media site, was acquired by RestorePrivacy.com for an undisclosed amount. CyberInsider has not previously disclosed any funding events. (more)
PCH Technologies, a United States-based professional services firm focused on cyber risk assessments, was acquired by Evergreen Services Group for an undisclosed amount. PCH Technologies has not previously disclosed any funding events. (more)
Synergetika, a Canada-based professional services firm focused on privileged access management (PAM) implementation services, was acquired by SDG Corporation (TruOps) for an undisclosed amount. Synergetika has not previously disclosed any funding events. (more)
TitanHQ, an Ireland-based managed security services provider (MSSP) focusing on web filtering, email protection, and security awareness, was acquired by Bregal Investments for an undisclosed amount and then merged with Redstor to form a new company named CyberSentriq. Neither Redstor nor TitanHQ had previously disclosed any funding events. (more)
📚 Great Reads
Trust Engineering: Building Security Leadership at Early-Stage Startups - My BSidesSF 2025 talk on being the first security hire at early-stage startups and how Trust Engineering can help you be successful in the role. Here are the slides from my talk, and here's the full BSidesSF 2025 playlist.
How Building a Security Consulting Practice on the Side Changed My Career - How a nights and weekends security consultancy unexpectedly grew into an acquisition and reshaped my career. Plus, lessons on fractional CISO work, vCISO hype, and service-first growth.
*A message from our partner
🧪 Labs
Lol, can you imagine? 😂 Aha ha, just kidding… unless..?? 😳
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply