๐Ÿ’ฐ Security, Funded #93 - Earnings Ups & Downs, Slow Funds, Big Bucks, and Amazon vs HIPAA

A review of cybersecurity funding and industry news from the week of May 8th, 2023, from Mike Privette.

Mike P
Mike P

Table of Contents

Hey there,

Happy Monday, and I hope you had a great weekend!

Trying something new with a rundown of the entire issue:

๐ŸŽฏ The Rundown

  • Rapid7 and CyberArk's contrasting Q1 earnings
  • Potential threats to HIPAA protections with Amazon Clinic
  • Slow funding and advice for raising capital
  • $1.04B raised across 13 companies; $870.0M in M&A
  • Reflections on recent cybersecurity events
  • Importance of privacy in the age of AI
  • Defense in depth in cybersecurity

Onward to this week's issue.


Get compliant without spreadsheets and screenshots

Donโ€™t waste time on security scavenger hunts. With pre-mapped controls and over 75 integrations to your tech stack, Drata automates the compliance process.

Drata supports 14 frameworks, including SOC2, ISO 27001, HIPAA, and GDPR, so your team can scale security without duplicating work. Best of all, you get real-time visibility into your risk levels with powerful dashboards and alerts.

Have to see it to believe it?

Book a quick demo to see Drata in action

๐Ÿ”ฎ Earnings Reports ๐Ÿ†•

A section for notable earnings reports from public cybersecurity companies, be they โ€œpure playโ€ or hybrid companies:

  • Rapid7 ($RPD) - Rapid7 had a mild earnings report, and analysts gave them business by lower their price targets for its public stock. The team cited continued macroeconomic headwind challenges, and that platform consolidation play not yet living up to the hype for a lower-than-expected quarter.
  • CyberArk ($CYBR) - CyberArk crushed its earnings and saw a 42% YoY growth in Q1 2023. Demand from financial services increased, contrary to what other cyber players have been saying, and expanding privileged access management (PAM) use cases drove a successful quarter. CyberArk is also one of the very few public cyber companies to raise their annual revenue guidance, whereas most companies are still playing it conservatively.

The takeaway: While broader cybersecurity product consolidations are unlikely to ever happen, capability consolidation at the IAM/PAM layer is actually very likely at the right price point. Identity security offerings of SSO, MFA, PAM, etc., are common stock. The strength, however, relies on what other security ecosystem integrations are possible, and there will naturally only be a few players in this space.

A concerning but predictable trend: Be prepared for every cyber company to say how the rise in the use of generative AI by attackers is the reason you need to buy their product offerings ๐Ÿ™„.

Stay frosty out there, potential buyers, and think through these claims from first principles for your own threat models at your own company.

๐Ÿ›ž Industry News Roundup

  • Donโ€™t use Amazon Clinic unless you want to waive your HIPAA protections (more)
  • Merckโ€™s Insurers On the Hook in $1.4 Billion NotPetya Attack (more)
  • FBI says it has sabotaged hacking tool created by elite Russian spies (more)

๐Ÿ“… YTD Funding

A rolling 12-week chart to compare funding each week between 2022 and 2023.

If you throw out the mega post-IPO debt round (see details below), you can see just how slow new funding from outside investors has gotten. For the folks modeling at home (and I know there are at least 10's of you, and I'm not the only crazy one ๐Ÿ˜…), I kept in the debt round for consistency's sake. Removing that round from the data shows that both companies and investors alike are being more thoughtful with capital deployment.

The best way to raise capital at these times? Good, old-fashioned sales. Sell so much that you don't need funding, and investors' dollars will come flooding your door.

๐Ÿ’ฐ Funding Summary

  • 13 companies raised $1.04B across 11 unique product categories
  • 4 companies were acquired or had a merger event across 3 unique product categories for $870.0M

๐Ÿงฉ Funding By Product Category

  • $1.0B for Business Continuity Planning (BCP) / Disaster Recovery across 1 deal
  • $15.5M for Fraud and Financial Crime Protection across 3 deals
  • $14.0M for Data Security Posture Management (DSPM) across 1 deal
  • $6.2M for Software Supply Chain Security across 1 deal
  • $3.0M for Cybersecurity Education & Training across 1 deal
  • $2.7M for Data Privacy across 1 deal
  • $654.4K for Quantum Security across 1 deal
  • $50.0K for Attack Surface Management (ASM) across 1 deal
  • An undisclosed amount for Security Orchestration and Automated Response (SOAR) across 1 deal
  • An undisclosed amount for Secure Collaboration and Messaging across 1 deal
  • An undisclosed amount for Password Management across 1 deal

๐Ÿข Funding By Company

๐ŸŒŽ Funding By Country

  • $1.02B for United States across 8 deals ๐Ÿ‡บ๐Ÿ‡ธ
  • $12.5M for Netherlands across 1 deal ๐Ÿ‡ณ๐Ÿ‡ฑ
  • $6.9Mโ€ƒfor Canada across 2 deals ๐Ÿ‡จ๐Ÿ‡ฆ
  • $50.0K for India across 1 deal ๐Ÿ‡ฎ๐Ÿ‡ณ
  • An undisclosed amount for South Africa across 1 deal ๐Ÿ‡ฟ๐Ÿ‡ฆ

๐Ÿค Mergers & Acquisitions

  • Absolute Software, a Canada-based suite of secure remote access and endpoint solutions, was acquired by Crosspoint Capital Partners for $870.0M. (more)
  • La Jolla Logic, a United States-based professional services firm focused on national defense and cybersecurity, was acquired by Boecore for an undisclosed amount. (more)
  • Netsecure Sweden AB, a Sweden-based professional services company focused on vulnerability and red team assessments, was acquired by Integrity360 for an undisclosed amount. (more)
  • OneComply, a Canada-based governance, risk, and compliance platform for the gaming industry, was acquired by GeoComply for an undisclosed amount. (more)

๐Ÿ“š Great Reads

  • Deconstructing a Cybersecurity Event - Dragos, the industrial control systems (ICS) cybersecurity company, had an attempted breach and extortion scheme run against them by a known cybercriminal group. Dragos breaks down what happened.
  • The Security Auditing Manifesto: Shared Values for Effective Security and Compliance Management - Learn how adopting a collaborative approach that values transparency, shared understanding, and continuous improvement can help organizations build stronger security partnerships, reduce friction, and better manage real risks to the business while effectively addressing compliance requirements.
  • Why more transparency around cyber attacks is a good thing for everyone - Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissionerโ€™s Office (ICO), reflect on why itโ€™s so concerning when cyber attacks go unreported โ€“ and look at some of the misconceptions about how organisations respond to them.


AI canโ€™t replace privacy lawyers, but it can translate their policies into code

Track, measure, and prove privacy program success!

Privacy is complicated and expensive, meaning itโ€™s ready for a serious shakeup. Chief Privacy Officers and CISOs are at the center of this complexity, surrounded by evolving regulatory requirements and a growing network of internal partners because privacy is truly cross-functional. No single team can manage it alone. PrivacyCode brings everyone all together by translating legal requirements into tangible tasks for developers and product teams. Finally, everyone gets privacy requirements in their respective context with metrics their teams actually care about!

Learn more

๐Ÿงช Labs

Itโ€™s called defense in depth, sweaty, look it up ๐Ÿ˜ค๐Ÿ‘Š

๐Ÿค” Have questions, comments, or feedback? I'd love to hear from you!

๐Ÿ”ฅ Security, Funded is brought to you by Return on Security.

๐Ÿค Want to partner with Security, Funded? Learn more here.

๐Ÿ If you run a newsletter, I can't recommend Beehiiv enough.