The State of the Cybersecurity Market in 2024

Table of Contents

• The TL;DR

• The Economy, AI, and You

  • Revisiting 2023: Setting the Stage for 2024 

  • Economic Recovery in 2024

  • Layoffs and AI Disruption

• Overall 2024 Trends

  • Funding Trends

  • The Categories That Dominated

  • Top Funding Rounds

  • M&A Trends

  • Stage of Acquisitions

  • M&A Transparency

  • Top M&A Transactions

• The AI Dividend: From Hype to Industry Driver

• Products vs. Services

  • Funding Trends by Business Model

  • The Shift Toward Hybrid Models

  • M&A Dynamics in Services and Products

• Geographical View in 2024

  • Funding Trends by Region

  • Regional Comparisons

  • China's Absence

• Public Markets

  • The IPO Market

• Closing Thoughts & Predictions

• Data Methodology and Source

• About Return on Security

2024 marked a pivotal year for the cybersecurity industry, navigating the one-two punch of AI-driven transformation and economic resilience.

At Return on Security, we track the financial undercurrents of the cybersecurity market and global economies year-round. While the newsletter keeps you up-to-date on what’s happening every week, this annual report offers a zoomed-out, panoramic view of the trends, milestones, and shifts that defined the year.

This post attempts to answer that question by observing how the industry evolved over 2024. As the third installment of our annual analysis, we strive to go deeper, slice and dice more data, and give you the best possible recap of the industry's economics.

This report delivers the best publicly available data on cybersecurity companies, investors, funding, and M&A activity. The data is not perfect (no data is), as many deal terms are not announced, and not all investors are mentioned in every deal, but it’s the most reliable proxy for understanding the industry’s financial heartbeat.

If you want to take a walk down memory lane, you can find previous reports here:

• 2023 Cybersecurity Market Review: Disruption and Resilience 

• The State of Cybersecurity in 2022 and Trends and Predictions for 2023 

Also, if you haven’t subscribed to the newsletter yet, now is the perfect time to smash that subscribe button:

The TL;DR

The Too Long; Didn’t Read (TL;DR):

• Funding: 621 funding rounds, totaling $14B, across 112 unique product categories.

• M&A: 271 transactions across 59 unique product categories, valued at $45.7B.

• AI Impact: AI-focused cybersecurity funding grew 96% YoY.

• Products vs. Services: Product-based companies dominated funding ($12.3B, 88% of total), while services saw a growing share and a shift toward hybrid "Software And a Service" models.

• Global Trends: The US maintained dominance with $10.9B (83% of global funding), while Europe, Israel, and the UK showed resilience.

• Public Markets: Cybersecurity stocks showed a wide performance range, and investors focused on AI innovation, data protection and resilience, and consistent market leadership.

The charts are together in slide deck format here. This is a new addition this year, so please let me know if you find it useful!

The Economy, AI, and You

Before jumping straight into 2024, it’s worth reviewing a few themes from the past few years to gain some situational awareness.

Revisiting 2023: Setting the Stage for 2024 

Let’s start with 2023. Looking back, this year began the slow recovery story that unfolded in 2024.

2023 began with similar energy to 2022. Public and private markets were cautiously optimistic. After a slew of interest rate hikes in 2022 to combat rampant inflation, the global economy felt weighed down in 2023. But as the end of 2023 approached, it appeared that the world’s largest economies were heading towards a recession (and, in fact, some did).

Monetary tightening was the name of the game in 2023, and interest rate hikes by major central banks would continue to combat persistently high inflation. The Federal Reserve, Bank of England, and European Central Bank all implemented multiple rate increases throughout the year to bring price stability back to their economies.

These sustained periods of high inflation dampened job creation, borrowing, and investments worldwide. Economic and regulatory factors heavily influence cybersecurity funding, acquisition, and purchasing trends. Both investors and companies had to adapt to the "new norm" and attempt to weather the storm.

2023 ushered in the Expense Management era, marking the beginning of cost savings, headcount reductions, and austerity measures.

