Key takeaways

• Regulations

  • The most significant regulatory development in Q4 2023 in the Cybersecurity space was the introduction of the California Delete Act: Signed into law in October, the Delete Act charges the California Privacy Protection Agency (CPPA) with implementing a solution that enables the deletion of all personally identifiable information (PII) of a consumer across all data brokers in the state via a single request. 

• Funding

  • Cybersecurity funding continued to dip compared with 2022, reversing the apparent rebound of the previous quarter: Across the Cybersecurity vertical’s industries, firms raised USD 1.2 billion in total funding in Q4 2023, down 47.8% YoY compared with Q4 2022. Next-gen Cybersecurity saw the biggest decrease: a USD 860 million dip (or a 54.1% decrease) compared with Q4 2022. The largest round in Q4 was BlueVoyant’s USD 140 million Series E, with deal sizes a far cry from the multiple mega deals seen in the recent past.

• Product updates

  • Product updates continued to focus on GenAI integrations, although unification and single-vendor secure access service edge (SASE) were significant drivers: Microsoft took over from Alphabet as the leading incumbent in GenAI-cybersecurity integration, introducing capabilities combining GenAI with its security information and event management (SIEM) and extended detection and response (XDR) solutions. It also announced expanded coverage for its Security Copilot automated assistant across data security, identity, and management.
  • In the SASE space, Check Point and Cloudflare announced new single-vendor solutions. Palo Alto Networks announced a unified code-to-cloud security intelligence platform as well as an AI-powered unified management platform.

• Partnerships

  • We witnessed significant activity by Big Tech again this quarter: Although activity appeared to shrink compared with previous quarters, we witnessed significant activity by Big Tech firms, particularly Alphabet, with six partnerships. The scope of partnerships varied, ranging from GenAI collaborations to capability expansion to broad strategic partnerships and dedicated partner network activity.

• M&A

  • M&A activity continued to shrink; Palo Alto Networks dropped USD 1 billion on acquisitions: The cybersecurity giant confirmed two large deals: data security posture management (DSPM) firm Dig Security for USD 300 million–400 million and enterprise browser vendor Talon Cyber for ~USD 625 million. The quarter saw 19 deals across cybersecurity industries, down significantly from 32 in Q3 and much smaller than the mega deals of 2021 and 2022.

• Outlook

  • While there was definite slowing in terms of funding and M&A activity in Q4 2023 compared with previous quarters, Gartner expects global cybersecurity spending to increase by 14% in 2024, especially in the areas of cloud security and data privacy, driven by increasing adoption of public cloud services. Gartner also expects 42% of spending in the cybersecurity market to be in the security services segment, including managed detection and response (MDR).
  • The move toward consolidating product features observed during the previous quarter was still prevalent during Q4, as unification continued to be a prominent driver to combat tool sprawl and the proliferation of point security products. According to a Google Cloud report, demand for consolidated products and integrated ecosystems and services centered around security operations is expected to increase in 2024, indicating this trend could likely continue for the short to medium term. With GenAI and other AI tools continuing to proliferate, security solutions built to combat these advanced threats can also be expected to see additional demand. 

Regulations: A relatively quiet quarter sees California build further upon its privacy legislation

Analyst Take: Compared with previous quarters, the regulation space was quiet, with no new comprehensive privacy laws being introduced and the only new development being the signing of the California Delete Act into law. During the quarter, the Utah Consumer Privacy Act—originally signed in Q1 2023—came into effect. 

• The Delete Act expands upon the data subject rights granted to California residents by the California Consumer Privacy Act and extended by the California Privacy Rights Act, facilitating the creation of a process that will allow data subjects to request deletion of their information from all data brokers in the state via a single request; consumers were previously required to make separate requests to each individual controller.

• The CPPA has been tasked with developing a mechanism to enable this one-call deletion, with the law set to go into effect on January 1, 2026. Furthermore, all data brokers are required to register with the CPPA, and, beginning August 1, 2026, will be required to process mass data requests within 45 days from the date of request. 

Privacy laws that came into effect in Q4 2023

• In other cybersecurity regulation news, the SEC’s rules on cybersecurity risk and incident disclosures for public companies required organizations to submit said disclosures beginning December 18, 2023.

