๐ฐ Security, Funded #93 - Earnings Ups & Downs, Slow Funds, Big Bucks, and Amazon vs HIPAA
A review of cybersecurity funding and industry news from the week of May 8th, 2023, from Mike Privette.
Mike Privette
May 15th, 2023
Hey there,
Happy Monday, and I hope you had a great weekend!
Trying something new with a rundown of the entire issue:
๐ฏ The Rundown
Rapid7 and CyberArk's contrasting Q1 earnings
Potential threats to HIPAA protections with Amazon Clinic
Slow funding and advice for raising capital
$1.04B raised across 13 companies; $870.0M in M&A
Reflections on recent cybersecurity events
Importance of privacy in the age of AI
Defense in depth in cybersecurity
Onward to this week's issue.
๐ฃSponsor
Donโt waste time on security scavenger hunts. With pre-mapped controls and over 75 integrations to your tech stack, Drata automates the compliance process.Drata supports 14 frameworks, including SOC2, ISO 27001, HIPAA, and GDPR, so your team can scale security without duplicating work. Best of all, you get real-time visibility into your risk levels with powerful dashboards and alerts.
Have to see it to believe it?
๐ฎ Earnings Reports ๐
A section for notable earnings reports from public cybersecurity companies, be they โpure playโ or hybrid companies:
Rapid7 ($RPD) - Rapid7 had a mild earnings report, and analysts gave them business by lower their price targets for its public stock. The team cited continued macroeconomic headwind challenges, and that platform consolidation play not yet living up to the hype for a lower-than-expected quarter.
CyberArk ($CYBR) - CyberArk crushed its earnings and saw a 42% YoY growth in Q1 2023. Demand from financial services increased, contrary to what other cyber players have been saying, and expanding privileged access management (PAM) use cases drove a successful quarter. CyberArk is also one of the very few public cyber companies to raise their annual revenue guidance, whereas most companies are still playing it conservatively.
The takeaway: While broader cybersecurity product consolidations are unlikely to ever happen, capability consolidation at the IAM/PAM layer is actually very likely at the right price point. Identity security offerings of SSO, MFA, PAM, etc., are common stock. The strength, however, relies on what other security ecosystem integrations are possible, and there will naturally only be a few players in this space.A concerning but predictable trend: Be prepared for every cyber company to say how the rise in the use of generative AI by attackers is the reason you need to buy their product offerings ๐. Stay frosty out there, potential buyers, and think through these claims from first principles for your own threat models at your own company.
๐ Industry News Roundup
๐ YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
If you throw out the mega post-IPO debt round (see details below), you can see just how slow new funding from outside investors has gotten. For the folks modeling at home (and I know there are at least 10's of you, and I'm not the only crazy one ๐ ), I kept in the debt round for consistency's sake. Removing that round from the data shows that both companies and investors alike are being more thoughtful with capital deployment.
The best way to raise capital at these times? Good, old-fashioned sales. Sell so much that you don't need funding, and investors' dollars will come flooding your door.
๐ฐ Funding Summary
13 companies raised $1.04B across 11 unique product categories
4 companies were acquired or had a merger event across 3 unique product categories for $870.0M
๐งฉ Funding By Product Category
$1.0B for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal
$15.5M for Fraud and Financial Crime Protection across 3 deals
$14.0M for Data Security Posture Management (DSPM) across 1 deal
$6.2M for Software Supply Chain Security across 1 deal
$3.0M for Cybersecurity Education & Training across 1 deal
$2.7M for Data Privacy across 1 deal
$654.4K for Quantum Security across 1 deal
$50.0K for Attack Surface Management (ASM) across 1 deal
An undisclosed amount for Security Orchestration and Automated Response (SOAR) across 1 deal
An undisclosed amount for Secure Collaboration and Messaging across 1 deal
An undisclosed amount for Password Management across 1 deal
๐ข Funding By Company
Iron Mountain, a United States-based data protection and disaster recovery company, raised a $1.0B Post-IPO Debt round. (more)
1touch.io, a United States-based data security posture management (DSPM) platform, raised a $14.0M Series B from Neotribe Ventures. (more)
ThreatFabric, a Netherlands-based fraud threat intelligence platform, raised a $12.5M Seed from ABN AMRO Venturesand Motive Ventures. (more)
Cybeats Technologies, a Canada-based software bill of materials (SBOM) security platform, raised a $6.2M Post-IPO Equity round. (more)
Cloudburst Technologies, a United States-based cyber threat intelligence and fraud detection for cryptocurrency transactions, raised a $3.0M Seed from Strategic Cyber Ventures. (more)
Hook Security, a United States-based cybersecurity awareness and training company, raised a $3.0M Venture Round. (more)
Optery, a United States-based consumer data privacy platform focusing on opting out of data broker platforms, raised a $2.7M Seed from Bayhouse Capital. (more)
Quantum Bridge, a Canada-based quantum-resistant encryption key distribution platform, raised a $654.0K Grant from National Research Council Canada.