As a result, the accelerated hiring, marketing, and growth efforts that reigned supreme from 2010 to mid-2022 met the new reality of 2023. For founders, investors, and potential buyers of cybersecurity products, 2023 was a year of recalibration. 

Looking back, the recalibration worked (at least somewhat) heading into 2024. With fresh tailwinds of AI-enabled everything propping up tech and the global economy, 2024 showed a bright future for innovation and growth.

Economic Recovery in 2024

The cybersecurity industry may not be “recession-proof,” but it’s certainly resilient.

2024 marked a shift toward recovery, with major central banks easing monetary policies, all of which directly impact the cybersecurity industry. The Federal Reserve, ECB, and Bank of England collectively cut interest rates seven times, signaling progress against inflation and a softening job market.

If I had to summarize the cybersecurity industry in 2024 with a GIF, it would be this:

On the global stage, political change took center stage, with over 70 countries holding national elections. The United Nations described 2024 as a milestone for democracy, with 3.7 billion voters casting ballots.

More change was happening outside of the monetary and political sphere in 2024, however.

Layoffs and AI Disruption

Layoffs at cybersecurity companies dropped sharply in 2024, signaling a rebound from the heavy cuts of 2022 and 2023.

At the same time, AI-driven automation started to reshape workforces across the industries, with major companies focusing on efficiency and cost savings:

• Klarna announced plans to reduce its workforce from 2,000 to 3,800, citing AI-driven efficiency improvements (more).

• Salesforce laid off 700 employees while doubling down on AI investments (more).

• IBM announced plans to replace 30% of back-office roles with AI over five years, impacting 7,800 positions (more).

• Goldman Sachs began testing AI tools to replace entry-level tasks (more).

These broader trends in AI-driven workforce transformation will start to reshape the cybersecurity industry, particularly in hiring patterns and talent allocation. While layoffs in cybersecurity companies dropped significantly in 2024, the overall demand for cybersecurity talent has slowed globally.

According to a LinkedIn Economic Graph report from July 2024, job postings on the LinkedIn platform for cybersecurity roles declined in major markets like the United States (-5.5%), Singapore (-5%), and France (-4.5%) compared to 2023. However, emerging markets tell a different story, with Mexico (+7%), Spain (+5.5%), and India (+2.5%) showing significant growth.

This isn’t the only measure of talent demand, but it does give us a temperature gauge. This cooling demand and shifting global landscape, coupled with the rise of AI, presents new challenges for cybersecurity vendors and practitioners alike.

As AI continues to reshape the tech landscape and change the conversations around what “work” is, its ripple effects are becoming increasingly visible in funding and acquisitions. Let’s take a closer look at where the money went in 2024.

Overall 2024 Trends

The financial aspect of the cybersecurity industry gives us a closer look at the health of the market itself.

Funding Trends

Highlights:

• 620 funding rounds across 112 unique product categories for a total of $14 billion

• Funding volume decreased 13% YoY, but funding amounts increased 4%.

• 35 transactions exceeded $100 million, with 10 raising $200 million+

From a total amount of funding perspective, late-stage rounds (Series B through Series E+) did most of the heavy lifting with notable increases year over year from 2023. This trend showed a shift in investor focus toward companies with proven traction.

From a volume standpoint, early-stage funding (from Pre-Seed to Series A) may have dipped compared to last year, but it still made up a significant chunk of the overall funding pie.

Year-Over-Year Comparisons:

• Fewer funding rounds, but more money: 2024 funding rounds decreased in volume by 13% from 2023 but increased 4% in funding dollars.

• More M&As and more money: 2024 mergers and acquisitions increased deal volume and transaction dollars by 5% and 13%, respectively.

2024 showed signs of a slight rebound from 2023 and normalization from the extremes of 2021 and 2022. The era of zero interest rates (ZIRP) is now firmly behind us, and the market has settled into a new normal defined by selectivity and strategic growth.

Early vs. Late-Stage Trends:

Early-stage funding softened in 2024, while later-stage rounds displayed unexpected strength, emphasizing investor confidence in established players. These patterns mirrored M&A trends, where consolidation and billion-dollar deals took center stage.

Consolidation continues to be a key theme, showcasing a growing market where scaling up and finding the right strategic fit are leading to the biggest transactions.

