💰 Security, Funded #200 - Double Benjamin Energy

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of June 23, 2025.

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Intruder, Nudge Security, and Palo Alto Networks.


LEAD PARTNER

Hey there,

Hope you had a great weekend!

Coming at you live and direct from sunny Bournemouth, UK, at the Aspiron Search offices, today marks the 200th issue of the newsletter, and four years since I started Return on Security! 🤯 

Every year, when the anniversary comes around, I am amazed at how much has changed in the last year and since I first started. Never in my wildest dreams did I imagine things would turn out the way they have. For the four-year anniversary, here are four things I never thought would happen when I started:

  1. That this newsletter would have gone on for so long.

  2. That so many people would find the newsletter useful, and that it would start changing the way people think.

  3. That this newsletter would become a real business and my full-time job.

  4. Possibly the craziest thing to me is that this would be the longest I've ever stayed with one company.

Someone recently pointed out #4 to me, and I thought it was insane, but it’s true. The cybersecurity industry has been an incredible field for me all these years, and I’ve been fortunate enough to consistently be drawn into better opportunities rather than running from something. This time around, I was drawn into something I made up.

Let this be a reminder that you can just do things.

Also, to properly celebrate this, I’m teaming up with Decibel and Security Founders at Libertine Social to throw a party and kick off Black Hat! Make sure to RSVP here, and we’re excited to see many of you in person in Las Vegas for a toast!

Join us! 🍻 

PARTNER

How River Island Scaled Security Without Increasing Headcount With Intruder

When you’re a 3 person security team responsible for a national retail chain, you have to work efficiently. 

River Island’s InfoSec Officer knew they needed a solution that was simple, effective, and easy to trust.

With Intruder’s unified exposure management platform, they turned do more with less into a reality:

  • No more blind spots or second-guessing what’s exposed

  • No more scrambles when new threats drop

  • No more blockers - teams fix fast without InfoSec

  • Reports so clear, the CIO cancels 1:1s

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

What’s the biggest distraction pulling security teams away from real progress?

Login or Subscribe to participate in polls.

Last issue’s vibe check:
What’s the most underused input in security decision-making today?
🟨🟨🟨🟨🟨⬜️ Customer service/helpdesk trends (12)
🟩🟩🟩🟩🟩🟩 Application-layer activity (13)
🟨🟨🟨🟨🟨⬜️ Post-incident reviews (12)
🟨🟨🟨🟨⬜️⬜️ Application-to-business mapping (11)
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment) (2)
50 Votes

Last week’s vibe check was one of the lowest-response polls I’ve run so far. Blame it on timing, the algorithm, or sunspots, but if I had to guess, it’s because security people love to debate what’s broken (and there’s plenty!), but they hesitate to declare what works.

It’s understandable. In this field, it’s almost impossible to say you’re “right” about anything for long.

The clear takeaway is that even when teams have access to valuable inputs, like post-incident reviews, helpdesk trends, app usage, or business mapping, they all require interpretation and time. Two things that most teams are in very short supply of.

Some of the top comments from last week’s vibe check:

💬 Post-incident reviews - “Post-incident reviews....from OTHER companies. Most organizations fail to learn from the mistakes of others.”

💰 Market Summary

Private Markets

  • 11 companies from 5 countries raised $280.5M across 10 unique product categories

  • 90% of funding went to product-based cybersecurity companies

  • 6 companies were acquired or had a merger event across 6 unique product categories

Public Markets

  • No public cyber companies had an earnings report

As of market close on June 27, 2025.

📸 YoY Snapshot

Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

The first half of 2025 is just about done, and it’s been a big one! There’s still technically one more day to get those transactions in, but the first half of 2025 is up over $1 billion from the same period last year, and the quarter is up 18% from Q2 2024.

M&A also had a bang-up first half of the year, with Q2 2025 being up 27%+ compared to Q2 2024.

PARTNER

Discover, secure, and govern SaaS use

Securing your SaaS attack surface is becoming as fundamental as having an incident response plan.

Data points to consider from Nudge Security:

  • Modern orgs have twice as many SaaS apps in use as they have employees

  • 90% of these apps are adopted by individuals outside of IT

  • Employees average 70 OAuth grants-many of which allow access to sensitive data

Nudge Security discovers every SaaS app, account, and OAuth grant in minutes, with automation to scale ongoing governance.

☎️ Earnings Reports

Earnings reports from last week: None until Q3.

Earning reports to watch this coming week: None until Q3

🧩 Funding By Product Category

  • $75.0M for Application Security Testing (AST) across 1 deal

  • $60.0M for Fraud and Financial Crime Protection across 2 deals

  • $57.0M for Data Protection across 1 deal

  • $40.0M for Network Security across 1 deal

  • $17.0M for Security Log Data Management (SLDM) across 1 deal

  • $10.0M for Quantum Security across 1 deal

  • $9.5M for Data Loss Prevention (DLP) across 1 deal

  • $5.0M for Security Operations across 1 deal

  • $4.2M for Software Supply Chain Security across 1 deal

  • $2.9M for Managed Security Services Provider (MSSP) across 1 deal

🏢 Funding By Company

Product Companies:

Service Companies:

🌎 Funding By Country

  • $179.4M for the United States across 7 deals

  • $57.0M for France across 1 deal

  • $40.0M for Israel across 1 deal

  • $4.2M for the United Kingdom across 1 deal

  • An undisclosed amount for the Netherlands across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

  • CodeSecure, a United States-based application security testing platform, was acquired by AdaCore for an undisclosed amount. CodeSecure has not previously disclosed any funding events. (more)

  • Invariant Labs, a Switzerland-based security monitoring and guardrails for AI and Agentic AI systems, was acquired by Snyk for an undisclosed amount. Invariant Labs has not previously disclosed any funding events. (more)

  • Otterize, a United States-based composable software authentication and authorization platform, was acquired by Cyera for an undisclosed amount. Otterize had previously raised $11.5M in funding. (more)

  • Prim'X, a France-based data encryption and protection platform for the Microsoft Azure and Office deployments, was acquired by Main Capital Partners for an undisclosed amount. Prim'X has not previously disclosed any funding events. (more)

Service Companies:

  • Banshie, a Denmark-based professional services firm focused on penetration testing services, was acquired by TrueSec for an undisclosed amount. Banshie has not previously disclosed any funding events. (more)

  • Wright Technology Group, a United States-based managed security and IT services provider, was acquired by CMIT Solutions for an undisclosed amount. Wright Technology Group has not previously disclosed any funding events. (more)

📚 Great Reads

*A message from our partner

🧪 Labs

This is the unlock we all need 🙏 

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or forward this to someone smart.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. dollars (USD) when collected.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and we’ll fix them.

Reply

or to participate.