Key takeaways

• Regulations

  • Two states enacted comprehensive privacy legislation: New Hampshire and New Jersey signed privacy bills into law, bringing the total number of state privacy laws to 14. Other news included the California Appeals Court’s decision to overturn a June 2023 suspension on California Privacy Right Act (CPRA) enforcement, allowing the California Privacy Protection Agency (CPPA) to resume enforcement activity. Several significant organizations also faced privacy-related fines this quarter including Amazon, Avast, and Uber. 

• Funding

  • Megadeals drove an uptick in new funding compared with Q4: Cybersecurity startups raised USD 1.5 billion across 41 rounds during Q1 2024—a 24% increase QoQ compared with Q4 2023. The largest funding round this quarter was NinjaOne’s USD 231 million Series C, which was among the seven megadeals that made up Q4’s funding rounds.
  • Compared with the same quarter last year, however, total funds raised saw a 14% decrease. IAM witnessed the largest drop in funding, down 74% and USD 334 million YoY. 

• Product updates

  • A shift away from GenAI integrations; more focus on SASE and product launches/updates to expand feature set: Several players launched new secure access service edge (SASE) products, including 1) Aryaka and Broadcom, which launched standard single-vendor solutions combining networking and security; 2) Cato Networks, which launched a new product integrating XDR into its SASE platform; and 3) Zscaler, which launched a new zero-trust focused SASE solution.
  • Companies also focused on expanding product capabilities to offer more holistic solutions. There was a focus on expanding the reach of existing products by extending applicability to other environments, such as the expansion of Akamai’s Guardicore segmentation solution to the hybrid cloud.

• Partnerships

  • Big Tech took a step back in terms of partnerships, with significant startup activity taking place: Partnership activity grew slightly this quarter and was driven mostly by leading disruptors. This included CrowdStrike and SentinelOne with multiple partnerships, as well as Darktrace, Lacework, and Stellar Cyber.

• M&A

  • M&A activity grew compared with the previous period; Cohesity’s acquisition of Veritas was the largest deal during the quarter: The Cohesity-Veritas deal, if successful, is expected to create a USD 7 billion combined organization with USD 1.6 billion in revenue. We saw several other sizable deals, including Wiz’s USD 350 million acquisition of Gem Security and Zscaler snapping up Avalor.

• Outlook

  • Though the Cybersecurity space is on a relative downtrend compared with 2022 and 2023, Q1 2024 saw growth in terms of funding and M&As compared with Q4 2023. This included a move toward larger deals, showing a growth in investor confidence. Gartner expects a growth of 14.3% in security and risk management in 2024 as well as an 8% increase in IT spending overall during the same period. 
  • Product launches and partnership activities are expected to continue to focus on unification and simplification of product stacks. This trend has emerged over the last few quarters and appears to be establishing itself in 2024, driven by both disruptors and incumbents with a special focus on single-vendor SASE.

Regulations: New Hampshire and New Jersey take state privacy law count to 14

Analyst Take: In Q1 2024, the California Court of Appeal overruled a June 2023 Superior Court ruling to delay the enforcement of the CPRA. New Jersey and New Hampshire added to the tally of US states with comprehensive privacy regulation, while enforcement actions continued with several notable companies being slapped with multi-million-dollar fines for non-compliance.

• The California Court of Appeal overruled the enforcement delay regarding the latest regulations set out in the CPRA
  • Following a Superior Court of California ruling to suspend the enforcement of certain CPRA regulations in June 2023, the Court of Appeal overturned this decision in February, allowing the CPPA to resume all enforcement activity.

• Two US states enacted new privacy legislation this quarter
  • In January, New Jersey Governor Phil Murphy signed the New Jersey Data Protection Act (NJDPA) into law, just eight days after it was passed by the state’s legislature. In March, New Hampshire Governor Chris Sununu signed Senate Bill 255 (SB 255), “An Act Relative to the Expectation of Privacy,” bringing the total number of comprehensive state privacy laws enacted to 14.