GETSecured, an India-based external attack surface management platform, raised a $50.0K Seed from Graviton Web3 Accelerator.
DataVisor, a United States-based fraud and financial crimes protection platform, raised an undisclosed Venture Round from CMFG Ventures. (more)
Keeper Security, a United States-based password and secrets management platform, raised an undisclosed Private Equity Round from Summit Partners. (more)
Port443, a South Africa-based managed security orchestration and automated response (SOAR) service, raised an undisclosed Corporate Round from Iziko2.0.
SnippetSentry, a United States-based secure mobile data communications platform, raised an undisclosed Series A fromCarolina Financial Group. (more)
๐ Funding By Country
$1.02B for United States across 8 deals ๐บ๐ธ
$12.5M for Netherlands across 1 deal ๐ณ๐ฑ
$6.9Mโfor Canada across 2 deals ๐จ๐ฆ
$50.0K for India across 1 deal ๐ฎ๐ณ
An undisclosed amount for South Africa across 1 deal ๐ฟ๐ฆ
๐ค Mergers & Acquisitions
Absolute Software, a Canada-based suite of secure remote access and endpoint solutions, was acquired by Crosspoint Capital Partners for $870.0M. (more)
La Jolla Logic, a United States-based professional services firm focused on national defense and cybersecurity, was acquired by Boecore for an undisclosed amount. (more)
Netsecure Sweden AB, a Sweden-based professional services company focused on vulnerability and red team assessments, was acquired by Integrity360 for an undisclosed amount. (more)
OneComply, a Canada-based governance, risk, and compliance platform for the gaming industry, was acquired by GeoComply for an undisclosed amount. (more)
๐ Great Reads
Deconstructing a Cybersecurity Event - Dragos, the industrial control systems (ICS) cybersecurity company, had an attempted breach and extortion scheme run against them by a known cybercriminal group. Dragos breaks down what happened.
The Security Auditing Manifesto: Shared Values for Effective Security and Compliance Management - Learn how adopting a collaborative approach that values transparency, shared understanding, and continuous improvement can help organizations build stronger security partnerships, reduce friction, and better manage real risks to the business while effectively addressing compliance requirements.
Why more transparency around cyber attacks is a good thing for everyone - Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissionerโs Office (ICO), reflect on why itโs so concerning when cyber attacks go unreported โ and look at some of the misconceptions about how organisations respond to them.
๐ฃSponsor
Track, measure, and prove privacy program success!
Privacy is complicated and expensive, meaning itโs ready for a serious shakeup. Chief Privacy Officers and CISOs are at the center of this complexity, surrounded by evolving regulatory requirements and a growing network of internal partners because privacy is truly cross-functional. No single team can manage it alone. PrivacyCode brings everyone all together by translating legal requirements into tangible tasks for developers and product teams. Finally, everyone gets privacy requirements in their respective context with metrics their teams actually care about!
๐งช Labs
Itโs called defense in depth, sweaty, look it up ๐ค๐
Yโall just use 1 data blocker for safe USB charging?
Why not use 20 and hope you have enough layers to protect yourself, just like enterprise security services! pic.twitter.com/luwlp4zzCqโ MG (@_MG_) May 11, 2023ย
๐คย Have questions, comments, or feedback? I'd love to hear from you!
๐ฅย Security, Funded is brought to you by Return on Security.
๐คย Want to partner with Security, Funded? Learn more here.
๐ย If you run a newsletter, I can't recommend Beehiiv enough.