Funding: Rebound seen in previous quarter appeared to be short-lived

Analyst Take: An apparent rebound observed during Q3 2023 was short-lived, as funding dropped significantly during the fourth quarter—compared with both the same period last year and with Q3. Average deal sizes were also on a downtrend YoY, as industries saw a growing share of early-stage funding, and “mega” rounds, which were a staple across cybersecurity, are slowly becoming a thing of the past. 

Cybersecurity Q4 2023 funding summary

• Cybersecurity companies raised more than USD 1.2 billion across 41 funding rounds in Q4 2023—a 48.1% YoY decrease compared with Q4 2022 in terms of total funds and a 45.3% YoY decrease in the number of rounds (~USD 2.3 billion across 75 rounds). In absolute terms, Next-gen Cybersecurity saw the largest fall in funding for Q4, with a USD 873 million (54.4%) YoY decrease.

• The negative trend in funding for the quarter was experienced across most industries within Cybersecurity, with Digital Privacy Tools seeing a fall of 93.8% YoY, Cyber Insurance a drop of 37.7% YoY, and Next-gen Email Security raising no funding this quarter compared with USD 51.2 million in Q4 2022. IAM funding increased more than 12x, however, jumping from USD 28.1 million in Q4 2022 to USD 383.9 million in Q4 2023.

• On a QoQ basis, total funding raised during Q4 2023 shrank ~20%, and the number of funding rounds fell by ~30% compared with just over USD 1.5 billion raised in 59 rounds. This contraction was mainly owing to Next-gen Cybersecurity (-3.6% QoQ). IAM was the only industry to see growth in funding (up 80% QoQ); Digital Privacy Tools and Cyber Insurance saw declines in funding from Q3 to Q4 (91.2% and 61.4%, respectively).

Average deal size by industry (USD million)

• Average deal size was down YoY once again compared with Q4 2022 (-6.2%). IAM was the only industry to see an increase (average deal size up over 5.5x). All the other industries saw drops in average deal size YoY, including Next-gen Cybersecurity (~22%), Digital Privacy Tools (~67%), and Cyber Insurance (~38%).

• These falls in funding sizes are explained by a shift toward early-stage funding (~37% of all rounds) across the Cybersecurity vertical during Q4 compared with the same period in 2022 (~33% of all rounds). Growth rounds made up ~10% of all funding in Q4 compared with ~13% in Q4 2022.

• This was mainly driven by Cyber Insurance, which saw the share of early-stage funding more than double to ~88% during Q4 2023 compared with ~42% during the same period last year and no growth-stage funding altogether. The Digital Privacy Tools industry also saw a similar trend, where the share of early-stage funding was up nearly 8x during the quarter, with no growth-stage funding. The IAM segment also drove a large move toward early funding, raising USD 60.2 million in early-stage funding compared with none in Q4 2022.

• While the Next-gen Cybersecurity space saw an increase in the share of early-stage funding to ~46% during Q4 2023 (from ~35% last year), it also witnessed a rise in the share of growth-stage funding to ~40% from ~24% last year, mainly driven by the two large rounds of BlueVoyant and Island. These fundraisers were the only rounds this quarter to meet or exceed USD 100 million across all industries in the vertical compared with five such rounds in Q3.

Cybersecurity Q4 2023 funding by stage

Top 10 funding rounds across Cybersecurity (Q4 2023)

• The largest rounds in Next-gen Cybersecurity in Q4 were the aforementioned growth fundraises by MDR vendor BlueVoyant’s’ USD 140 million Series E led by Liberty Strategic Capital and ISTARI to fund its acquisition of Conquest Cyber and secure browser company’s Island USD 100 million Series C raised at a valuation of USD 1.5 billion.

• Furthermore, security operations startup Adlumin closed a USD 70 million Series B funding, and Censys, an exposure management platform, closed a USD 50 million Series C round, along with an additional USD 25 million in debt. Another USD 40 million round by cyber resilience firm Halcyon rounded out the top five rounds of the quarter. The industry continued to shift away from the mega rounds seen in 2022 and earlier in 2023; this may be due to a more conservative approach to funding the industry from venture capitalists.

• The 10 largest startup funding rounds of Q3 2023 totaled nearly USD 800 million or ~40% of the total funding raised during the period. These were primarily early rounds, along with a number of growth-stage fundings, including USD 40 million raised by IAM startup Prove and USD 30 million raised by consumer Digital Privacy firm Mine.