Privacy legislation signed into law in Q1 2024

• Several companies faced fines throughout the quarter for failing to meet regulatory requirements
  • Amazon was fined USD 32 million by the French privacy agency Commission Nationale de l'Informatique et des Libertes (CNIL) for infringing workers’ rights under the GDPR. The fine was imposed with respect to activity tracking in scanners used by employees of Amazon’s French logistics subsidiary in day-to-day activities.
  • Avast settled a USD 16.5 million privacy charge leveled by the US Federal Trade Commission (FTC) concerning the sale of customer browsing data through its Czech subsidiary Jumpshot from 2014 to 2020. The FTC said the company also collected this data through browser extensions that claimed to protect users from online trackers and cookies.
  • Rideshare giant Uber was also fined USD 10 million by the Dutch Data Protection Authority (DPA) for violating regulations in the handling of its drivers’ personal data, including failing to specify how long it would retain personal data and what protections were in place when sharing the data with third parties, as well as making data access requests unnecessarily complicated.

• President Joe Biden signed an executive order to protect US citizens’ personal data
  • The order limits the sale of personal data to countries of concern and applies to all forms of personal data ranging from biometrics to health records to finances and geolocation data. The order mainly targets data brokers.

Funding: Market fueled by handful of megadeals

Analyst Take: Cybersecurity funding in Q1 2024 was mostly driven by large deals of over USD 100 million each, reminiscent of multiple megadeals seen in previous years, though total funding still fell short of 2022 levels. Funding by value saw a dip compared with Q1 2023 but grew compared with last quarter and average deal sizes remained fairly level YoY, driven by an increase in the frequency of growth funding rounds.

Cybersecurity Q1 2024 funding summary

• Cybersecurity companies raised USD 1.5 billion across 41 funding rounds in Q1 2024, a 14.1% YoY decrease compared with Q1 2023 in terms of value and a 25.5% YoY decrease in number of rounds (~USD 1.7 billion across 55 rounds). This decline was mostly due to a reduction in funding flow to the IAM industry, which saw the largest absolute fall in funding this quarter, a USD 334 million (74.2%) decrease YoY.

Cybersecurity Q1 2024 funding by industry

• Next-gen Cybersecurity witnessed a marginal increase in funding compared with last year, growing 3.4% to over USD 1.1 billion. Digital Privacy Tools funding grew 89.2% YoY, with companies in the space raising USD 213.0 million. Cyber Insurance funding contracted by 55.6% and Next-gen Email Security companies did not raise funding during the quarter, a recurring trend since Q2 2023.

• Compared with just over USD 1.2 billion raised in 41 rounds in Q4 2023, total funding raised during Q1 2024 grew ~24% QoQ and the number of funding rounds remained level. The growth in funding by value can be attributed mostly to Digital Privacy Tools (up over 500% QoQ), while Next-gen Cybersecurity funding grew ~4%. Cyber Insurance and IAM saw their funding decline by ~48% and ~70% QoQ, respectively.

Average deal size by industry (USD million)

• Overall deal size grew slightly (~3%) compared with Q1 2023, with notable growth in Digital Privacy Tools (~5%) and IAM (~157%). Next-gen Cybersecurity saw a ~6% contraction in deal size, while Cyber Insurance saw the average size shrink by ~26%.

• We observed an increase in growth-stage funding (~62% of all funding by value) across the Cybersecurity vertical during Q1 compared with the same period in 2023 (~30% of funding). Growth rounds made up ~20% of all funding rounds in Q1 compared with ~7% in the same quarter last year. 

• This was mainly driven by Next-gen Cybersecurity, which raised USD 791.5 million in growth funding, over half of all funding raised across all industries in the Cybersecurity vertical during Q1 2024. The share of growth funding in Next-gen Cybersecurity also increased to ~70% during Q1 compared with ~47% during the same period last year. However, average deal sizes of growth rounds shrank ~24%, leading to an overall contraction in Cybersecurity deal size.

• IAM and Cyber Insurance also helped drive the shift toward growth funding, raising USD 116 million and USD 25 million in growth-stage funding, respectively, compared with none in Q1 2023.

• This increase in growth-stage funding was accompanied by a contraction in seed funding across most sectors, and though there was also an expansion in early-stage funding, overall deal size remained relatively flat due to the balance of these rounds during the quarter.

