💰 Security, Funded #88 - NCC Group, Q1 2023 Trends, and Boots With The Fur

Hey there,

Happy Tuesday (was a holiday in the US on Monday for many), and I hope you had a great weekend!

In this week's issue:

• NCC Group
• Q1 2023 Trends
• Boots With The Fur

US payroll growth slowed in March, the global banking system is still reeling from the recent banking collapse and the response from the FDIC, NCC Group’s stock got clapped, and global VC funding is down 50% YoY.

Earning Reports

If you’re reading this and don’t follow me on LinkedIn or Twitter (c’mon dawg, smash that follow or connect button), then you may have missed my take on the recent hit that NCC Group (NCC) took to their stock after cutting their forward-looking revenue for the year. Here’s a thread I wrote:

Onward to this week's issue.

🗣Sponsor

Prevent Privacy Breaches Using Simulated Attacks

Using anonymized data for development and testing environments has become standard practice. Unfortunately, much of that data can still be identified using linkage attacks.

Research shows 87% of Americans can be uniquely identified using only their zip code, gender, and date of birth. As applications continue collecting detailed personal information from consumers, re-identification becomes even more likely.

With simulated attacks, Privacy Dynamics helps CISOs quickly and easily monitor re-identification risk across their organization.

Learn More

🛞 Industry News Roundup

• FDA will refuse new medical devices for cybersecurity reasons on Oct. 1 (more)
• Cybersecurity Market to Cross USD $431.4B by 2030 (more)
• Lloyd’s of London exposes divisions over booming cyber insurance market (more)

📅 YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

For one of the first times in 2023, we’re seeing funding and volume of transactions on par for the same time last year. With RSA Conference coming up, I expect 2023 funding to be trending upwards for at least the next month.

Q1 2023 Recap

By the Numbers

• 2022 - $8.1B across 251 funding transactions
• 2023 - $2.9B across 145 funding transactions

Let’s take a closer look at Q1 2023 trends in the cybersecurity industry.

📉 Macro Data
Macroeconomic data showed weaker performance across industries in Q1 2023, with the cybersecurity sector feeling the impact as well.

Let's break down the trends & their implications for the industry:

🛡️ Partially Recession-Proof
Until H2 2022, cybersecurity was considered recession-resistant. Data from H2 2022 - Q1 2023 revealed that not all product categories or company sizes in cybersecurity were equally resilient. Endpoint Detection and Response (EDR) & Identity and Access Management (IAM) proved more robust.

🎙️ Earnings Calls Insights
Q1 2023 earnings calls highlighted a focus on upmarket customers, cost-saving initiatives & sensitivity to macroeconomic challenges. Mid-market struggles are expected to continue, making it harder to sell to under-resourced segments.

🔧 Adapting to Customer Demands
Companies leaned into customer demands for cost savings & product consolidation, driving growth & further inroads into large companies. Vendors are now solving broader financial problems, not just selling software. This trend is likely to continue into 2024.

💰 Spending Trends & Winning Strategies
Spending on cybersecurity tools & platforms was only slightly impacted by macroeconomic headwinds, as customers emphasized cost-saving and simplification. Companies that lower the total cost of ownership (TCO), save money, simplify the stack, & provide a clear path to ROI will win.

🏟️ Cyber Superbowl Season
With the RSA Conference, one of the world's largest cybersecurity events, kicking off later this month, we can expect to see lots of new innovations (or marketing attempts at innovation) to grab fewer customer dollars. The level of hype, and potentially FUD, will be at an all-time high during conference season.

💰 Funding Summary

• 16 companies raised $336.4M across 11 unique product categories
• 4 companies were acquired or had a merger event across 3 unique product categories

🧩 Funding By Product Category

• $183.3M for Fraud and Financial Crime Protection across 2 deals
• $100.0M for Endpoint Detection and Response (EDR) across 1 deal
• $26.5M for Identity and Access Management (IAM) across 3 deals
• $15.0M for SaaS Security across 1 deal
• $8.5M for Software Supply Chain Security across 2 deals
• $1.6M for Transportation Security across 1 deal
• $1.0M for Data Protection across 2 deals
• $500.0K for API Security across 1 deal
• An undisclosed amount for Risk Management across 1 deal
• An undisclosed amount for Remote Browser Isolation across 1 deal
• An undisclosed amount for Cybersecurity Education & Training across 1 deal

