- Return on Security
- Posts
- 💰 Security, Funded #204 - All Gas No Brakes
💰 Security, Funded #204 - All Gas No Brakes
Get cybersecurity market and intelligence insights, including key trends and industry analysis, for the week of July 21, 2025.
Mike Privette
July 28, 2025 • Reading Time: 15 minutes
Security, Funded by Return on Security, is a weekly analysis of economic activity in the cybersecurity market. This week’s issue is brought to you by Material Security and Nudge Security.
Hey there,
Hope you had a great weekend. I had a great time in Portugal, and I want to extend a big thank you to the Bright Pixel Capital team for having a group of us out!
Gang Gang
Let’s get to it.
PARTNER
Get more out of your email security budget.
When every dollar counts, you want to make sure you make the most of what you get. You (hopefully) get funds for anti-phishing tools, but the threat landscape extends beyond the inbox.
With more sophisticated attack flavors at higher volumes than ever, email security must also encompass insider risk scenarios, account takeover protection, and data loss prevention.
See why Material Security is the preferred choice for organizations looking to protect more areas of their Microsoft 365 or Google Workspace footprint under a unified toolkit… and a single line item in the budget.
Table of Contents
😎 Vibe Check
Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!
What’s your real security operating model? |
Last issue’s vibe check:
Which of these security efforts has driven the most real impact in your org?
🟩🟩🟩🟩🟩🟩 Reducing user friction
🟨🟨🟨⬜️⬜️⬜️ Faster detection & response
🟨🟨🟨⬜️⬜️⬜️ Training engineers/devs
🟨🟨🟨⬜️⬜️⬜️ Communicating business risk
⬜️⬜️⬜️⬜️⬜️⬜️ Other (leave comment)
Well, there you have it, folks. Reducing user friction when it comes to security is what really moves the needle in most orgs. This isn’t surprising to me because I believe that:
Many people inherently want to do the right thing.
Security isn’t always obvious to those of us who aren’t in it day-to-day.
And when it's hard, slow, or confusing? They route around or ignore it. Many programs don’t reach their cruising altitude because friction piles up and keeps them down.
Some of the top comments from last week’s vibe check:
💬 Security & other risk management functions need to keep the aim of reducing user friction top-of-mind if we don't want to be seen as the "department of no/slow"
💬 Empowering people has helped a lot, but mostly because we can't get buy-in for reducing user friction or communicating business risk 🥲
💰 Market Summary
Private Markets
13 companies from 6 countries raised $1.9B across 10 unique product categories
Average deal size was $157.9M (median: $6.5M)
100% of funding went to product companies
14 companies from 6 countries were acquired across 1 unique product category
57% of M&A activity went to service companies
1 company announced layoffs
Public Markets
No public cyber companies had an earnings report.
As of market close on July 25, 2025.
📸 YoY Snapshot
Rolling 12-week charts that compare funding and acquisitions weekly in a year-over-year (YoY) view between 2024 and 2025.
Funding activity over the past 12 weeks totaled $7.2B across 149 deals (mean: $57.2M, median: $10.0M), representing a 79% increase compared to the same period last year when $4.0B was invested across 148 deals.
M&A activity remained strong, with 100 acquisitions completed over the trailing 12 weeks (averaging 8.3 per week), a 89% increase from the 53 acquisitions during the same period in the previous year. This week was unusually high!
PARTNER
Why SaaS security has become a “now” problem
In partnership with Nudge Security
Cuts the noise. Surfaces what matters. Explains every decision.
Understanding and securing your SaaS attack surface is becoming as fundamental as having an incident response plan. Data points to consider from Nudge Security:
Most orgs have twice as many SaaS apps as they have employees
90% of these apps are adopted outside of IT
Each employee has ~70 OAuth grants, many of which allow access to sensitive data
We think the solution isn't more restrictive controls—it's smarter governance. Read the blog
☎️ Earnings Reports
Earnings reports from last week: None
Earning reports to watch this coming week: None
❌ Layoffs
PlaxidityX, an Israel-based company, laid off 65 employees, or 33% of its workforce, as part of a restructuring effort. (more)
🧩 Funding By Product Category
$1.5B for Security Awareness across 1 deal
$182.0M for Security and Compliance Automation across 2 deals
$127.2M for Software Supply Chain Security across 2 deals
$100.0M for Internet of Things (IoT) Security across 1 deal
$7.0M for Managed Detection and Response (MDR) across 1 deal
$6.0M for Secure File Sharing across 1 deal
$5.8M for Deepfake Detection across 1 deal
$4.3M for Human Risk Management across 1 deal
$2.0M for Continuous Threat Exposure Management (CTEM) across 1 deal
$31.3K for AI Adversary Simulation across 1 deal
An undisclosed amount for AI Security across 1 deal
🏢 Funding By Company
Product Companies:
KnowBe4, a United States-based security awareness and simulated phishing training platform, raised a $1.5B Debt Financing from JP Morgan Chase and Kohlberg Kravis Roberts. (more)
Vanta, a United States-based automated compliance monitoring and security platform, raised a $150.0M Series D from Wellington Management. (more)
HeroDevs, a United States-based deprecated open-source software supply chain patching and security platform, raised a $125.0M Private Equity Round from PSG Equity. (more)
Armis Security, a United States-based agentless IoT security platform, raised a $100.0M Secondary Market from Georgian. (more)
Delve, a United States-based security and compliance automation platform, raised a $32.0M Series A from Insight Partners. (more)
Daylight Security, an Israel-based AI-powered managed detection and response (MDR) platform, raised a $7.0M Seed from Bain Capital Ventures. (more)
ShelterZoom, a United States-based secure file storage and sharing platform, raised a $6.0M Venture Round. (more)
IdentifAI, an Italy-based AI-generated deepfake and disinformation detection platform, raised a $5.8M Series A from United Ventures. (more)
Maro, a United States-based human risk management platform, raised a $4.3M Seed from Downing Capital Group. (more)
Cybeats Technologies, a Canada-based software bill of materials (SBOM) security platform, raised a $2.2M Post-IPO Equity. (more)
Starseer, a United States-based continuous threat exposure management platform for AI applications, raised a $2.0M Seed from Gula Tech Adventures. (more)
Haicker, a Switzerland-based continuous AI penetration testing platform, raised a $31.3K Pre-Seed from Founderful Campus.
