🌍 Cybersecurity Innovation Pulse #9 - VC Funding Down 53% in Q1; US Space Force Requests $700M; Security Strategies for M&A and More!
Week of Mar. 31st - Apr. 7th, 2023
Welcome to the 9th issue of the Cybersecurity Innovation Pulse newsletter! I'm Darwin Salazar and this newsletter is your personal guide to the ever-evolving world of cybersecurity. Every week, I bring you the latest updates on product launches, groundbreaking innovations, strategic collaborations, funding news, earnings, and M&A activity. By subscribing, you'll receive all these valuable insights directly in your inbox, saving you time and helping you stay ahead of the curve. If you love what you read, don't hesitate to share it with a friend or colleague. So, grab a cup of your favorite beverage, and let’s dive into this week's issue. Enjoy!
The Market Beat 🥁
Q1 2023 VC Slowdown: Cybersecurity Stands Resilient Amid Funding Cuts
Crunchbase recently reported Global VC Funding statistics for the quarter ending on March 31st. Total funding came in at $76 billion in comparison to $162 billion in the same quarter in 2022, this is a 53% drop. Given the recent Silicon Valley Bank debacle and the number of macroeconomic issues like inflation, interest rate hikes, and geopolitical tensions, this large drop is not a surprise. Raising capital has become tougher, investors are increasingly cautious, and VCs are focused on cash flow and operational margins vs. growth at all costs as in previous years.
Although the cybersecurity industry is also experiencing a slowdown compared to previous quarters, it has demonstrated resilience with $2.471 billion in funding in Q1’23. Another thing to note is that the checks have gotten smaller. The average deal size dropped to $30 million in Q1 2023, compared to $85 million in Q4 2022 and $58 million in Q1 2022. Q1 saw 81 deals compared to 60 in Q4’22 and 102 in Q1’22. This shows that investors continue to value innovative cybersecurity startups and the work they’re doing to make our digital infrastructure secure. Special thanks toof for putting together this Q1'23 Security Funding snapshot!
US Space Force
The US Space Force is requesting $700 million, as part of its $30 billion 2024 budget, for cybersecurity measures to protect the nation's space infrastructure. This emphasizes the growing importance of securing outer space assets as also indicated by the ongoing work between QuSecure and Accenture to secure satellite communications in a post-quantum world. No matter how much funding Space Force’s security efforts receive, it’ll be interesting to track to which vendors the money goes.
Push Security secured $15 million in a Series A funding round led by Google Ventures (GV) and joined by Decibel along with a few angel investors. Their SaaS security solution creates a user and application inventory and is able to identify whenever a user signs up for a new cloud app. From there, the solution scans for misconfigurations, weak credential hygiene, app-to-app integrations, and account compromise indicators. Push also helps automate much of the remediation workflow. The solution has over 480 connectors for SaaS apps and a user base of over 50K users.
In a world where 3rd party risks are on the rise and where cloud security is all the rage, SaaS security can often be overlooked or mishandled. A modern SaaS security approach and solution are necessary for any security program. I’ll certainly be keeping my eye on Push’s journey.
Strivacity, a Customer Identity and Access Management (CIAM) start-up, secured $20 million in a Series “A2” funding round led by SignalFire and joined by Ten Eleven Ventures along with Kevin Mandia and Jack Huffard. The start-up focuses on enabling organizations to craft seamless login experiences with secure feature add-ons such as fraud and bot detection.
Cybereason secures $100 million funding led by SoftBank Corp. with the Co-Founder and CEO, Lior Div, transitioning into a company advisor role and Eric Gan, the EVP of SoftBank Corp. taking over as CEO.
FourthLine received a $54 million injection in a round led by Finch Capital accompanied by a few undisclosed investors. Fourthline is an Amsterdam-based company focused on providing AI-powered identity verification solutions for the finance sector.
Hardware crypto wallet manufacturer, Ledger, adds $108 million in funding to its $380 million Series C from June of ‘21. The cash injection included existing investors but also brought in new investors such as VaynerFund, Digital Finance Group, and TrueGlobal Ventures.