Cybersecurity Q1 2024 funding by stage

Top 10 funding rounds across Cybersecurity (Q1 2024)

• In Q1 2024, the Cybersecurity vertical experienced several mega rounds that exceeded USD 100 million. Though not quite the size of certain deals witnessed in previous years, these rounds represent something of a comeback for large funding when compared with the relatively smaller values and fewer numbers of Q4 2023’s largest funding rounds.

• These include NinjaOne’s USD 231 million Series C funding round led by ICONIQ Growth at a valuation of USD 1.9 billion and Axonius’ Series E round of USD 200 million from Accel and Lightspeed Venture Partners at a valuation of USD 2.6 billion.

• Furthermore, IAM firm Silverfort raised USD 116 million in Series D funding and Nozomi Networks raised USD 100 million in Series E funding. Three USD 100 million fundings by ExtraHop, Coro, and Claroty round out the USD 100 million+ rounds.

• The 10 largest startup funding rounds of Q1 2024 totaled over USD 1.1 billion or more than 75% of the total funding raised during the period. These were primarily growth rounds.

Product updates: Focus firmly on SASE and feature expansion

Analyst Take: In the Next-gen Cybersecurity space, the primary focus appears to have shifted from generative AI (GenAI) integrations to SASE products, including the combination of various disparate solutions into a single-vendor offering. Organizations in this industry also worked to expand the reach of their solutions across new environments and customer categories. Cyber insurance companies focused on cyber risk management and digital privacy tools product launches varied in functionality.

• Several players launched SASE products and related solutions this quarter
  • Through 2023, Cybersecurity vendors focused on developing single-vendor SASE products, aiming to offer one-stop-shop solutions combining networking and security features. This trend appears to continue into 2024 with several new SASE offerings and aligned products launched in Q1.
  • Aryaka merged its security and networking offerings, announcing Aryaka Unified SASE-as-a-Service. The solution integrates the company’s single-pass security architecture with its zero-trust wide area network (WAN) solution.
  • Broadcom also launched its new single-vendor solution, VeloCloud SASE, secured by Symantec, combining recently acquired VMware’s Velocloud software-defined WAN (SD-WAN) with its Symantec Enterprise Cloud security service edge (SSE) solution.
  • Cato Networks introduced extended detection and response (XDR) capabilities into its existing SASE platform to launch an SASE-based XDR solution. The new product, Cato XDR, will reportedly leverage SASE functionality to side-step issues such as long deployment times, limited data quality, and inadequate response capabilities.
  • Zero-trust specialist Zscaler launched a combined SASE product, merging its SSE platform with a newly launched SD-WAN solution that offers integrated zero-trust features.
  • Netskope also launched a new version of its SASE solution, catering to mid-sized businesses and managed service providers (MSPs), with specialized features such as multi-tenant support and a tailored pricing model.

• Other significant product launches in Next-gen Cybersecurity focused on expansion of capabilities to new environments or targeted specific customer categories
  • Akamai’s Guardicore segmentation technology was expanded to hybrid cloud environments, allowing the firm to further reduce attack surfaces and helping security teams manage segmentation across their environments using a single platform.
  • ThreatLocker, an endpoint security vendor, launched a new MDR solution for MSPs.
  • Certain players launched products specifically for smaller businesses, with Lookout launching a new edition of its platform for mid-sized businesses and ESET introducing a new MDR solution for SMBs.
  • Incumbent player Tenable announced it was extending its exposure management platform to operational technology (OT) and IoT devices, while Vectra AI launched a managed XDR (MXDR) solution to defend against hybrid attacks that breach defenses across the cloud, data centers, and endpoints.
  • Bitdefender launched a new cloud security posture management (CSPM) solution, GravityZone CSPM+, which allows users to assess, monitor, and manage cloud infrastructure configurations on platforms such as AWS, Google Cloud, and Azure.

• Cybersecurity firms also continued to integrate GenAI into their products, though with fewer launches than last year
  • Incumbent cloud and network security firm Check Point unveiled a new integrated AI copilot for its Infinity platform, and Cycode, an application security posture management (ASPM) company, launched a GenAI integration for its risk intelligence graph (RIG). Exabeam also launched a GenAI-powered copilot designed to help analysts understand threats and offer recommendations.

