Financing deals and mergers and acquisitions (M&A) in the cybersecurity sector saw a decline in the second quarter, according to analysts. However, there is optimism for a recovery in the second half of 2023, with enterprises continuing to invest heavily in cybersecurity despite a slowdown in other areas of spending.
Market research firm IDC predicts that organizations will spend around $219 billion on security products and services in 2023, a 13% increase compared to the previous year. Managed security services, endpoint security, network security, and identity and access management are expected to receive the most spending.
Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber, stated that while there has been conservatism and expectations for headwinds in the first half of the year, strategic activity is expected to rebound in the second half of 2023 and into 2024. As companies that have managed financially so far begin to need fresh capital, financing and M&A activity are both expected to pick up.
Data from Pinpoint Search Group shows that cybersecurity companies raised a total of $1.9 billion in funding rounds in the second quarter, a 35% decrease compared to the previous quarter and a 55% decrease compared to the same quarter last year. Alex Doll, partner at cybersecurity investment firm Ten Eleven Ventures, attributed the slowdown in cybersecurity-focused venture capital to cooling interest rates and elevated demands from investors. VC-backed companies also slowed their hiring as they adjusted their expectations.
Despite the overall decrease in investment, there were still significant funding rounds in the second quarter. BlackPoint Cyber raised $190 million in a growth investment round led by Bain Capital, while ID.me secured $132 million in a Series D funding round. Cybereason received a $100 million investment from Softbank and other investors, and Cyera raised $100 million in a Series B funding round.
In terms of M&A activity, Pinpoint counted 18 transactions in the cybersecurity sector in the second quarter, a decrease from the 31 transactions in the first quarter. The most significant acquisition was F-Secure’s $223 million purchase of Lookout’s mobile consumer security business, which will allow F-Secure to expand its market presence in the US. Other notable acquisitions include Cisco’s purchases of Lightspin and Armorblox, and IBM’s purchase of Polar, which could trigger further activity in the sector.
Private equity firms have also taken advantage of falling valuations, with Crosspoint Capital acquiring Absolute Software for $657 million and Cinven purchasing Archer for an estimated $1.3 billion. Crosspoint is amassing a portfolio of cybersecurity firms and could potentially combine different parts of these companies in the future. Cinven’s acquisition of Archer from RSA Security further highlights the opportunities for investment in the cybersecurity sector.
Identity and access management, data security posture management, and data detection and response are sectors that have received significant funding in 2023. McAlpine also noted increased investor interest in startups focused on using emerging forms of AI securely.
Despite the overall slowdown in funding, cybersecurity continues to be an attractive opportunity for investors, according to Alex Doll. He expects investments in the sector to accelerate again in the next 12 to 18 months, driven by the priority of cybersecurity for enterprise organizations and the need to address new attack vectors, including those enabled by AI.
In conclusion, while financing deals and M&A activity in the cybersecurity sector have declined in the second quarter, analysts have a more positive outlook for the rest of 2023. Enterprise investments in cybersecurity continue to grow, and there are signs of a rebound in strategic activity in the coming months. The sector still presents attractive opportunities for investors, particularly in areas such as AI security.