The Categories That Dominated

Cybersecurity is a deep and wide industry, with new companies entering it every day to tackle a new or different aspect of security. At Return on Security, we track 17 category domains spanning over 140 product categories to help understand this change.

But which product categories stood out in 2024?

Here is an interactive bar chart race that showcases the top 10 cybersecurity product categories week by week for all of 2024. You’ll see how some categories jumped out early and held steady while others gained traction later in the year.

This chart is cool to watch and gives us some insight into where future bets will be placed.

Top Funding Rounds

In 2024, cybersecurity companies raised 35 transactions of $100 million or more, up from 28 in 2023. Of these 35 transactions, 10 companies raised $200 million or more, and three raised over $500 million.

The top 10 cybersecurity funding rounds from 2024 combined for a total of $4.3 billion in funding, representing more than 30% of the total year’s funding. Those rounds include:

1. Wiz, a United States-based cloud workload protection and posture management platform, raised a $1.0B Series E from Andreessen Horowitz, Lightspeed Venture Partners, and Thrive Capital. (more)

2. CGI, a Canada-based professional services company focused on digital transformation, cloud, and cybersecurity services, raised a $552.0M post-IPO debt round.

3. TierPoint, a United States-based managed security services and co-located data center provider, raised a $550.0M Debt Financing round. (more)

4. Kiteworks, a United States-based secure data collaboration and messaging suite, raised a $456.0M Private Equity Round from Insight Partners and Sixth Street. (more)

5. Cribl, a United States-based security and cloud data aggregation and analytics platform, raised a $319.0M Series E from GV. (more)

6. SandboxAQ, a United States-based post-quantum cryptography (PQC) security platform, raised a $300.0M Private Equity Round from Alger, T. Rowe Price, and Breyer Capital. (more)

7. ​​Quantinuum, a United States-based quantum computing cryptographic key generation platform, raised a $300.0M Venture Round from JP Morgan Chase. (more)

8. Cyera, a United States-based data security posture management (DSPM) platform, raised a $300.0M Series D from Accel, Sapphire Ventures, and Coatue. (more)

9. Cyera, a United States-based data security posture management (DSPM) platform, raised a $300.0M Series C from Coatue. (more) (yes, this company raised two $300 million rounds in the same year 🤯).

10. Abnormal Security, a United States-based email security company, raised a $250.0M Series D from Wellington Management. (more)

These numbers pale compared to the 60 transactions of $100 million or greater in 2022 and over 80 in 2021! No, this year brought with it more of a return to the historical norm from a pre-ZIRP era.

M&A Trends

Highlights:

• 271 M&A transactions across 59 unique product categories for a total of $45.7 billion

• The top 10 deals accounted for 91% of the total value

The 2024 data on cybersecurity M&As shows signs of a murky rebound. While total deal volume remained steady and slightly higher (271 deals vs. 258 in 2023), the distribution of disclosed deal sizes shows some notable changes.

In the disclosed transactions, we're seeing a concentration effect emerge with a cluster in both the upper and middle market segments. The $100M-$500M range shows strength, accounting for 42% of disclosed deals, with the $250M-$500M bracket actually increasing in 2024. Meanwhile, the billion-dollar-plus category rebounded significantly, more than doubling from 2023 to 2024.

On the other hand, the lower middle market ($10M-$100M) saw decreased activity, dropping from 8 deals in 2023 to just 3 in 2024. This suggests a market preference for either substantial strategic acquisitions or larger platform consolidations.

Stage of Acquisitions

Over the past three years, there has been a noticeable trend in the stages at which companies are being acquired. Analyzing the available data reveals that companies are increasingly seeking acquisitions, or in some instances, "acqui-hires," at earlier stages than what was typically observed in previous years.

This shift shows a change in strategy among startups and emerging businesses, as they aim to capitalize on acquisition opportunities. This become increasingly important starting in 2023 after many companies realized their IPO dreams were no longe realistic, and that some would not make it without an acquisition.

M&A Transparency

There’s one very big caveat, however.