Resistant AI, a Czech Republic-based platform to protect AI systems from adversarial machine learning attacks and advanced fraud, raised an undisclosed Corporate Round from Experian. (more)
Service Companies:
None
🌎 Funding By Country
$1.9B for the United States across 8 deals
$7.0M for Israel across 1 deal
$5.8M for Italy across 1 deal
$2.2M for Canada across 1 deal
$31.3K for Switzerland across 1 deal
An undisclosed amount for the Czech Republic across 1 deal
🤝 Mergers & Acquisitions
Product Companies:
NetBrain Technologies, a United States-based network security and IT asset visibility platform, was acquired by Blackstone Group for $750.0M. NetBrain Technologies has not previously disclosed any funding events. (more)
Cynerio, a United States-based company securing the Internet of Medical Things (IoMT), was acquired by Axonius for $250.0M. Cynerio had previously raised $37.0M in funding. (more)
CyberSafe, a United Kingdom-based SAP authentication and security platform, was acquired by SecurityBridge for an undisclosed amount. CyberSafe had previously raised $33.0M in funding. (more)
Mira Security, a United States-based network detection and response (NDR) platform, was acquired by Darktrace for an undisclosed amount. Mira Security has not previously disclosed any funding events. (more)
Satori Cyber, an Israel-based secure data access platform, was acquired by CommVault for an undisclosed amount. Satori Cyber had previously raised $25.2M in funding. (more)
Tarsal, a United States-based data engineering and management platform for security data sources, was acquired by Monad for an undisclosed amount. Tarsal had previously raised $6.0M in funding. (more)
Service Companies:
40fi, a United Kingdom-based professional services firm focused on cybersecurity consulting services, was acquired by Vorboss for an undisclosed amount. 40fi has not previously disclosed any funding events. (more)
AccessIT, a United States-based managed security services provider (MSSP), was acquired by Nautic Partners for an undisclosed amount. AccessIT has not previously disclosed any funding events. (more)
DanTech Services, a United States-based managed security services provider (MSSP), was acquired by Vicinity for an undisclosed amount. DanTech Services has not previously disclosed any funding events. (more)
ensec, a Switzerland-based professional services firm focused on security integration consulting, was acquired by Orange Cyberdefense for an undisclosed amount. ensec has not previously disclosed any funding events. (more)
Image Quest, a United States-based managed security services provider (MSSP), was acquired by Evergreen Services Group for an undisclosed amount. Image Quest has not previously disclosed any funding events. (more)
Institut for Cyber Risk, a Denmark-based professional services firm focused on governance, risk, and compliance consulting, was acquired by Bureau Veritas for an undisclosed amount. Institut for Cyber Risk has not previously disclosed any funding events. (more)
KEN & Co., an India-based professional services firm focused on security auditing and compliance consulting, was acquired by In.Corp Advisory for an undisclosed amount. KEN & Co. has not previously disclosed any funding events. (more)
S4 Inc., a United States-based professional services firm focused on cyber threat intelligence services, was acquired by Knexus for an undisclosed amount. S4 Inc. has not previously disclosed any funding events. (more)
📚 Great Reads
AI - Incentives, Economics, Technology, and National Security - A look at the recently unveiled U.S. AI Action Plan and its implications for the race for AI dominance.
One Year Later: Reflecting on Building Resilience by Design - CrowdStrike recently shared a blog post covering some of the key efforts and changes they’ve made in the past year since the infamous incident that impacted organizations worldwide, from IT firms to airlines.
*A message from our partner
🧪 Labs
Shoutout to everyone who had to clean up the SharePoint mess
Security ROI > Coffee ROI
Get value every week? Back the mission.
Or send your smart friends a referral.
Data Methodology and Sources
All of the data is captured point-in-time from publicly available sources.
All financial figures are converted to U.S. Dollars (USD) at the current spot rate at the time of collection.
Company country locations are pulled from publicly available sources.
Companies are categorized using the Return on Security system.
Sometimes the deal details, such as who led the round, how much was raised, or the deal stage, may be updated after publication.
Let us know if you spot any errors, and we’ll fix them.
Reply