🏢 Funding By Company

• Quantexa, a United Kingdom-based anti-fraud and data analytics platform, raised a $129.0M Series E from GIC. (more)
• Cybereason, a United States-based endpoint detection and response (EDR) platform, raised a $100.0M Venture Round from SoftBank. (more)
• Fourthline, a Netherlands-based anti-fraud and identity verification platform, raised a $54.3M Series B from Finch Capital. (more)
• Strivacity, a United States-based no-code customer identity and access management (CIAM) platform, raised a $20.0M Series A from SignalFire. (more)
• Push Security, a United Kingdom-based aaS security platform, raised a $15.0M Series A from GV and Decibel Partners. (more)
• Cybeats Technologies, a Canada-based software bill of materials (SBOM) security platform, raised an $8.0M Post-IPO Equity. (more)
• Trustle, a United States-based automated identity and access management (IAM) platform, raised a $6.0M Seed from Glasswing Ventures. (more)
• RazorSecure, a United Kingdom-based public transportation cybersecurity and threat monitoring company, raised a $1.6M Seed from Frontier Development Capital. (more)
• 0pass, a United States-based hardware-based authentication platform, raised a $500.0K Pre-Seed from Y Combinator.
• Blyss, a United States-based homomorphic encryption platform, raised a $500.0K Pre-Seed from Y Combinator.
• EdgeBit, a United States-based software supply chain security platform, raised a $500.0K Pre-Seed from Y Combinator.
• Escape, a France-based application security for GraphQL APIs, raised a $500.0K Pre-Seed from Y Combinator.
• Infisical, a United States-based encrypted secrets management platform, raised a $500.0K Pre-Seed from Y Combinator.
• Cyber Insight, a Germany-based cyber and privacy risk management platform, raised an undisclosed Seed from TGFS - Technologiegründerfonds Sachsen. (more)
• DefensX, a United States-based remote browser isolation, raised an undisclosed Venture Round from Revo Capital. (more)
• Drip7, a United States-based cybersecurity education platform, raised an undisclosed Seed from Beta Boom.

🌎 Funding By Country

• $144.0M for United Kingdom across 2 deals 🇬🇧
• $128.0M for United States across 9 deals 🇺🇸
• $54.3M for Netherlands across 1 deal 🇳🇱
• $8.0M for Canada across 1 deal 🇨🇦
• $500.0K for France across 1 deal 🇫🇷
• An undisclosed amount for Germany across 1 deal 🇩🇪

🤝 Mergers & Acquisitions

• conpal, a Germany-based professional services firm focused on cybersecurity, was acquired by Utimaco for an undisclosed amount. (more)
• Ericom Software, a United States-based secure access service edge (SASE) platform, was acquired by Cradlepoint for an undisclosed amount. (more)
• ITrust, a France-based managed security services provider (MSSP), was acquired by Iliad for an undisclosed amount. (more)
• Set Solutions, a United States-based professional services company focused on cybersecurity consulting, was acquired by Trace3 for an undisclosed amount. (more)

📚 Great Reads

• Core Views on AI Safety - It may be tricky to build safe, reliable, and steerable systems when those systems are starting to become as intelligent and as aware of their surroundings as their designers.
• Embracing Quantum Security: Defense in Depth Strategies for a Post-Quantum World - A post NOT about generative AI advancements 😱 - Explore quantum security strategies and in-depth defense approaches for a post-quantum world.
• Responsible Cyber Power in Practice - Details on how the UK’s National Cyber Force (NCF) delivers cyber operations daily to protect the UK and its allies from harm.

🐝 Cross Pollinate

Discover something 🆕 this week.

This week I’ve got to take it back to one of the original newsletters that got me interested in writing newsletters with tl;dr sec. Not only is this one of my favorite newsletters to read every week, but Clint has been a great friend and newsletter mentor for me.

tl;dr sec Newsletter

tl;dr sectl;dr sec

🗣Sponsor

Earn influence and buy-in where you need it

Communication strategy, coaching, and training for security teams

Whether you’re forging relationships with the board, managing organizational changes, responding to an incident, or marketing your team to potential candidates through conference talks and blog posts, it all takes an effective communication strategy – and execution – to make an impact. Our team has 15 years of experience leading communication programs specifically tailored to the technical and stressful demands facing security organizations. Trusted by security teams at Twilio, Yahoo, and Trail of Bits.

Check out what we can do!

🧪 Labs

Not gonna lie, this remix slaps

🤔 Have questions, comments, or feedback? I'd love to hear from you!

🔥 Security, Funded is brought to you by Return on Security.

🤝 Want to partner with Security, Funded? Learn more here.

🐝 If you run a newsletter, I can't recommend Beehiiv enough.