Key takeaways

• Regulations

  • Comprehensive consumer privacy laws took effect in three states: Data privacy laws from Florida, Oregon, and Texas went into effect on July 1, 2024. The Swiss Federal Council also approved the Swiss-US data privacy framework, allowing US companies to expatriate the personal data of Swiss citizens to the US without further guarantees. This decision was anticipated following the approval of a similar framework by the European Commission in July 2023, with Switzerland joining the UK and the EU in implementing data privacy frameworks with the US. Many companies also faced data privacy fines and lawsuit settlements in Q3 2024, both in the US and under the EU’s General Data Protection Regulation (GDPR).

• Funding

  • Funding dipped both YoY and QoQ: The cybersecurity industry raised USD 920 million across 22 funding rounds in Q3, most of which were small rounds. The only mega rounds we observed during the quarter were email security provider Abnormal Security’s USD 250 million Series D round and digital privacy tools and threat prevention toolchain firm Vanta’s USD 150 million Series C. Despite the fall in funding, we saw a continued shift toward larger funding rounds, driven by a move toward growth funding, a trend persisting from previous quarters.

• Product updates

  • Product updates focused on GenAI integration and AI-powered automation: Cybersecurity sector firms again turned to GenAI and AI to enhance capabilities and reduce workloads through automation. We saw both disruptors and incumbents participate in the product update space, such as Fortinet and Broadcom integrating GenAI into their existing platforms and Tanium and ReliaQuest launching AI automation systems, although Big Tech was notably subdued. Both GenAI and AI were extensively in play across the cybersecurity space to reduce the workload of cybersecurity analysts, and with the cybersecurity skills gap ever widening, this trend shows no signs of slowing.

• Partnerships

  • Big Tech continued at the forefront of cybersecurity partnerships: Microsoft led the field in Q3 2024, with partnerships focusing on the IAM industry, specifically surrounding its Entra ID IAM solution and the FIDO2 open-source authentication standard. The growing requirement for IAM solutions to protect the entry point into corporate ecosystems is reflected by these partnerships, with Entra ID at the fore. There is also a shift toward passwordless authentication, as seen with FIDO2. Google Cloud and Alphabet were closely behind Microsoft, with a number of partnerships across various Next-gen Cybersecurity segments. Disruptor participation in the partnership space was minimal.

• M&A

  • Compared to the previous quarter, M&A activity saw a sharp drop: In September 2024, Mastercard announced plans to acquire threat intelligence firm Recorded Future for USD 2.6 billion. With this being the sole deal to exceed the million mark, cybersecurity M&A took a more muted tune, with most deals not disclosing funding values. Deals during the period focused on product synergies and expansion of capabilities into new segments and customer groups. Also, Wiz rejected Alphabet’s USD 23 billion acquisition bid, choosing to remain independent and pursue an IPO. 

• Outlook

  • Although absolute funding values fell, investor interest in late-stage startups continued into the quarter, signifying steadfast investor confidence. As we have seen in the past, large fluctuations in certain quarters do not reflect an overall downtrend, so we may see funding pick up again soon, as demand continues to grow across all segments of cybersecurity amidst a venture environment that remains bullish.
  • Similar to Wiz, a number of more mature startups are awaiting IPOs or M&A deals, as venture firms look to make an exit, having hesitated to move forward due to the market slowdown in recent years. This pressure, combined with an increased interest in digital transformation and increasingly complex cyber threats, is expected to spur cyber M&As in the coming quarters.
  • With the costs of data breaches continuing to balloon as per IBM’s Cost of a Data Breach Report (climbing from USD 4.45 million in 2023 to USD 4.88 million in 2024), the demand for cybersecurity products and services can be expected to remain on an uptrend over the next few quarters. This is further supported by the widened variety of attack types and vectors as well as the use of AI by cyber attackers and the tightened requirements of data privacy regulations across the US and Europe.