• Product updates in the Digital Privacy Tools space varied in functionality
  • BigID announced several new access governance capabilities designed to help enterprises manage overexposed data and over-privileged users, improving overall security posture, minimizing insider risk, and enhancing AI compliance. The company also received a patent for the use of AI to locate personally identifiable information (PII), with the software integrated across its portfolio.
  • Infosum, a secure collaboration platform provider, extended the capabilities of its data cleanroom to allow organizations to leverage first-party data effectively. FileCloud, a data governance and collaboration platform focusing on unstructured data, also pushed a series of updates incorporating new AI capabilities for enhanced compliance and data protection.
  • Furthermore, content security startup Votiro launched a unified zero-trust platform with detection and response capabilities.

• In the Cyber Insurance space, companies focused heavily on cyber risk management, though other products were also revealed during the quarter
  • Beazley, a specialty insurance provider, launched its own cyber risk management company, Beazley Security, merging its in-house cyber services team with Lodestone, its fully owned cybersecurity subsidiary. The company will offer services such as MXDR.
  • Cyber insurance companies launched various risk management and mitigation products: 1) SecurityScorecard launched a new solution called SecurityScorecard MAX, which operates under a partner-franchise model, allowing partners to leverage the company’s new MAX risk engine; 2) BitSight launched a new solution to help manage third-party risk; and 3) KYND launched an exposure management tool that lets cyber insurers analyze their risk across their portfolios.
  • Cyber insurance provider Resilience announced the expansion of its coverage to companies with up to USD 10 billion in annual revenues, offering up to GBP 10 million (~USD 12.3 million) in insurance coverage. The company also launched a new tech errors and omissions (E&O) product.

• IAM firms focused on new customer IAM solutions
  • Frontegg launched Frontegg Forward, a customer IAM solution designed for SaaS companies to tackle customer identity and user management use cases within their products. Alcor launched a similar solution, AccessFlow, built on the ServiceNow platform, offering customer IAM, alongside cloud infrastructure entitlements management (CIEM) and role-based access capabilities.

• Zivver launched a new e-signature solution to improve email security
  • Zivver, a secure email solutions provider, announced a new digital signature solution that uses two-factor authentication and integration within existing email platforms to offer a higher level of security.

Notable product updates by type during Q1

Partnerships: Big Tech less dominant; disruptors drive activity

Analyst Take: Partnership activity across the Cybersecurity vertical was up slightly compared with the previous quarter. Big Tech took a step back in terms of partnerships, while established disruptors such as CrowdStrike and SentinelOne demonstrated heightened activity. In terms of scope, we saw variation in intent, ranging from expanding market reach to combining and simplifying product offerings.

• We witnessed 42 partnerships among monitored firms across all industries in the vertical. The Next-gen Cybersecurity industry once again led collaboration activity, accounting for 74% of all partnerships. More than three out of four partnerships across the vertical were product collaborations.

• Big Tech accounted for 19% of all partnerships compared with 54% in the previous quarter but maintained a significant presence with some notable collaborations
  • Alphabet’s Google Cloud entered into several partnerships, including with Virtru to make the latter’s data-centric security solutions available on the Google Cloud Platform and with GenAI company Anthropic and existing partner Liquid C2 to deliver cloud, security, and GenAI solutions across Africa.
  • Microsoft leveraged its Azure OpenAI service to help improve Check Point’s Infinity AI Copilot to bolster cyber threat response and security management in cloud environments. The tech giant also partnered with the Australian Signals Directorate (ASD), integrating its Microsoft Sentinel security information and event management (SIEM) platform with the ASD’s Cyber Threat Intelligence Sharing (CTIS) program.
  • Cisco was involved in numerous partnerships during the quarter, including an alliance with Kyndryl to develop two SSE-related products, Kyndryl Managed SSE and Kyndryl Consult SSE with Cisco Secure Access.
  • AWS inducted Corelight, a network detection and response (NDR) vendor, into its Independent Software Vendor (ISV) Accelerate co-sell program.