The percentage of deals with undisclosed terms continues to climb, reaching 89% in 2024 (up from 87% in 2023 and 84% in 2022).

This growing opacity in the market makes it increasingly challenging to draw definitive conclusions about true transaction value distributions. The 31 disclosed deals (that’s only 11%) in 2024 represent a skewed sample, potentially overrepresenting larger transactions more likely to be publicly reported.

Still, let’s look at the largest transactions that we could see.

Top M&A Transactions

In 2024, just 10 M&A transactions accounted for more than $41 billion, or 91% of the year’s total. Of those 10 transactions, nine were over $1 billion. The top 10 cybersecurity M&A transactions from 2024 were:

1. Juniper Networks, a United States-based suite of network security tools, was acquired by Hewlett Packard Enterprise for $14.0B. Juniper Networks had previously raised $43.0M in funding. (more)

2. HashiCorp, a United States-based cloud automation and infrastructure security platform, was acquired by IBM for $6.4B. HashiCorp had previously raised $349.1M in funding. (more)

3. Darktrace, a United Kingdom-based suite of insider threat, email security, and cloud security tools, was acquired by Thoma Bravo for $5.3B. Darktrace had previously raised $230.5M in funding. (more)

4. Omnissa, a United States-based secure virtual working environment, was acquired by Kohlberg Kravis Roberts (KKR) for $4.0B. Omnissa has not publicly disclosed any prior funding rounds. (more)

5. AuditBoard, a United States-based audit, risk, and compliance monitoring and automation platform, was acquired by Hg for $3.0B. AuditBoard had previously raised $43.6M in funding. (more)

6. Recorded Future, a United States-based cyber threat intelligence platform, was acquired by Mastercard for $2.7B. Recorded Future had previously raised $79.7M in funding. (more)

7. Synopsys Software Integrity, a United States-based application security testing platform, was acquired by Clearlake Capital Group for $2.1B. Synopsys Software Integrity has not publicly disclosed any prior funding rounds. (more)

8. OwnBackup (Own Company), a United States-based cloud data protection and backup system for companies using Salesforce., was acquired by Salesforce for $1.9B. OwnBackup had previously raised $507.3M in funding. (more)

9. Venafi, a United States-based certificate and secrets management platform, was acquired by CyberArk Software for $1.5B. Venafi had previously raised $167.2M in funding. (more)

10. SecureWorks, a United States-based managed security operations platform, was acquired by Sophos for $859.0M. SecureWorks had previously raised $83.5M in funding. (more)

The M&A activity of 2024 tells a story of consolidation, efficiency, and strategic scaling. Companies are increasingly targeting data-centric acquisitions. In 2024, businesses with proprietary datasets, such as Threat Intelligence, or those at the heart of operational recovery and resilience, like data protection and disaster recovery, became much more appealing. This consolidation reflects a market shift from growth at all costs to selective, value-driven investments.

But while consolidation is shaping one part of the market, innovation is driving the other. AI has profoundly influenced product development and is redefining priorities for investors, vendors, and practitioners alike.

Let’s see how AI has changed funding dynamics and the cybersecurity industry as a whole.

The AI Dividend: From Hype to Industry Driver

We have quite possibly seen more advancement in AI in the last 24 months than in any other technology in the previous 50 years. 

In the AI space, every market map, analyst report, or startup white paper is no longer current the moment it is published. And if you do publish anything on any of those fronts, you'll have an army of people saying, "What about my company that does XYZ in this space?!" The space is moving faster than the cybersecurity industry, which really says something!

But an analysis of the cybersecurity industry wouldn't be complete without discussing AI's impact on the field. Put simply, it's impossible to quantify the amount of money invested in the cybersecurity industry in the name of AI (the same is true for the broader technology world). However, we can trace what companies and investors explicitly identify as AI Security-focused funding.

For this analysis, I’ve broken the broader “AI Security” domain into the following categories and captured the associated funding and M&A transactions:

• Artificial Intelligence (AI) Governance - Software platforms dedicated to cataloging, assessing, and mitigating risks in AI applications, emphasizing their safety, compliance, responsible use, and security.