Product updates: Diverging product development focus as industry begins to focus on unification alongside GenAI

Analyst Take: While the trend of GenAI integrations of cybersecurity products continued into Q4, we saw focus diverging, with unification becoming a focus for many companies, particularly in the area of SASE, where many vendors are focusing on putting together single-vendor solutions. Microsoft announced expanded GenAI capabilities, echoing Google’s moves to expand its Duet Assistant’s capabilities in Q3.

• Integrations between Cybersecurity and GenAI persisted from Q3 and 1H
  • The trend of integrating GenAI into cybersecurity products seen in the previous three quarters continued into Q4, with deployments varying across all Cybersecurity segments and use cases.
  • Notably, among cybersecurity incumbents, Microsoft launched new cybersecurity capabilities, combining its SIEM and XDR with GenAI functionality. Additionally, the tech giant announced it was expanding its GenAI Security Copilot assistant system to cover its identity, data security, and management services.
  • BlackBerry and Fortinet were among the other established cybersecurity players to launch new GenAI capabilities, with the former announcing a new GenAI assistant that acts as an automated security operations center (SOC) analyst integrated with the firm’s Cylance AI and the latter launching Fortinet Advisor for the rapid analysis of security alerts.
  • In terms of disruptors, SentinelOne launched a new version of its Singularity XDR platform, Unity, incorporating a GenAI security assistant, and Stellar Cyber introduced a GenAI-based conversational interface for its open XDR platform.
  • Orca Security allied with Google Cloud and AWS in Q4 to integrate each cloud provider’s AI platform, namely Vertex AI and Amazon Bedrock, to enable capabilities such as the generation of remediation code. Having partnered with Microsoft earlier in the year to integrate Azure OpenAI for similar use cases, Orca now boasts a full complement of GenAI partnerships with the three major cloud platform providers.

• Besides GenAI integrations, Cybersecurity product updates focused on single-vendor SASE solutions from new and existing players
  • Check Point launched a hybrid single-vendor SASE solution, Quantum SASE, for hybrid work in Q4, integrating technologies from its recent acquisition of Perimeter 81, and Cloudflare announced the general availability of its home-grown single-vendor solution, combining security service edge point solutions and capabilities with its Magic WAN SD-WAN analog.
  • Versa Networks and Hewlett Packard Enterprise’s “Aruba” secure networking arm also announced extensions to their SASE capabilities. Versa launched Versa Secure SD-LAN, a local area network (LAN) version of its SASE solution, extending capabilities such as zero-trust access, which are generally available only for enterprise WAN, to LAN networks for branch offices and campuses. Aruba announced the extension of policy enforcement capabilities to its SD-WAN, campus switch, and Internet-of-Things (IoT) environments.

• The industry also continued its focus on the unification and rationalization of point products to combat tool sprawl, specifically in the application development life cycle space
  • A notable example of this was cloud security firm Lacework’s announcement of a unified code and application security platform, incorporating software composition analysis for visibility into third-party libraries and static application security testing to identify vulnerabilities in in-house code.
  • Newcomer P0 was also developing a secure cloud access and developer entitlement platform designed to help cut down the number of point solutions currently used by enterprises.
  • Palo Alto Networks also upgraded its Prisma Cloud cloud security platform in Q4, with the new unified release Darwin, incorporating code-to-cloud intelligence features that identify patterns, behaviors, and anomalies across application source code, cloud infrastructure, and runtime environments.

• Other product updates include AI-powered analytics and threat intelligence solutions
  • Palo Alto also launched Strata Cloud Manager, an AI-powered zero trust management and operations platform to unify management and visibility for its network security and SASE solutions.
  • IBM announced an AI-powered MDR solution, and Rapid7 launched AI-powered threat detection capabilities for public cloud environments.
  • Extended Internet-of-Things (XIoT) startup NetRise announced Trace, an AI-powered semantic search tool for software supply chain security, reportedly an industry first, and Seceon revealed a new AI-powered XDR platform for MDR providers and other managed service providers (MSPs).

