💰 Security, Funded #88 - NCC Group, Q1 2023 Trends, and Boots With The Fur

The Business Of Global Cybersecurity Funding And M&A News From The Week Of April 3rd, 2023.

Mike P
Mike P

Table of Contents

Hey there,

Happy Tuesday (was a holiday in the US on Monday for many), and I hope you had a great weekend!

In this week's issue:

  • NCC Group
  • Q1 2023 Trends
  • Boots With The Fur

US payroll growth slowed in March, the global banking system is still reeling from the recent banking collapse and the response from the FDIC, NCC Group’s stock got clapped, and global VC funding is down 50% YoY.

Earning Reports

If you’re reading this and don’t follow me on LinkedIn or Twitter (c’mon dawg, smash that follow or connect button), then you may have missed my take on the recent hit that NCC Group (NCC) took to their stock after cutting their forward-looking revenue for the year. Here’s a thread I wrote:

Onward to this week's issue.

Newsletter sponsorships are open for the second half of 2023!

If you want to have your brand amplified to thousands of cybersecurity industry insiders and decision-makers, reach out and let me know! Last year when I opened this up to the public, I sold out the first half of 2023 in 4 weeks, so act fast if you want in! 🤝

See more information about sponsorship options here.


Prevent Privacy Breaches Using Simulated Attacks

Using anonymized data for development and testing environments has become standard practice. Unfortunately, much of that data can still be identified using linkage attacks.

Research shows 87% of Americans can be uniquely identified using only their zip code, gender, and date of birth. As applications continue collecting detailed personal information from consumers, re-identification becomes even more likely.

With simulated attacks, Privacy Dynamics helps CISOs quickly and easily monitor re-identification risk across their organization.

Learn More

🛞 Industry News Roundup

  • FDA will refuse new medical devices for cybersecurity reasons on Oct. 1 (more)
  • Cybersecurity Market to Cross USD $431.4B by 2030 (more)
  • Lloyd’s of London exposes divisions over booming cyber insurance market (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

For one of the first times in 2023, we’re seeing funding and volume of transactions on par for the same time last year. With RSA Conference coming up, I expect 2023 funding to be trending upwards for at least the next month.

Q1 2023 Recap

By the Numbers

  • 2022 - $8.1B across 251 funding transactions
  • 2023 - $2.9B across 145 funding transactions

Let’s take a closer look at Q1 2023 trends in the cybersecurity industry.

📉 Macro Data
Macroeconomic data showed weaker performance across industries in Q1 2023, with the cybersecurity sector feeling the impact as well.

Let's break down the trends & their implications for the industry:

🛡️ Partially Recession-Proof
Until H2 2022, cybersecurity was considered recession-resistant. Data from H2 2022 - Q1 2023 revealed that not all product categories or company sizes in cybersecurity were equally resilient. Endpoint Detection and Response (EDR) & Identity and Access Management (IAM) proved more robust.

🎙️ Earnings Calls Insights
Q1 2023 earnings calls highlighted a focus on upmarket customers, cost-saving initiatives & sensitivity to macroeconomic challenges. Mid-market struggles are expected to continue, making it harder to sell to under-resourced segments.

🔧 Adapting to Customer Demands
Companies leaned into customer demands for cost savings & product consolidation, driving growth & further inroads into large companies. Vendors are now solving broader financial problems, not just selling software. This trend is likely to continue into 2024.

💰 Spending Trends & Winning Strategies
Spending on cybersecurity tools & platforms was only slightly impacted by macroeconomic headwinds, as customers emphasized cost-saving and simplification. Companies that lower the total cost of ownership (TCO), save money, simplify the stack, & provide a clear path to ROI will win.

🏟️ Cyber Superbowl Season
With the RSA Conference, one of the world's largest cybersecurity events, kicking off later this month, we can expect to see lots of new innovations (or marketing attempts at innovation) to grab fewer customer dollars. The level of hype, and potentially FUD, will be at an all-time high during conference season.

💰 Funding Summary

  • 16 companies raised $336.4M across 11 unique product categories
  • 4 companies were acquired or had a merger event across 3 unique product categories

🧩 Funding By Product Category

  • $183.3M for Fraud and Financial Crime Protection across 2 deals
  • $100.0M for Endpoint Detection and Response (EDR) across 1 deal
  • $26.5M for Identity and Access Management (IAM) across 3 deals
  • $15.0M for SaaS Security across 1 deal
  • $8.5M for Software Supply Chain Security across 2 deals
  • $1.6M for Transportation Security across 1 deal
  • $1.0M for Data Protection across 2 deals
  • $500.0K for API Security across 1 deal
  • An undisclosed amount for Risk Management across 1 deal
  • An undisclosed amount for Remote Browser Isolation across 1 deal
  • An undisclosed amount for Cybersecurity Education & Training across 1 deal

🏢 Funding By Company

🌎 Funding By Country

  • $144.0M for United Kingdom across 2 deals 🇬🇧
  • $128.0M for United States across 9 deals 🇺🇸
  • $54.3M for Netherlands across 1 deal 🇳🇱
  • $8.0M for Canada across 1 deal 🇨🇦
  • $500.0K for France across 1 deal 🇫🇷
  • An undisclosed amount for Germany across 1 deal 🇩🇪

🤝 Mergers & Acquisitions

  • conpal, a Germany-based professional services firm focused on cybersecurity, was acquired by Utimaco for an undisclosed amount. (more)
  • Ericom Software, a United States-based secure access service edge (SASE) platform, was acquired by Cradlepoint for an undisclosed amount. (more)
  • ITrust, a France-based managed security services provider (MSSP), was acquired by Iliad for an undisclosed amount. (more)
  • Set Solutions, a United States-based professional services company focused on cybersecurity consulting, was acquired by Trace3 for an undisclosed amount. (more)

📚 Great Reads

🐝 Cross Pollinate

Discover something 🆕 this week.

This week I’ve got to take it back to one of the original newsletters that got me interested in writing newsletters with tl;dr sec. Not only is this one of my favorite newsletters to read every week, but Clint has been a great friend and newsletter mentor for me.

tl;dr sec Newsletter


Earn influence and buy-in where you need it

Communication strategy, coaching, and training for security teams

Whether you’re forging relationships with the board, managing organizational changes, responding to an incident, or marketing your team to potential candidates through conference talks and blog posts, it all takes an effective communication strategy – and execution – to make an impact. Our team has 15 years of experience leading communication programs specifically tailored to the technical and stressful demands facing security organizations. Trusted by security teams at Twilio, Yahoo, and Trail of Bits.

Check out what we can do!

🧪 Labs

Not gonna lie, this remix slaps

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🔥 Security, Funded is brought to you by Return on Security.

🤝 Want to partner with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.