• Artificial Intelligence (AI) Privacy Assurance - Software platforms focused on safeguarding sensitive data and personal information used in AI processes, ensuring the responsible use of AI systems.

• Artificial Intelligence (AI) Security - Software platforms designed to maintain the integrity of AI systems and shield them from misuse.

I can already see that this is not a detailed enough breakdown. As new use cases and business models emerge for AI in cybersecurity, I will continue to break down and refine these categories and the associated companies. This does not include any product categories where some form of AI was added to or enhanced the output of products.

According to our data, AI-focused cybersecurity funding more than doubled from 2023 ($181.5M) to 2024 ($369.9M), a 96% year-over-year growth rate.

But more telling is where this money is going. Early-stage funding saw the most dramatic shifts:

• Pre-seed AI funding as a percentage of total cyber jumped from 6.69% to 16.5% of all pre-seed deals.

• Seed stage AI funding increased 226% from $52.4M to $128.4M, accounting for 15.6% of all seed-stage deals.

• AI Security funding at the Series A level accounted for 11% of all Series A deals.

A notable development was the emergence of AI Governance as a distinct category in 2024, securing $138.3M across stages after not really existing in 2023. The AI market is rapidly evolving and maturing, and the rise of governance and safety players in the space shows that it’s beginning to consider the frameworks and controls needed for responsible, safe, and secure AI deployments.

Despite this impressive growth in 2024, it's important to note that AI-focused security currently only represents just 2.64% ($370.0M) of total cybersecurity funding.

Given the concentration of early-stage investments in this space in 2024, I expect this growth rate to continue as companies evolve, grow their market share, and require bigger investments.

While AI investments surged in 2024, they represent only one aspect of a broader global AI arms race. Unlike the Cold War-era arms race, today's competition is driven by private companies vying for innovation dominance. This raises questions like “How will uneven AI development impact global security, and can regulatory frameworks keep pace?” For a deeper dive into these dynamics, check out this analysis of the AI arms race and its implications for cybersecurity and beyond.

The power of AI also represents the possibility of new, service-driven business models. Let’s look at the split between product-based and service-based businesses in 2024.

Products vs. Services

Funding Trends by Business Model

The cybersecurity industry has long drawn a clear line between product-based and services-based business models. At Return on Security, we track each company’s business model to compare these two categories, and the data reveals interesting trends.

Historically, venture capital has favored product-based companies. These businesses offer scalable, recurring revenue models that investors find highly attractive. Service-based businesses, on the other hand, are less favorable due to their reliance on human capital and are not considered “venture-scale.”

The 2024 funding data clearly shows this trend is still largely true. While service-based companies secured $1.7 billion in funding, product companies dominated with $12.3 billion, or nearly 7.5 times more capital. Even in a down market from 2022's peak of $20.6 billion for product companies, the bias towards product-focused models remains strong.

The Shift Toward Hybrid Models

However, an interesting shift is occurring. 

While the total number of funding events declined in 2024, service-based businesses actually increased their share of the funding pie compared to previous years. This shows a growing market recognition that the future of cybersecurity may lie in a blended "Software and a Service" model. 

Service-based companies are increasingly raising capital to develop software products, fund strategic acquisitions, or scale operations in ways traditionally associated with product companies. AI only accelerates this, enabling service companies to stitch together automation and professional services. While service businesses still represent a small portion of the overall funding landscape, the growing share shows that investors are warming to the potential of these hybrid business models.

M&A Dynamics in Services and Products

The M&A landscape tells an equally compelling story. Service-based business transactions dominate the market, with more than half of all M&A activity involving service businesses buying one another. This consolidation trend is particularly visible among Managed Security Services Providers (MSSPs) and Professional Services firms, who are building scale through acquisition.

Interestingly, while service-based transactions decreased from 102 deals in 2022 to 74 in 2024, their share of total M&A activity increased. This suggests that services businesses are becoming more strategic in their growth plans, focusing on targeted acquisitions that build scale and expertise. 

Unfortunately, most of these transactions do not have disclosed deal terms, which greatly limits the analysis. (If you know a better way to get this data, I’m all ears!)

