- Return on Security
- Posts
- 💰 Security, Funded #201 - Flip it and Reverse It
💰 Security, Funded #201 - Flip it and Reverse It
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of June 30, 2025.
Mike Privette
July 07, 2025 • Reading Time: 12 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by 1Password.
Hey there,
Hope you had a great weekend, a long holiday weekend if you were in the US, and a Happy Q3 to all those who celebrate! 🫡
The first half of 2025 has been a doozy for the cybersecurity industry. Here are just a few highlights of what the first half of the year has brought with it:
It produced the largest M&A deal in cybersecurity history (assuming it doesn’t get caught up in antitrust issues with the U.S. DOJ).
It was one of the most active periods for M&A in the past three years, with over 160 transactions.
It accounted for $9.7 billion in funding, representing a 22% increase over the first half of 2024.
It delivered an average return of 11% (as of June 30) from the top 14 publicly traded cybersecurity companies by market cap. In comparison, the S&P 500 has only gained 5.73% in the first half of 2025. 👀
All of this happened during one of the most chaotic years in recent memory, marked by global policy turmoil, on-again and off-again tariffs, and widespread economic uncertainty. Will the bull run last in cyber? Who knows, but if you’re not bullish on cyber after all of that, I don’t know what you’re doing with your life.
Let’s get this bread in the second half of 2025, fam. 😤 👊 💰️
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
Which problem in security will never be “solved”? |
Last issue’s vibe check:
What’s the biggest distraction pulling security teams away from real progress?
🟨🟨🟨🟨🟨⬜️ Chasing every new vuln
🟩🟩🟩🟩🟩🟩 Endless compliance work
🟨🟨🟨🟨⬜️⬜️ Vendor FOMO and shiny tools
🟨🟨🟨⬜️⬜️⬜️ Excessive reporting demands
🟨⬜️⬜️⬜️⬜️⬜️ Other (leave comment)
The people have spoken, and Endless Compliance Work is the biggest distraction pulling security teams away from Real Progress™️. This, I’m not surprised by, but I did expect it to be a two-way tie with chasing every new vulnerability that comes out.
Some of the top comments from last week’s vibe check:
💬 Chasing every new vuln - “Small team, with responsibilities outside of just operational security so often get pulled away from pure security work. We review vulnerabilities with a third party team that handles our scans and focus on vulns with the largest impact across the org. Plus the added ‘joy’ (insert eyeroll) of any zeros that drop between those review meetings.”
💬 Other - “I'm seeing more and more top-down pressure from less technical executives to use AI for the sake of using AI, trumping more practical considerations about the tool and process improvements that would bring the most bang for the buck. It's just depressing, really.”
💰 Market Summary
Private Markets
7 companies from 6 countries raised $1.9B across 7 unique product categories
100% of funding went to product-based cybersecurity companies
7 companies were acquired or had a merger event across 6 unique product categories
Public Markets
No public cyber companies had an earnings report.
U.S. markets were closed on Friday, July 4th, for Independence Day.
Juniper Networks exited the stock market at $39.95 per share on July 1st, following the U.S. Department of Justice (DOJ)'s decision to settle its antitrust lawsuit against HPE's $14 billion all-cash acquisition (the second-largest M&A deal in cybersecurity history).
As of market close on Thursday, July 3, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
If not for a few mega-rounds, last week would have been a really boring week. Late-stage companies stole the show with their pre-IPO and post-IPO moves.
M&A activity continues at a high pace this year, officially finishing the first half of 2025 with 160 transactions.
PARTNER
Navigating M&A: What every security leader needs to know
Securing your SaaS attack surface is becoming as fundamental as having an incident response plan.
M&A is exciting – new products, new colleagues, new possibilities. Often overlooked, cybersecurity can make or break the success of the entire deal.
Join 1Password & Canva security leaders Dave Lewis, Wendy Nather, and Kane Narraway on July 17th at 12:30 PM PT / 3:30 PM ET as they draw on the collective experience of 30+ M&As to examine the security implications of M&A, outline strategies for mitigating risk, and demonstrate why security architecture must be embedded in the due diligence period.