• Within Digital Privacy Tools, updates focused on using AI to bolster data security
  • Data privacy and protection company BigID launched a new AI-powered tool that automatically generates remediation instructions for data security to help reduce the burden on security teams and safeguard a company’s sensitive data, including private consumer information, by leveraging an AI engine that provides real-time intelligence and prioritization capabilities and recommends the optimal course of actions.

• In Cyber Insurance, developments were varied and included new cyber insurance and tech errors and omissions (E&O) product launches 
  • Established players began taking a keener look at cyber insurance. USQRisk, a global managing general agent (MGA) specializing in alternative risk transfer, announced the launch of Pera, a new MGA agent that will provide cyber insurance tech E&O to large US enterprises, and global broker Howden Group launched a primary cyber and tech E&O product.
  • At-Bay announced the launch of Stance, an MDR platform catering to small and medium-sized businesses (SMBs). Stance provides proactive threat detection, in-depth customization, and cyber insurance premium incentives based on improved security posture. This development is notable in the space due to the crossover between cyber insurance and cybersecurity.
  • Resilience increased its cyber insurance coverage to GBP 10 million (~USD 12.1 million) for insureds in the UK and Europe, backed by a strategic partnership with RSA Insurance and R&W Accredited.

• In a bid to bolster reinsurance capacity to resist systemic events across the cyber insurance space, reinsurers began launching “cyber cat bonds” pursuant to Rule 144a
  • AXIS and Beazley both announced 144a cyber cat bonds during Q4, with AXIS launching a USD 75 million bond issued by special-purpose insurer Long Walk Reinsurance, while London-based Beazley announced a USD 100 million 144a cyber cat bond, backed by the Lloyd’s of London insurance-linked securities (ILS) structure, reportedly the first excess-of-loss catastrophe bond transaction issued by Lloyd’s ILS.

• IRONSCALES introduced ML-powered tools to counter AI-generated image-based phishing attacks
  • IRONSCALES introduced an ML-powered update, aimed at countering image-based phishing attacks, driven by the development of GenAI technology available to cyber criminals.

• IAM firms announced solutions varying in scope and functionality
  • Datadog, a monitoring and security platform for cloud platforms, announced the addition of identity, vulnerability, and app-level findings to its security inbox.
  • Teleport, a cloud infrastructure access management platform, announced the availability of a new governance and security product designed to secure identities across multiple cloud environments.

Notable product updates by type during Q4

Source: Compiled by SPEEDA Edge based on multiple sources

Partnerships: Activity shrinks, Big Tech dominates again

• We observed a scaling down in the level of partnerships (37) across the different verticals of Cybersecurity in Q4 2023, with the most number of partnerships related to Next-gen Cybersecurity (~78% of all partnerships). Product collaborations were the most common, accounting for ~65% of all activity.