• CrowdStrike was very active during the quarter, entering into multiple partnerships of varying scope
  • The company expanded its partnership with NDR company ExtraHop, allowing customers of ExtraHop’s Reveal(x) platform to store records in the Falcon LogScale SIEM and log management solution, allowing them to consolidate data collection.
  • It announced a new strategic partnership with data security firm Rubrik to combine attack context from the latter’s Security Cloud platform with Falcon XDR to rapidly detect, investigate, and halt attacks targeting sensitive data. 
  • Other partnerships included an expanded strategic partnership with Dell Technologies to deliver Dell’s MDR services with the CrowdStrike Falcon XDR platform and integrations with Salt Security and Cado Security via the CrowdStrike marketplace to enhance API security and cyber forensic capabilities, respectively. The company also signed Ignition Technology as a strategic distribution partner for the UK.
  • It also collaborated with NVIDIA to develop cybersecurity-focused AI.

• SentinelOne also entered into several partnerships including
  • A product collaboration with NinjaOne that involved a bi-directional integration between the companies’ endpoint protection and management solutions to offer one-click threat detection and remediation.
  • An integration between the SentinelOne Singularity platform and ConcealBrowse, an AI-powered secure browser extension allowing for early threat detection, leveraging SentinelOne’s monitoring capabilities.
  • A collaboration with Canadian communications company Bell to offer data protection services to the latter’s enterprise customers.

• Other Cybersecurity partnerships varied in scope and included the following:
  • Check Point and ManageEngine announced an integration between the latter’s endpoint management solution and Check Point’s Harmony Mobile threat defense solution to help security teams automate the remediation of mobile threats.
  • Fortra, a diversified cybersecurity vendor, partnered with cloud security startup Lookout to launch its new Digital Guardian SSE solution, offering features such as continuous monitoring of devices and users and zero-trust access.
  • Darktrace partnered with Xage Security to integrate its AI-powered anomaly-based threat detection with the latter’s zero-trust protection capabilities, aiming to allow easier identification of breaches in OT and IT environments.
  • Detection and response firm Vectra announced an OEM partnership with deep observability company Gigamon to offer intelligent XDR across hybrid cloud environments.
  • NTT Data announced a global strategic partnership with external threat management company Cyfirma, using the latter’s DeCYFIR AI cyber intelligence platform to enhance the capabilities of its unified MDR solution.
  • Securiti and Lacework also announced a strategic partnership to safeguard sensitive data, while Stellar Cyber integrated with MSSP SASE platform Exium. Additionally, Cequence Security partnered with Vercara to enhance API protection.

• The Cyber Insurance space saw collaborations between disruptors and established players to launch cybersecurity products and extend insurance capacity limits
  • Cyberwrite and global insurer Howden collaborated to create actionable cyber insights for clients, while Zurich Insurance Group partnered with cybersecurity firm CYE to develop a new cybersecurity offering.
  • Notably, At-Bay partnered with detection and response specialist CrowdStrike to power its brand new At-Bay Stance MDR platform, its first foray into the Cybersecurity space, and BOXX partnered with global insurance group AXA to develop a new cyber risk mitigation tool.
  • Active insurance firm Coalition reportedly entered into a multi-year capacity deal with Aspen, a specialty reinsurer and insurer, with Aspen taking over a share of Coalition’s surplus lines capacity in the US.

• IAM partnership activity slowed and was focused on integrating products to offer simplified/unified offerings
  • AppViewX, a machine identity management (MIM) and application security firm, announced a partnership with confidential computing and data-first security firm Fortanix to offer a simplified MIM and code-signing for software supply chain security.
  • One Identity announced an expanded partnership with Verinext to offer a new privileged access management (PAM) solution without requiring additional infrastructure.

• In Next-gen Email Security, Egress partnered with Netskope
  • Egress, the human-risk-focused email security company, partnered with cloud security firm Netskope to enhance human-behavior-focused threat detection and response, generating holistic human risk scores for individual users.

Notable Big Tech partnerships across Cybersecurity during Q1

M&A: Cohesity to create data protection giant; notable activity by prominent players

Analyst Take: M&A news in Q1 2024 was dominated by Cohesity’s announcement of its plans to acquire Veritas’ data protection arm to create a combined company worth USD 7 billion. This is the largest M&A transaction we have observed since Q3 2023 though far from the likes of the USD 28 billion Cisco-Splunk deal that quarter. Other significant news included ZeroFox announcing it would soon go private and several significant acquisitions by major players in the Cybersecurity vertical, including Wiz, Zscaler, CrowdStrike, and SentinelOne.