Geographical View in 2024

Funding Trends by Region

Overall, funding data from 2024 shows a stark picture of global investment patterns.

For this analysis, regions were stack ranked within each funding stage based on their total funding amount and percentage share. The lower the score on a given funding stage, the better the performance and overall share of the total. The overall ranking was then calculated by averaging a region's rank across all five stages (Pre-Seed through Growth).

This analysis may seem off at first, but let me explain before anyone cries foul. Let’s start by looking at Israel compared to Europe. While Israel secured more total funding than Europe ($842.2M vs $702.1M) in 2024, Europe received a higher overall ranking due to more publicly available data across all stages. Europe maintained an average rank of 2.6 (ranking 2nd or 3rd in each stage), while Israel's limited visibility in the earliest (Pre-Seed) and latest (Growth) stages resulted in an average rank of 3.8, despite strong showings in Seed and Series B+ rounds (2nd place). 

This highlights a well-known dynamic in the Israeli ecosystem - startups often keep their earliest-stage funding rounds private before rapidly raising subsequent rounds and ultimately moving to the US.

This is the difference between an ecosystem designed to produce winner-take-all companies (Israel) and one designed to grow a local ecosystem (Europe, US, etc.). While this practice skews the available data for everyone, it provides important context for understanding the rankings.

Regional Comparisons

 Here are some other key regional insights:

• The United States led the year with $10.9B in total funding (83% of the global share), maintaining its #1 ranking across all stages.

• Europe (excluding the United Kingdom) emerged as a strong second-tier player, with $702.1M (5.3%). Europe's consistent top-3 position across funding stages demonstrates its stable funding environment and growing disposition for investing in cyber.

• Israel, ever the presence and center of excellence in cybersecurity, saw $842.2M in total funding (6.3%). Israel’s share of the global funding data would be much higher if there were more transparency for Pre-Seed rounds.

• Asia shows increasing momentum, particularly in later stages, with a total investment of $334.4M (2.5%). Asia's rise to #2 in growth-stage funding signals increasing late-stage opportunities. However, Asia is still a nascent space that will continue to be bolstered by securing AI and cryptocurrency technologies in the future.

• The United Kingdom has established itself as a distinct cybersecurity powerhouse, securing $247.9M (1.9%) in funding. With a strong presence in Pre-Seed ($6.0M, 10% of global share) and steady progression through later stages, the UK has differentiated itself from broader European trends by fostering a unique ecosystem that bridges US and European markets.

• Emerging markets (Latin America, Africa) show selective participation, suggesting potential for future growth.

Here are a few other broad things that stood out:

• Pre-Seed Stage: US dominance is most pronounced (67.3% share), followed by Europe (13.2%) and the UK (10%).

• Seed Stage: US share increases (71.6%), while Israel emerges strongly (16.2%).

• Series A: More distributed leadership with the US (61.5%), Europe (16.5%), and Israel (14.4%).

• Series B+: Overwhelmingly the largest bucket, as most of the later-stage cybersecurity companies reside in the US. The US reaches peak dominance (87.7%), with Israel (6.7%) maintaining second position.

• Growth Stage: This is a similar story to the Series B+ rounds. The US (84.6%) leads, with Asia showing surprising strength (5.3%).

But, the cybersecurity industry’s mild recovery in 2024 was not distributed equally. When you overlay a year-over-year view across these countries/regions, it’s easier to see who faces headwinds vs. tailwinds.

Funding from across the world in 2024 showed a general cooling of the market from the peaks of 2022, with pockets of rebounds. The story out of the United States shows how funding dropped from $16.3B in 2022 to $10.7B in 2023 (a 34% decrease) before showing signs of recovery with $11.1B in 2024 (a 4.5% increase from 2023). This trend mirrors the broader market correction but demonstrates resilience in the US market.

Israel maintained strong performance despite market headwinds and geopolitical unrest, securing $842.2M in 2024 despite a decline from its $2.1B peak in 2022 (a 59% decrease over two years). Europe showed similar resilience, rebounding from $515.7M in 2023 to $734.1M in 2024 (a 42% increase), though still below its 2022 levels of $1.67B.