• Big Tech once again dominated Cybersecurity partnerships, with Alphabet in the lead
  • Alphabet, via Google Cloud, was the biggest participant in Cybersecurity collaborations, with six partnerships across Next-gen Cybersecurity. 
    • These include alliances with Accenture, British Telecom (BT), and PWC to offer expanded managed services in the form of MDR and public-sector cybersecurity.
    • Google Cloud also collaborated with Fortinet to help expand the latter’s SASE capabilities by leveraging Google Cloud’s global network edge locations to extend its SASE points of presence (POP) coverage and with Orca Security, integrating Orca’s platform with Google’s Vertex AI for automated generation of remediation code.
    • Furthermore, the company signed an agreement with Liquid C2, a business of Cassava Technologies to expand its security business to Africa.
  • Amazon also announced several collaborations, including the following:
    • The onboarding of CrowdStrike’s Falcon GO cybersecurity platform for SMBs onto the Amazon Business marketplace, following an expanded agreement focusing on cybersecurity AI development earlier in the year.
    • The company also partnered with Orca Security in an alliance that mirrored Alphabet’s move to integrate Orca’s platform with Amazon’s Bedrock AI platform for remediation instruction generation.
    • Additionally, Amazon collaborated with Tata Consultancy Services (TCS) to launch the Cyber Insights Platform, powered by Amazon Security Lake and AI.
  • Microsoft was also quite active in Q4, partnering with the following: 
    • Lenovo—to develop a cyber resiliency as a service (CRaaS) solution for security across devices, users, apps, data, networks, and cloud services.
    • 42Crunch, integrating its API security audit and vulnerability testing tool with Microsoft Defender for Cloud, enabling continuous API protection from design to runtime.
    • ESET—to integrate its intelligence feeds into the Microsoft Sentinel SIEM and security operations, automation, and response (SOAR) platform.
  • Cisco collaborated with Port53, a company focusing on supporting lean IT teams, to provide enterprise-level security posture management solutions through its XDR platform.
  • Palo Alto Networks announced an expanded partnership with IBM to provide end-to-end security posture and address evolving cyber threats, and Intel partnered with endpoint security company Eclypsium to provide enhanced visibility into supply chains.
• Cybersecurity partnerships outside of Big Tech varied in scope, including the following:
  • Operational technology (OT) security firm Armis announced an expanded partnership with CrowdStrike to provide customers comprehensive exposure management, integrating CrowdStrike Falcon Insight for IoT with Armis Centrix, as well as Falcon LogScale, a security information and event management tool.
  • Sysdig and Docker partnered to offer a cloud-native application developer security solution, integrating the former’s runtime insights with the latter’s Scout tool to help developers prioritize risk and speed up implementation, and Cybeats announced a partnership with CodeSecure to monitor reused code for software supply chain security.
  • Network Perception and Claroty announced a partnership to secure OT networks with a comprehensive audit platform to verify changes and enhance visibility.
  • Enterprise application programming security startup Noname Security announced integrations with security operations vendors Palo Alto, Tines, and Swimlane to enhance API security.
  • Netskope announced a partnership with Telstra to deliver its SASE solutions globally, while BlueVoyant partnered with Ernst & Young to provide services around Microsoft 365 E5 advanced security tools and solutions. High Wire Networks and Exclusive Networks partnered to provide expanded managed endpoint detection and response capabilities.

• Digital Privacy saw one alliance in Q4 2023 to expand capabilities and provide unified products
  • Data collaboration and clean room solution Optable joined the Amazon Partner Network.

• In Cyber Insurance, Microsoft’s collaboration with Cowbell was the only notable deal
  • Cowbell entered an agreement with Microsoft to offer its cyber insurance policyholders complimentary Microsoft 365 Business Premium.

• IAM had notably increased activity compared with the previous quarter, with tech incumbents making several notable deals
  • Alphabet partnered with identity security specialist Okta to launch Okta AI, an AI-powered suite of security tools designed to protect against cyber threats and enhance user experience.
  • Multi-factor authenticator Beyond Identity and endpoint detection and response firm Cybereason partnered to build a zero-trust identity security solution.
  • Resiliant, a provider of identity credential access management SaaS solutions, partnered with IT solutions provider Carahsoft to deliver identity and access solutions to government organizations, with Carahsoft serving as Master Government Aggregator.
  • Axiad, a passwordless orchestration solution provider, joined the Amazon Partner Network.
  • PlainID, an authorization solutions company, launched a tool for Microsoft Power BI.

• In Next-gen Email Security, we saw CrowdStrike partner with an email security specialist
  • Egress announced a partnership with CrowdStike to prevent email-based threats driven by human risk.

Notable Big Tech partnerships across the Cybersecurity industry during Q4

Note: Refer to Appendix 1 for full list of notable partnerships by Big Tech firms

Note: Refer to Appendix 1 for full list of notable partnerships by Big Tech firms

M&A: Activity shrank compared with Q3, Palo Alto snapped up specialists for USD 1 billion

• The biggest news in cybersecurity M&A for Q4 2023 was Palo Alto Networks’ confirmation of a billion-dollar twin acquisition
  • Palo Alto confirmed rumors that it was looking to acquire DSPM firm Dig Security, with sources putting the deal in the range of USD 300 million–400 million, and Talon Security, a secure enterprise browser vendor, for a reported ~USD 625 million. 
  • Palo Alto says it plans to incorporate the DSPM capabilities of Dig Security into its solutions to offer comprehensive code-to-cloud security and will also combine Talon’s secure browser with its Prisma SASE solution to enable secure remote access from any device via the web.

• Another notable announcement was Cisco’s USD 100 million acquisition of Insovalent. A cloud native networking and security company, Insovalent offers a platform that leverages extended Berkeley Packet Filter technology to help build security systems that help build cloud workloads at runtime. Insolvent’s capabilities will be integrated into Cisco’s hybrid Security Cloud platform.

