šŸ’° Security, Funded #202 - The Calm Between Storms

Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of July 7, 2025.

Author

Mike Privette
July 14, 2025 ā€¢ Reading Time: 11 minutes

Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This weekā€™s issue is brought to you by Intruder, Nudge Security, and 1Password.

Hey there,

Hope you had a great weekend!

Iā€™ll keep it short and sweet today. Itā€™s almost summer time here in the UK, and Iā€™m looking forward to some upcoming work and vacation travel.

Also, looking forward to seeing everyone in a few weeks at Hacker Summer Camp!

PARTNER

Doomscrolling To Catch Vulns? Thereā€™s A Better Way

Zach, CTO at Yembo, used to catch vulns while scrolling on X between meetings ā€“ and hoping he didnā€™t miss the big one.

Now, he starts his day with cvemon ā€“ Intruderā€™s free vulnerability intelligence platform.

It cuts through the noise and tracks the hype around the latest CVEs so you can see what matters and act quickly when things are getting Log4Shell-loud.

If itā€™s blowing up, Zachā€™s already on it.

šŸ˜Ž Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next weekā€™s write-up!

Which security tradeoff is most underappreciated today?

Login or Subscribe to participate in polls.

Last issueā€™s vibe check:
Which problem in security will never be ā€œsolvedā€?
šŸŸ©šŸŸ©šŸŸ©šŸŸ©šŸŸ©šŸŸ© Phishing & social engineering (116)
šŸŸØšŸŸØā¬œļøā¬œļøā¬œļøā¬œļø Shadow IT / AI (37)
šŸŸØšŸŸØšŸŸØā¬œļøā¬œļøā¬œļø Third-party risk (54)
šŸŸØā¬œļøā¬œļøā¬œļøā¬œļøā¬œļø Full log visibility (14)
ā¬œļøā¬œļøā¬œļøā¬œļøā¬œļøā¬œļø Other (leave comment) (7)
228 Votes

Well, no surprises here. Phishing and social engineering lead the way in the ā€œunsolvableā€ problem space in the cyber industry. What was interesting to me was that third-party risk outpaced Shadow IT / AI.

Given how so many people across all business units are rushing to do anything they can with AI-enabled software and services, I would have expected this one to be a (distant) second place from phishing.

Some of the top comments from last weekā€™s vibe check:

šŸ’¬ Phishing - ā€œSince there are no defined boundaries for social interaction, I think its an eternal problem.ā€

šŸ’¬ Shadow IT / AI - ā€œPhishing and social engineering can be eliminated with password-less authentication, but getting to that point may never be viable. Shadow IT will never go away because people are opinionated and greedy.ā€

šŸ’¬ Other - ā€œAll of the above obviously. And donā€™t forget the new risk of someone phishing your developersā€™ third-party, shadow IT AI copilot, which you will never get logs from.ā€œ

šŸ’° Market Summary

Private Markets

  • 10 companies from 5 countries raised $88.0M across 10 unique product categories

  • 100% of funding went to product-based cybersecurity companies

  • 5 companies were acquired or had a merger event across 5 unique product categories

Public Markets

  • No public cyber companies had an earnings report.

  • Public markets down bad (again) after the re-introduction of the on-again, off-again ā€˜reciprocalā€™ tariffs (again)

As of market close on July 11, 2025.

šŸ“ø YoY Snapshot

Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.

A much quieter, but seasonally slow week last week on the funding front.

M&A is still rolling strong, though. This will be a landmark year for M&A in the industry.

PARTNER

How KarmaCheck made SaaS security pay for itself

Within six months, KarmaCheck recouped 150% of its annual investment in Nudge Security by chipping away at runaway SaaS use, along with benefits like:

  • Gaining full visibility into shadow SaaS and AI use

  • Completing user access reviews in 1/3 the time

  • Speeding up security reviews for new SaaS and AI vendors

  • Ensuring complete offboarding

See why they call Nudge a ā€œSwiss Army Knife of Utilityā€.

ā˜Žļø Earnings Reports

Earnings reports from last week: None

Earning reports to watch this coming week: None

āŒ Layoffs

  • Snyk, a United States-based suite of application security tools, laid off 110-130 employees, or 8-10% of its workforce, due to restructuring. (more)

šŸ§© Funding By Product Category

  • $50.0M for Data Protection across 1 deal

  • $15.5M for Managed Detection and Response (MDR) across 1 deal

  • $6.5M for Security and Compliance Automation across 1 deal

  • $5.3M for Operational Technology (OT) Security across 1 deal

  • $5.0M for Data Privacy across 1 deal

  • $4.9M for Secure File Sharing across 1 deal

  • $837.7K for Continuous Automated Red Teaming (CART) across 1 deal

  • $5.0K for Secure Networking across 1 deal

  • $5.0K for Cloud Security Posture Management (CSPM) across 1 deal 

  • An undisclosed amount for API Security across 1 deal

šŸ¢ Funding By Company

Product Companies:

Service Companies:

  • None

šŸŒŽ Funding By Country

  • $82.2M for the United States across 6 deals

  • $5.0M for the United Kingdom across 1 deal

  • $837.7K for Germany across 1 deal

  • $5.0K for Canada across 1 deal

  • $5.0K for Australia across 1 deal

šŸ¤ Mergers & Acquisitions

Product Companies:

  • Antarex, a Singapore-based cyber threat intelligence platform, was acquired by LGMS for an undisclosed amount. Antarex has not previously disclosed any funding events. (more)

  • Axiomatics, a United States-based cloud and network identity and access management platform, was acquired by Leonardo for an undisclosed amount. Axiomatics had previously raised $6.5M in funding. (more)

  • Sourcepoint, a United States-based consent and preference management platform for website privacy preferences, was acquired by Didomi for an undisclosed amount. Sourcepoint had previously raised $17.0M in funding. (more)

Service Companies:

  • A-LIGN, a United States-based global cybersecurity and compliance solutions provider, was acquired by Hg for an undisclosed amount. A-LIGN had previously raised in $54.5M in funding. (more)

  • Abacode, a United States-based managed security services provider focused on governance, risk, and compliance, was acquired by Thrive for an undisclosed amount. Abacode has not previously disclosed any funding events. (more)

šŸ“š Great Reads

*A message from our partner

šŸ§Ŗ Labs

Donā€™t worry, folks, your job is still safe for a bit.

Security ROI > Coffee ROI

Get value every week? Back the mission.

Or send your smart friends a referral.

Data Methodology and Sources

  • All of the data is captured point-in-time from publicly available sources.

  • All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.

  • Company country locations are pulled from publicly available sources.

  • Companies are categorized using the Return on Security system.

  • Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.

  • Let us know if you spot any errors, and weā€™ll fix them.

Reply

or to participate.