Funding deal volume also tells us another story. While funding amounts fluctuated, the decrease in deal count (from 539 to 386 deals in the US, a 28% drop) and the increase in the total amount raised show more selective investments and larger average deal sizes. The average deal size in the US shrank from $30.2M in 2022 to $28.9M in 2024, while Europe's average deal size decreased from $24.2M to $9.4M, with investments heavily favoring Series B+ rounds, showing a trend toward larger, more concentrated investments.

China's Absence

What’s missing in the global view, and something the industry seems to tiptoe around, is how noticeably absent China is. While there was a bit more transparency in 2021 and earlier in China’s cybersecurity funding and innovation efforts, it has noticeably declined in recent years.

There are a few important factors contributing to this:

• Reporting Practices: Chinese companies sometimes present their transactions in ways that might not be as easily seen on the international stage. This can involve using non-English company names, different translations, and sharing only a limited amount of information with the public.

• GTM Approach: Many Chinese companies are actively involved in various cybersecurity areas, such as data, network security, endpoint protection, cloud services, and mobile security. They often combine different products and services, which can create a bit of a challenge when trying to fit their activities into the usual funding and product categories.

• International Presence: The influence of Chinese cybersecurity firms in global markets remains somewhat unclear. While a few companies have ventured internationally, their impact outside of China is still restricted. This contrasts with the global landscape, which is eager to share where it has expanded.

• Geopolitical Dynamics: The U.S. government, along with other global powers, has increasingly scrutinized investments linked to China, citing national security concerns:

  • In 2021, the UK government enacted the National Security and Investment Act, granting authorities the power to review and potentially block foreign investments that pose risks to national security, including those from China.

  • In the fall of 2022, GGV Capital also announced that it was splitting up its team amid growing tensions between the U.S. and China.

  • In June 2023, Sequoia Capital announced it separated its Chinese operations, creating three independent entities.

  • In June 2023, the European Union announced an Economic Security Strategy to address risks stemming from geopolitical tensions and technological advancements.

  • In August 2023, President Joe Biden issued Executive Order 14105, restricting U.S. investments in Chinese companies involved in advanced technologies like semiconductors, quantum computing, and artificial intelligence.

While innovation and investment in cybersecurity are undoubtedly ongoing within China, reduced visibility into its activities and the broader global shift in technology partnerships make it hard to fully understand the scope of global cybersecurity trends.

Public Markets

The public markets had quite a year in the cybersecurity industry, heavily influenced by the broader wave of AI-driven gains in the technology sector.

These top 15 public stocks showed quite the spread in stock performance in 2024. Gone are the days when any cybersecurity stock could ride the coattails of market momentum. Instead, investors are becoming increasingly selective, focusing on companies demonstrating clear leadership, innovation, and resilience in an evolving threat landscape.

The market rewarded companies that successfully integrated AI capabilities, focused on recovery and customer resilience, or tackled emerging challenges. Strong showings from long-time incumbents like Fortinet and CyberArk, both with stiff competition on the practitioner front, show that stock performance, customer perception, and mind share are not always closely related. 

Companies operating in highly competitive segments, like Threat and Vulnerability Management (TVM), saw compressed returns as competitors constantly leapfrogged one another in this M&A- and AI-driven environment.

CrowdStrike rebounded from the unthinkable after wiping out $30 billion in enterprise value off of their stock by creating the largest IT outage in history.

Okta even suffered another security incident in 2024 (after a slew of incidents in 2022 and 2023), which had a very minimal impact on its overall stock price. This goes to show that public markets truly don’t care about breaches and potentially even “price in” breaches into their expectations. Add to this that there are no viable alternatives to Okta’s product offerings and market dominance, and you’ve got a market that just shrugs and moves on. 🤷

The IPO Market

There was even one quasi-cyber IPO:

On April 25th, Rubrik, a United States-based data management and data protection platform, priced its IPO at $32/share, raising $752.0M at a $5.6B valuation. (more)

Rubrik’s stock price ended the year at $65.36, marking a 104% increase. Not too bad if you were one of the lucky few to get in on the floor.

