- Return on Security
- 💰 Security, Funded #99 - Maturity Frenzy, Pocket Change, and Acquisition Bingo
💰 Security, Funded #99 - Maturity Frenzy, Pocket Change, and Acquisition Bingo
A review of cybersecurity funding and industry news from the week of June 19th, 2023.
Happy Monday, and I hope you had a great weekend!
🏃♂️ The Rundown
A meta roundup of all the important things affecting cybersecurity and the microenvironment:
Cybersecurity maturity key for product-market fit
Federal rate pause may revive investments
Lowest weekly cybersecurity funding at $17.7M across 5 firms
$107.0M spent on 6 company acquisitions
Regulation and AI shaping cyber landscape
Companies going out of business due to cyber-breaches
Let’s talk about the concept of maturity as it relates to cybersecurity tools and potential buyers. Customer maturity level is a missed recurring theme I see when I talk to investors and founders. I find myself having to explain the concept often, so I’m compelled to mention this sometimes elusive concept.
Have you ever noticed there is a large part of the cybersecurity market whose ideal customer has to be at a certain maturity level to care about or even be aware of the problem space they are solving for? Products that assume certain user personas in an organization, a certain organizational structure, a certain technology stack (i.e., “You just plug this right into your SIEM, XDR, or SOAR…”), or that the security teams care about a specific edge use case.
These companies may even need their target ideal customer to have a large enough team to operate or a certain maturity level in a specific domain to even engage with them. These products often add to or supplement an existing stack or program but don’t create a fundamental change around how security teams operate or how developers code.
These are “nice to have” things, not “change the way I work” things. These products aren’t moving the needle for security practitioners, they’re making small parts of their jobs a bit easier. It’s a classic case of an answer looking for a problem to solve instead of the other way around.
I’m not saying these products shouldn’t exist, but they should figure out how to pivot. Not a great place to be if you’re an early-stage founder looking for product-market fit today in today’s macro climate.
Yes, the macro environment vibes are looking a bit better with US Fed rate hike pauses. Yes, that means that investing will slowly start to pick back up across many sectors. Yes, some customers may eventually see expense headwinds wane (if they don’t fizzle out first 👀). Yes, the wave of generative AI innovations may actually pull the US out of a slow-burning recession and improve GDP. And yes, these are positive things at the broad level.
But if you’re a cybersecurity buyer today, you’re not quite out of the clear yet. You’ve got to be more judicious than you were in the past. If it’s not an already established player in your customer’s program and it’s not changing the tide for their security program, you’re gonna have a bad time™️.
All is not lost, however. As the saying goes, “[Bad] times create strong [people].” Consider your go-to-market strategies, evaluate your partnerships and alliances, and see how you can make the pie bigger for everyone.
Onward to this week's issue.
🔮 Earnings Reports
A section for notable earnings reports from public cybersecurity companies, be they “pure play” or hybrid companies:
No public earnings calls from last week to report on.
Industry News Roundup
📅 YTD Funding
A rolling 12-week chart to compare funding each week between 2022 and 2023.
We’ve hit the lowest week in cybersecurity funding in 2023 YTD this week 😱.
I view this as a combination of founders being in “build mode,” trying to get their GTM together with generative AI offerings, and the investors being in a “stealthy waiting mode,” being cautious and optimistic about deploying capital while keeping things close so as not to tip off the competition. As the final week of Q2 2023 approaches, I’ll pull together some trend data.
💰 Funding Summary
5 companies raised $17.7M across 5 unique product categories
6 companies were acquired or had a merger event across 4 unique product categories for $107.0M
🧩 Funding By Product Category
$15.0M for Identity and Access Management (IAM) across 1 deal
$1.8M for API Security across 1 deal
$872.6K for Attack Surface Management (ASM) across 1 deal
$50.0K for Operational Technology (OT) Security across 1 deal
An undisclosed amount for Penetration Testing across 1 deal
🏢 Funding By Company
🌎 Funding By Country
$16.8M for United States across 3 deals 🇺🇸
$872.6K for Italy across 1 deal 🇮🇹
$50.0K for Canada across 1 deal 🇨🇦
🤝 Mergers & Acquisitions
📚 Great Reads
EscalateGPT - An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.
Who’s Afraid of the SEC? - The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Destroyed by Breach - A list of businesses that have actually gone out of business due to a cybersecurity-related incident by Adrian Sanabria (Google Sheets link).
They really just dropped an easier way to do malware exploitation and said, “lol, not our problem anymore”
How was this week's newsletter?
✅ Here to Support
Whenever you’re ready, I’ve got a few ways I can help support you:
🤔 Have questions, comments, or feedback? I'd love to hear from you!
🐝 If you run a newsletter, I can't recommend Beehiiv enough.