• SaaS-focused data protection firm Cohesity’s plans to acquire Veritas to create a USD 7 billion data security giant was the biggest M&A story from Q1. The company, a relative newcomer to the space, is set to close the deal to acquire the data protection arm of Veritas by the end of 2024, subject to regulatory approval. The two companies, once merged, will reportedly operate as a single entity, with the combined firm expected to generate USD 1.6 billion in revenue.

• ZeroFox entered into a definitive agreement to be acquired and taken private by tech-focused private equity firm Haveli Investments. The ~USD 350 million all-cash deal is expected to close within the first half of 2024.

• Other notable news included Wiz’s announcement that it was acquiring Gem Security, with reports putting the deal at USD 350 million. The cloud security unicorn is expected to integrate Gem Security’s cloud detection and response (CDR) platform into its cloud security portfolio.

• Zscaler announced a fairly significant acquisition, snapping up Avalor at an estimated USD 250 million–350 million. Avalor, an Israeli open data platform, helps aggregate data from various sources, including legacy systems, data lakes, data warehouses, SQL databases, and applications, allowing organizations to analyze not only security-specific but all enterprise data for risk analysis.

• Next-gen Cybersecurity was the most active industry in terms of M&As in Q1 2024
  • CrowdStrike acquired Israeli cloud data protection company Flow Security, with sources putting the deal at USD 60 million–80 million. Flow monitors corporate data across databases and in motion across cloud services, external applications, developer environments, and more.
  • Endpoint protection specialist SentinelOne acquired cloud-native application protection platform (CNAPP) PingSafe to integrate the latter’s dynamic monitoring capabilities into its AI-powered Singularity suite.
  • Developer security firm Snyk announced the acquisition of microservices visibility startup Helios. It reportedly plans to integrate the new acquisition with its recently launched AppRisk ASPM solution.

• Other Cybersecurity acquisitions during the quarter included
  • Armis Security’s acquisitions to bolster its OT security capabilities—picking up cyber risk monitoring and management firm Silk Security in January and threat hunting technology company CTCI in February. Reports put the latter deal at ~USD 20 million.
  • DevOps platform GitLab’s acquisition of code security firm Oxeye for an estimated USD 30 million–40 million. Oxeye offers an application security testing solution designed to detect weaknesses and vulnerabilities in code during the development stage.
  • ASPM firm Cycode’s purchase of static application security testing (SAST) startup Bearer, with the transaction value reported to be around USD 10 million.
  • Dynatrace’s definitive agreement to acquire Runecast. It disclosed plans to integrate the latter’s security posture management capabilities into its cloud-native security observability platform.
  • Network security provider SonicWall’s announcement that it was acquiring SSE provider Banyan Security, continuing the trend of SASE-related acquisitions seen last quarter.
  • F5’s acquisition of Israeli API security platform Wib, and Link11, a web and infrastructure security provider, acquiring cloud-native web application and API protection (WAAP) platform Reblaze Technologies.

• In the Cyber Insurance space, Resilience moved to expand its capabilities through an acquisition
  • Resilience, the cyber risk management specialist, acquired incident response firm BreachQuest. BreachQuest’s capabilities will be used alongside Resilience’s cyber insurance claims management team, especially in the area of business email compromise (BEC).

• The IAM industry also saw several acquisitions
  • PAM provider Delinea snapped up two companies—Fastpath, an identity governance and administration (IGA) and identity access rights firm, and Authomize, an Israeli identity threat detection and response (IDTR) startup.   
  • Other acquisition activity in IAM included 1Password, a password management platform, announcing that it had acquired endpoint security firm Kolide and Ark Infotech acquiring IAM policy management platform company Slauth.io.
  • Identity solutions incumbent HID also announced the acquisition of Austrian SSL certificate provider ZeroSSL, while Jumpcloud acquired asset management and SaaS security platform Resmo.

• Next-gen Email Security saw two significant acquisitions during the period
  • Email security firm Mimecast announced it was acquiring Elevate Security, a provider of human risk management solutions.
  • Cloud security and compliance provider Hornet Security acquired email security vendor Vade to expand it geographically and bolster its Microsoft 365 email security capabilities for SMBs.

Trends in M&A activity

Appendices

1. Notable Big Tech partnerships across Cybersecurity

2. New startups that raised funding in Q4