Austin-based and zero-trust content security start-up, Votiro, secured $11.5 million in a Series A round led by Harvest Lane Asset Management. Votiro provides solutions to prevent file-borne threats and safeguard sensitive data. They have both commercial and personal consumer products.
Mergers & Acquisitions (M&A)
Guidance on managing security risks during M&As
A recent CSO Online article dives into various aspects to be aware of and approaches to implement while navigating the M&A process. The article highlights the instance when Verizon reduced its acquisition offer for Yahoo's operating business by $350 million after Yahoo revealed two massive data breaches that compromised all three billion of its user accounts. A painful lesson indeed.
The guidance detailed in the post includes
Understanding the security culture including the skill level, and maturity of the security team
Conducting due diligence on whether security was baked into the SDLC
Understanding the dynamics and risks of the data environment
Involving the acquiring company’s security team early on
Most importantly, conducting a security assessment of the buyout target
March 2023 Cybersecurity M&A Roundup
In March 2023, 41 cybersecurity mergers and acquisitions were announced, showcasing the industry's continued consolidation and growth. For a full list of the deals, check out this list curated by Edward Kouvacs over at SecurityWeek.
If you’re particularly interested in the ongoing consolidation in the industry, how major players are approaching it, and what the future may look like in 5-10 years because of it, check out this absolute gem of a write-up by
Cradlepoint Acquires Ericom
Cradlepoint, a leader in cloud-delivered LTE and 5G wireless network edge solutions, acquired Ericom, a provider of cloud-based enterprise security solutions. The acquisition will enhance Cradlepoint's SASE capabilities with Ericom's Zero Trust Network Access and Remote Browser Isolation technologies. The deal amount was not disclosed.
Fulcrum Technology Solutions and Talus Join Forces
Fulcrum Technology Solutions, a cybersecurity and IT managed services provider, has merged with Talus, a provider of cybersecurity services and solutions. The combined company aims to offer a comprehensive suite of cybersecurity services to customers. The financial details of the deal were not disclosed.
MSSP Core4ce Acquires PatchAdvisor
In the 91st M&A deal of the year tracked by MSSPAlert, Core4ce, a managed security services provider (MSSP), has acquired PatchAdvisor, a cybersecurity consultancy specializing in vulnerability management and remediation. The acquisition is expected to enhance Core4ce's vulnerability assessment capabilities. The deal amount was not disclosed.
New to the Intel Hub
The Intel Hub is a centralized repository for cybersecurity and software research reports aimed at streamlining access to crucial information on market and product trends, enterprise security developments, and the latest threats and threat actors. Below are the latest additions to the Intel Hub:
Microsoft - State of Cloud Permissions Risks 2023
LATAM CISO x Duke University - LATAM CISO Report 2023
ZScaler ThreatLabz - The State of Encrypted Attacks 2022
ZScaler - Cloud (In)Security Report 2022
SecurityIntelligence - Industry Threat Recap: Finance and Insurance 2022
That’s all for the week of Mar. 31st - Apr. 7th! As I continue to go through the growing motions of curating this newsletter, I can say that I’ve learned a ton across many areas. Most important, however, is understanding how to best load balance this publication with my day job and my personal life. That said, I’ll be moving away from releasing on an exact day but I’ll always provide the dates covered in the newsletter for historical reference. I’ll also aim to push the Innovation issues earlier in the week and the Market Pulse issues later in the week.
As this publication and our community continues to grow, I want to keep a focus on quality and value-driven insights. Moving without a deadline or fixed timeline enables me to do this. Lastly, if you have any feedback or would like to chat, please share it in the comments or reach out to me on LinkedIn, I’m always looking to improve this publication.
The opinions expressed in this newsletter are solely my own and do not reflect the views or opinions of my employer. The information provided in this newsletter is for general informational purposes only and should not be construed as investment advice or a recommendation to buy or sell any securities. Always consult with a qualified financial advisor before making any investment decisions.
The Cybersecurity Pulse is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.