• The quarter also witnessed M&A activity across managed security services, with a focus on extending service coverage across geographies
  • Lumifi acquired Castra, an MDR company specializing in the Exabeam SIEM platform, for an undisclosed sum, to integrate its capabilities into its own SIEM tooling.
  • SMB cybersecurity firm SonicWall acquired managed security services provider Solutions Granted to expand its reach across Europe, Asia-Pacific, and Latin America, and Accenture acquired Innotec Solutions to bolster its presence in Spain. Neither acquisition’s value was publicly disclosed.
  • Furthermore, Accenture acquired Mexico-based managed security services provider MNEMO. MNEMO offers a cybersecurity platform, powered by GenAI and a 24/7 SOC in Mexico.
  • Security operations specialist Arctic Wolf announced had plans to acquire Revelstoke for an undisclosed sum, with the objective of integrating the latter’s SOAR platform into its MDR portfolio to help automate certain cybersecurity tasks and enable quicker breach detection and remediation.
  • PagerDuty, a software monitoring platform, acquired incident management startup Jeli.io.

• Other Next-gen Cybersecurity acquisitions were as follows:
  • Rockwell Automation acquired OT security vendor Verve IndustrialPublicly traded Rockwell Automation will integrate Verve into its life cycle services unit, adding asset inventory and vulnerability management capabilities.
  • BlueVoyant acquired Conquest Cyber in parallel with its USD 140 million Series E fundraise.
  • SentinelOne acquired cybersecurity consulting services company Krebs Stamos Group.

• SingTel, RTX, and several other firms announced divestments of cybersecurity divisions in Q4 2023 citing economic grounds
  • Singapore Telecommunications (SingTel) agreed to sell its MDR unit Trustwave to cybersecurity advisory firm Chertoff Group for USD 205 million. SingTel is selling Trustwave at 75% of the value it purchased the firm for in 2015 (USD 770 million), with the decision to sell reportedly arising from a recent strategic review citing COVID-related economic shocks.
  • US defense contractor RTX (formerly Raytheon), with its storied history of rebrandings and M&A, announced it was divesting its cybersecurity arm Raytheon Cyber in a USD 1.3 billion all-cash transaction, following a 21% decline in revenue. Although not confirmed, private equity (PE) giant Blackstone is rumored to be the buyer.
  • AT&T announced it was looking at separating its managed cybersecurity services division via a joint venture with WillJam Ventures, and Forcepoint revealed it was divesting its government and critical infrastructure business to PE firm TPG Capital.
  • Finally, BlackBerry announced it was planning to separate its IoT and cybersecurity divisions by taking the IoT arm public, although this plan is reportedly being scrapped per an announcement later in the quarter.

• The Cyber Insurance space sees consolidation as Travelers Insurance Group bags major disruptor
  • Cyber managing general underwriter Corvus Insurance will be acquired by Travelers Insurance Group in a deal worth USD 435 million. Corvus’ expertise in cyber insurance and related lines will be used to enhance Travelers’ own capabilities in the space.

• Digital Privacy M&A saw varied acquisitions, with Osano and Kiteworks snapping up startups
  • WireWheel, a provider of enterprise data privacy solutions, will be acquired by Osano for an undisclosed sum. Osano reportedly had plans to integrate WireWheel’s solutions into its own data privacy platform.
  • Furthermore, data privacy and compliance firm Kiteworks announced the acquisition of Maytech, a data file transfer solutions provider.

• Okta was the most active firm in terms of acquisition in IAM
  • Identity and access company acquired security firm Spera for ~USD 100 million. Tel-Aviv- and Palo Alto-based Spera offers tools to identify silos across SaaS infrastructure apps, helping discover vulnerabilities and prioritize security issues based on regulations, attack vectors, and industry best practices.
  • The company also acquired password manager Uno, which provides a one-click web login app. Uno will reportedly be discontinued, and its team will join Okta’s “Personal” division. Financial details of the deal were not disclosed.

• In Next-gen Email Security, Proofpoint acquired Tessian for an undisclosed sum
  • Tessian offers an AI-powered solution that automatically detects and guards against accidental data loss and email threats.

Trends in M&A activity during 2023

Appendices

1. Notable Big Tech partnerships across Cybersecurity

2. Startups that raised funding for the first time in Q4