I call Rubrik a “quasi-cyber” because we consider it a hybrid company instead of a “pure play” cyber company like Palo Alto Networks or CrowdStrike. While Rurik addresses cybersecurity use cases, its core business spans IT and data management, blurring the lines between these markets.

2025 and 2026 will potentially have a slew of cybersecurity companies going the IPO route after a few years of pent-up demand. Strategy of Security has great write-ups on what those IPO pipelines could look like for both 2025 and 2026.

As investors continue to gravitate toward companies that combine technical leadership with clear value propositions like resiliency and AI, this trend will shape how private and public companies position themselves in the future.

Closing Thoughts & Predictions

So, you might be wondering, “Are we so back?”

Our opinion: we’re “back,” but we’re also fundamentally different than before.

In 2024, the cybersecurity industry demonstrated resilience, innovation, and a slow march toward normalization. AI for Security / Security for AI, a focus on data resilience and recovery, and hybrid business models will define the industry’s next wave of growth. 

Here are some of our predictions for 2025:

AI + Cybersecurity

• Granularity in Use Cases: Security for AI and AI for Security applications will become more specific and targeted, going beyond chatbots and AI SOC companions into highly specialized tools.

• Valuation Adjustments: AI + cyber valuations will stabilize after the hype of the past two years.

• AI Agents: AI agents for cyber will arrive, but not in the hugely transformative way many expect. At least, not yet. It will be here one day, but there will be a lot of very narrow use cases until all the infrastructure and data plumbing challenges are worked out.

• Smart Prioritization: The “AI productivity suite” is coming to a security department near you. Can’t agree on vulnerability prioritization or the order of operations for which misconfiguration to fix first? Give AI all of your data, tech stack, and business context, and then let it do the work for you. “Smart scheduling” and all.

Funding & Acquisitions

• Early-Stage Acquisitions: The trend of early-stage acquisitions will continue in 2025 as companies seek strategic growth.

• UK and Europe Growth: Early-stage funding in the UK and Europe will see slow but steady growth as the ecosystems mature.

• Crypto & Web3 Security Resurgence: Where there’s fraud, there's cybersecurity. With cryptocurrency gaining massive traction in 2024 and a US administration that supports crypto, we’ll see a new wave of funding and M&A activity in cryptocurrency and Web3 security since the pie to rug pull secure will be so much larger.

IPOs & Private Equity

• IPO Markets Reopening: The pent-up demand from late-stage and private equity-backed companies, combined with reduced regulatory friction under the new US administration, will lead to a revival of IPO activity. But the cost to ride the IPO ride has gone up significantly since pre-2021.

• Private Equity Dominance: Private equity will continue its winning streak in cybersecurity, focusing on acquisitions, operational optimization, and flipping companies (maybe even taking them public again, like we’ll see with SailPoint).

If you’ve made it this far, I can’t thank you enough, and I hope you found this useful! It took an incredible amount of time and effort to put this together, and I’m grateful you took the time to read it. If you enjoyed it, please consider sharing it with your network.

I would love to hear your thoughts, questions, or feedback as we continue to monitor the constantly evolving cybersecurity landscape together.

Data Methodology and Source

• The data contained in this report comes directly from the Return on Security database.

• All of the data is captured point-in-time from publicly available sources.

• All financial figures are converted to U.S. dollars (USD) at the current foreign exchange rate when collected.

• Company country locations are pulled from publicly available sources.

• Companies are categorized using our system at Return on Security, and we write all the company descriptions.

• Sometimes, the details about deals, like who led the round, how much money was raised, or the deal stage, might get updated after the issue is first published.

• Let us know if you spot any errors, and we’ll fix them.

About Return on Security

Return on Security is all about breaking down the cybersecurity industry for you with expert analysis, hard facts, and real-life stories. The goal? To keep security pros, entrepreneurs, and investors ahead in a fast-moving field. Read more about the “Why” here.

Thank you for reading. If you liked this analysis, please share it with your friends, colleagues, and anyone interested in the cybersecurity market. Feel free to borrow any data, charts, or advice you find here. Just make sure to give a shoutout to Return on Security when you do.

Follow me on LinkedIn to never miss Return on Security updates.