Key takeaways

• Regulations

  • Two states enacted comprehensive privacy legislation: New Hampshire and New Jersey signed privacy bills into law, bringing the total number of state privacy laws to 14. Other news included the California Appeals Court’s decision to overturn a June 2023 suspension on California Privacy Right Act (CPRA) enforcement, allowing the California Privacy Protection Agency (CPPA) to resume enforcement activity. Several significant organizations also faced privacy-related fines this quarter including Amazon, Avast, and Uber. 

• Funding

  • Megadeals drove an uptick in new funding compared with Q4: Cybersecurity startups raised USD 1.5 billion across 41 rounds during Q1 2024—a 24% increase QoQ compared with Q4 2023. The largest funding round this quarter was NinjaOne’s USD 231 million Series C, which was among the seven megadeals that made up Q4’s funding rounds.
  • Compared with the same quarter last year, however, total funds raised saw a 14% decrease. IAM witnessed the largest drop in funding, down 74% and USD 334 million YoY. 

• Product updates

  • A shift away from GenAI integrations; more focus on SASE and product launches/updates to expand feature set: Several players launched new secure access service edge (SASE) products, including 1) Aryaka and Broadcom, which launched standard single-vendor solutions combining networking and security; 2) Cato Networks, which launched a new product integrating XDR into its SASE platform; and 3) Zscaler, which launched a new zero-trust focused SASE solution.
  • Companies also focused on expanding product capabilities to offer more holistic solutions. There was a focus on expanding the reach of existing products by extending applicability to other environments, such as the expansion of Akamai’s Guardicore segmentation solution to the hybrid cloud.

• Partnerships

  • Big Tech took a step back in terms of partnerships, with significant startup activity taking place: Partnership activity grew slightly this quarter and was driven mostly by leading disruptors. This included CrowdStrike and SentinelOne with multiple partnerships, as well as Darktrace, Lacework, and Stellar Cyber.

• M&A

  • M&A activity grew compared with the previous period; Cohesity’s acquisition of Veritas was the largest deal during the quarter: The Cohesity-Veritas deal, if successful, is expected to create a USD 7 billion combined organization with USD 1.6 billion in revenue. We saw several other sizable deals, including Wiz’s USD 350 million acquisition of Gem Security and Zscaler snapping up Avalor.

• Outlook

  • Though the Cybersecurity space is on a relative downtrend compared with 2022 and 2023, Q1 2024 saw growth in terms of funding and M&As compared with Q4 2023. This included a move toward larger deals, showing a growth in investor confidence. Gartner expects a growth of 14.3% in security and risk management in 2024 as well as an 8% increase in IT spending overall during the same period. 
  • Product launches and partnership activities are expected to continue to focus on unification and simplification of product stacks. This trend has emerged over the last few quarters and appears to be establishing itself in 2024, driven by both disruptors and incumbents with a special focus on single-vendor SASE.