💰 Security, Funded #93 - Earnings Ups & Downs, Slow Funds, Big Bucks, and Amazon vs HIPAA
A review of cybersecurity funding and industry news from the week of May 8th, 2023, from Mike Privette.
Happy Monday, and I hope you had a great weekend!
Trying something new with a rundown of the entire issue:
🎯 The Rundown
Rapid7 and CyberArk's contrasting Q1 earnings
Potential threats to HIPAA protections with Amazon Clinic
Slow funding and advice for raising capital
$1.04B raised across 13 companies; $870.0M in M&A
Reflections on recent cybersecurity events
Importance of privacy in the age of AI
Defense in depth in cybersecurity
Onward to this week's issue.
Don’t waste time on security scavenger hunts. With pre-mapped controls and over 75 integrations to your tech stack, Drata automates the compliance process.Drata supports 14 frameworks, including SOC2, ISO 27001, HIPAA, and GDPR, so your team can scale security without duplicating work. Best of all, you get real-time visibility into your risk levels with powerful dashboards and alerts.
Have to see it to believe it?
🔮 Earnings Reports 🆕
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
Rapid7 ($RPD) - Rapid7 had a mild earnings report, and analysts gave them business by lower their price targets for its public stock. The team cited continued macroeconomic headwind challenges, and that platform consolidation play not yet living up to the hype for a lower-than-expected quarter.
CyberArk ($CYBR) - CyberArk crushed its earnings and saw a 42% YoY growth in Q1 2023. Demand from financial services increased, contrary to what other cyber players have been saying, and expanding privileged access management (PAM) use cases drove a successful quarter. CyberArk is also one of the very few public cyber companies to raise their annual revenue guidance, whereas most companies are still playing it conservatively.
The takeaway: While broader cybersecurity product consolidations are unlikely to ever happen, capability consolidation at the IAM/PAM layer is actually very likely at the right price point. Identity security offerings of SSO, MFA, PAM, etc., are common stock. The strength, however, relies on what other security ecosystem integrations are possible, and there will naturally only be a few players in this space.A concerning but predictable trend: Be prepared for every cyber company to say how the rise in the use of generative AI by attackers is the reason you need to buy their product offerings 🙄. Stay frosty out there, potential buyers, and think through these claims from first principles for your own threat models at your own company.
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
If you throw out the mega post-IPO debt round (see details below), you can see just how slow new funding from outside investors has gotten. For the folks modeling at home (and I know there are at least 10's of you, and I'm not the only crazy one 😅), I kept in the debt round for consistency's sake. Removing that round from the data shows that both companies and investors alike are being more thoughtful with capital deployment.
The best way to raise capital at these times? Good, old-fashioned sales. Sell so much that you don't need funding, and investors' dollars will come flooding your door.
💰 Funding Summary
13 companies raised $1.04B across 11 unique product categories
4 companies were acquired or had a merger event across 3 unique product categories for $870.0M
🧩 Funding By Product Category
$1.0B for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal
$15.5M for Fraud and Financial Crime Protection across 3 deals
$14.0M for Data Security Posture Management (DSPM) across 1 deal
$6.2M for Software Supply Chain Security across 1 deal
$3.0M for Cybersecurity Education & Training across 1 deal
$2.7M for Data Privacy across 1 deal
$654.4K for Quantum Security across 1 deal
$50.0K for Attack Surface Management (ASM) across 1 deal
An undisclosed amount for Security Orchestration and Automated Response (SOAR) across 1 deal
An undisclosed amount for Secure Collaboration and Messaging across 1 deal
An undisclosed amount for Password Management across 1 deal
🏢 Funding By Company
🌎 Funding By Country
$1.02B for United States across 8 deals 🇺🇸
$12.5M for Netherlands across 1 deal 🇳🇱
$6.9M for Canada across 2 deals 🇨🇦
$50.0K for India across 1 deal 🇮🇳
An undisclosed amount for South Africa across 1 deal 🇿🇦
🤝 Mergers & Acquisitions
📚 Great Reads
Deconstructing a Cybersecurity Event - Dragos, the industrial control systems (ICS) cybersecurity company, had an attempted breach and extortion scheme run against them by a known cybercriminal group. Dragos breaks down what happened.
The Security Auditing Manifesto: Shared Values for Effective Security and Compliance Management - Learn how adopting a collaborative approach that values transparency, shared understanding, and continuous improvement can help organizations build stronger security partnerships, reduce friction, and better manage real risks to the business while effectively addressing compliance requirements.
Why more transparency around cyber attacks is a good thing for everyone - Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner’s Office (ICO), reflect on why it’s so concerning when cyber attacks go unreported – and look at some of the misconceptions about how organisations respond to them.
Track, measure, and prove privacy program success!
Privacy is complicated and expensive, meaning it’s ready for a serious shakeup. Chief Privacy Officers and CISOs are at the center of this complexity, surrounded by evolving regulatory requirements and a growing network of internal partners because privacy is truly cross-functional. No single team can manage it alone. PrivacyCode brings everyone all together by translating legal requirements into tangible tasks for developers and product teams. Finally, everyone gets privacy requirements in their respective context with metrics their teams actually care about!
It’s called defense in depth, sweaty, look it up 😤👊
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🔥 Security, Funded is brought to you by Return on Security.
🤝 Want to partner with Security, Funded? Learn more here.
🐝 If you run a newsletter, I can't recommend Beehiiv enough.