💰 Security, Funded #214 - Lock In Season

Hey -

I hope you had a great weekend, and a Happy Q4 to all those who celebrate! 🫡 

This is it, folks. The final home stretch of the year. If your friends aren’t talking about “996" and being locked in on the weekends, then it’s time to focus on yourself and make new friends who understand creating shareholder value.

Also, is nothing safe anymore, you monsters!

Seeing beloved industries fall victim to these kinds of devastating attacks might be the only way we get meaningful change in the cybersecurity world, though. ¯\_(ツ)_/¯

💡 _{Share the newsletter in one click}

😎 Vibe Check

Click the options below to vote on whether you are a practitioner, founder, or investor. Feel free to leave a comment, and I'll feature the best takes in next week’s write-up!

Last issue’s vibe check:
How would you describe the structure of your organization's AI governance committee?
🟩🟩🟩🟩🟩🟩 What AI governance committee?
🟨🟨🟨🟨🟨⬜️ Informal discussions in existing meetings/board
🟨⬜️⬜️⬜️⬜️⬜️ Cross-functional working group meets regularly
🟨⬜️⬜️⬜️⬜️⬜️ Dedicated AI governance board with clear authority

We are still in the early days, indeed, on AI Governance. I know the industry likes to spit out comprehensive frameworks early on as a guide, but so many of these frameworks require a level of maturity, decision-making, and formality (especially if you want to get a certification) that most organizations don’t have yet.

The last mile with actually deploying AI governance may end up being the longest leg of the race for enterprises.

Some of the top comments from last week’s vibe check:

💬 "Decisions are often made outside of these meetings, and the Security / IT teams have to scramble to support.”

💬 “Most of the discussions center on not being able to clearly define who should be in charge of what, but that something should be happening.”

💰 Market Summary

📸 YoY Snapshot

Funding activity over the past 12 weeks totaled $4.3B across 156 deals (mean: $31.0M, median: $8.2M), representing a 29% increase compared to the same period last year.

M&A activity is chugging along at a 28% increase from this same time last year, with 77 acquisitions completed over the last 12 weeks (averaging 6.4 per week).

_{Partner With Us}

☎️ Earnings Reports

🧩 Funding By Product Category

• $180.0M for Cyber Insurance across 1 deal

• $75.0M for Fraud and Financial Crime Protection across 1 deal

• $60.0M for Data Protection across 1 deal

• $51.0M for Security and Compliance Automation across 2 deals

• $35.0M for Passwordless Authentication across 1 deal

• $17.5M for Threat and Risk Prioritization across 1 deal

• $5.3M for Managed Security Services Provider (MSSP) across 2 deals

• $4.0M for AI Governance across 1 deal

• $3.0M for Attack Surface Management (ASM) across 1 deal

• $1.8M for AI Model Security across 1 deal

• An undisclosed amount for SaaS Governance across 1 deal

🏢 Funding By Company

Product Companies:

• Feedzai, a Portugal-based fraud and financial crime protection platform, raised a $75.0M Series E from Lince Capital, Iberis Capital, and Explorer Investments. (more)

• Keepit, a Denmark-based cloud and SaaS data backup and protection platform, raised a $60.0M Debt Financing from the Export and Investment Fund of Denmark and HSBC Innovation Banking. (more)

• Descope, a United States-based no-code passwordless authentication and customer identity building blocks platform, raised a $35.0M Seed from Cerca Partners, Dell Technologies Capital, Lightspeed Venture Partners, Notable Capital, Triventures, and Unusual Ventures. (more)

• Oneleet, a Netherlands-based security and compliance automation platform, raised a $33.0M Series A from Dawn Capital. (more)

• Zania, a United States-based agentic security and compliance automation platform, raised a $18.0M Series A from New Enterprise Associates. (more)

• Mondoo, a United States-based continuous threat exposure and risk prioritization platform, raised a $17.5M Series A from HV Capital. (more)

• SolidCore.ai, a United States-based AI application governance and monitoring platform, raised a $4.0M Seed from Runtime Ventures. (more)

• Mokn, a France-based attack surface management and deception technology platform, raised a $3.0M Seed from Moonfire Ventures. (more)

• Skyld, a France-based AI model security platform, raised a $1.8M Seed from Bloomhaus Ventures and Auriga Cyber ​​Ventures. (more)

• Avanoo, a France-based shadow AI and SaaS governance platform, raised an undisclosed Venture Round from Auriga Cyber ​​Ventures. (more)

Service Companies:

• CISO Global, a United States-based managed compliance and cybersecurity services company, raised a $2.3M Post-IPO Equity from B. Riley Securities. (more)

• CyberCube, a United States-based cyber insurance analytics platform, raised a $180.0M Venture Round from Spectrum Equity. (more)

• Field Effect, a Canada-based managed security services provider (MSSP), raised a $3.0M Venture Round. (more)

🌎 Funding By Country

• $252.8M for the United States across 5 deals

• $75.0M for Portugal across 1 deal

• $60.0M for Denmark across 1 deal

• $33.0M for the Netherlands across 1 deal

• $4.8M for France across 3 deals

• $4.0M for Unknown across 1 deal

• $3.0M for Canada across 1 deal

🤝 Mergers & Acquisitions

Product Companies:

• Netography, a United States-based network detection and response (NDR) platform, was acquired by Vectra for an undisclosed amount. Netography had previously raised $45.0M in funding. (more)

• Spirion, a United States-based data security posture management (DSPM) platform, was acquired by archTIS for an undisclosed amount. Spirion has not previously disclosed any funding events. (more)

• Xynthor AI, a Canada-based platform for limiting sensitive data exposure to AI applications, was acquired by 31 CONCEPT for an undisclosed amount. Xynthor AI has not previously disclosed any funding events. (more)

Service Companies:

• Clearwater, a United States-based managed security services provider for the healthcare industry, was acquired by Sunstone Partners for an undisclosed amount. Clearwater has not previously disclosed any funding events. (more)

• Cyber Smart Defence, a Romania-based professional services company focused on web and mobile application penetration testing, was acquired by Stefanini for an undisclosed amount. Cyber Smart Defence has not previously disclosed any funding events. (more)

• Innablr, an Australia-based professional services firm focused on cloud security and security engineering services, was acquired by DevOps1 for an undisclosed amount. Innablr has not previously disclosed any funding events. (more)

• Latitude Information Security, a United States-based professional services firm focused on cybersecurity strategy consulting, was acquired by Fortified Health Security for an undisclosed amount. Latitude Information Security has not previously disclosed any funding events. (more)

• Solsoft Group, a United Kingdom-based managed security services provider (MSSP), was acquired by Ekco for an undisclosed amount. Solsoft Group has not previously disclosed any funding events. (more)

• URM Consulting, a United Kingdom-based professional services firm focused on data protection and business continuity consulting, was acquired by Cooper Parry for an undisclosed amount. URM Consulting has not previously disclosed any funding events. (more)

📚 Great Reads

🧪 Labs