☎️ Earnings Reports
Earnings reports from last week: None
Earning reports to watch this coming week: None
🧩 Funding By Product Category
$1.5B for Secure Networking across 1 deal
$359.0M for Secure Access Service Edge (SASE) across 1 deal
$1.4M for Data Privacy across 1 deal
An undisclosed amount for Security Awareness across 1 deal
An undisclosed amount for Mobile Device Security across 1 deal
An undisclosed amount for Data Protection across 1 deal
An undisclosed amount for Attack Surface Management (ASM) across 1 deal
🏢 Funding By Company
Product Companies:
Zscaler, a United States-based suite of secure access service edge and networking tools, raised a $1.5B post-IPO debt round. (more)
Cato Networks, an Israel-based secure access service edge (SASE) platform, raised a $359.0M Series G from Vitruvian Partners and ION Crossover Partners. (more)
Privasee, a United Kingdom-based privacy platform focusing on GDPR compliance, raised a $1.4M Seed round from Pitchdrive, Plug and Play, and SFC Capital. (more)
Guardsquare, a Belgium-based mobile application security platform, raised an undisclosed Private Equity Round from Verdane. (more)
OctoXLabs, a Turkey-based attack surface management platform, raised an undisclosed Pre-Seed from Finberg. (more)
QbitShield, a United Arab Emirates-based quantum cryptographic encryption keys as a service platform, raised an undisclosed Pre-Seed round.
usecure, a United Kingdom-based human risk management and security awareness training platform, raised an undisclosed Series A from Kennet Partners. (more)
Service Companies:
None
🌎 Funding By Country
What a chart!
$1.5B for the United States across 1 deal
$359.0M for Israel across 1 deal
$1.4M for the United Kingdom across 2 deals
An undisclosed amount for the United Arab Emirates across 1 deal
An undisclosed amount for Turkey across 1 deal
An undisclosed amount for Belgium across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
Acante, a United States-based data access governance platform, was acquired by Concentric AI for an undisclosed amount. Acante has not previously disclosed any funding events. (more)
SSH Communication Security, a Finland-based secure networking and communications platform, was acquired by Leonardo for an undisclosed amount. SSH Communication Security has not previously disclosed any funding events. (more)
Swift Security, a United States-based browser-based platform for protecting against sensitive data usage in GenAI applications, was acquired by Concentric AI for an undisclosed amount. Swift Security has not previously disclosed any funding events. (more)
Service Companies:
Arrowhead Technologies, a United States-based managed security services provider, was acquired by Secur-Serv for an undisclosed amount. Arrowhead Technologies has not previously disclosed any funding events. (more)
BOXX Insurance, a Canada-based cyber risk insurance provider, was acquired by Zurich Insurance Group for an undisclosed amount. BOXX Insurance had previously raised $24.3M in funding. (more)
Silverstring, a United Kingdom-based professional services firm focused on data protection consulting, was acquired by Celerity for an undisclosed amount. Silverstring has not previously disclosed any funding events. (more)
Trustwave, a United States-based managed security services provider (MSSP), was acquired by LevelBlue for an undisclosed amount. Trustwave had previously raised $10.0M in funding. (more)
📚 Great Reads
Why Security Has Become Easier - Frank Wang discusses how security has become easier over the years. The tooling is better. The data is clearer. The playbooks are more available. AI gives us leverage. And in many companies, executive awareness is higher than ever.
*[Webinar] Navigating M&A: What every security leader needs to know - Canva’s Kane Narraway and 1Password’s Dave Lewis and Wendy Nather share best practices for navigating M&A based on their collective experience of over 30+ M&As.
Secure Vibe Coding Guide - A practical guide with real examples of how to secure those vibe coding projects.
*A message from our partner
🧪 Labs
Speaking of vibecoding… 👀
vibecoding is the future
— peachey 𔐓 (@peach2k2)
2:15 PM • Jun 18, 2025
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. dollars (USD) when collected.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes deal details, like who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply