Table of contents

• Key takeaways
• Regulations
• Funding
• Product updates
• Partnerships
• M&A
• Appendices

Key takeaways

• Regulations 

  • The White House puts its national cyber plan into motion: The Office of the National Cyber Director (ONCD) published the National Cybersecurity Strategy Implementation Plan (NCSIP) during the quarter, outlining a roadmap of activities, responsible agencies, and timelines for the mobilization of the National Cybersecurity Strategy (NCS) revealed in March this year. At a state level, two more US states signed their respective privacy acts into law in Q3, bringing the total to 13, as of end-September 2023.

• Funding

  • Cybersecurity funding appears to be bouncing back: The total funding raised in Q3 2023 increased 11.8% YoY compared with Q3 2022 and over 56% compared with the previous quarter. Identity & Access Management (IAM) was a major driver of this growth, up nearly 5x YoY in Q3. The number of rounds also increased both YoY (11.8%) and QoQ (5.4%), though we observed a fall in average deal size compared with past periods. Q3 did not witness numerous super-sized fundings, though it did see a number of healthy growth-stage investments, including a USD 238 million Cato Networks venture round.

• Product updates

  • GenAI integrations continued to be a key focus: Alphabet’s Google Cloud led the way by integrating its Duet GenAI assistant with a range of cloud security products to enable natural language interfaces. Other product updates focused on streamlining product portfolios by combining and integrating point products into consolidated platforms and extending their capabilities to address tool sprawl. Stellar Cyber’s expansion of its Open Extended Detection and Response (XDR) platform to include OT devices and Microsoft’s extension of its Defender for Cloud platform to support Google Cloud were examples of this.

• Partnerships

  • Product collaborations accounted for the majority of Cybersecurity partnerships: Alphabet continued to capitalize on its head start in Q3 by leading the integration of GenAI capabilities with several cybersecurity companies. Other partnerships focused on extending product capabilities, introducing joint solutions, and expanding geographic reach.

• M&A

  • The Cisco–Splunk deal marks a reversal of fortune for Cybersecurity M&As: The network solutions provider acquired Splunk for USD 28 billion making it the company’s largest acquisition ever. This, along with Thales’ acquisition of Imperva for USD 3.6 billion could serve as a catalyst for more large deals in the sector. Other M&A activity in the space during Q3 2023 focused on product consolidation, especially in the security access service edge (SASE) subsegment.

• Outlook

  • Further consolidation is expected, with M&As being more attractive than ever: A notable trend in Cybersecurity activity is the move toward consolidating products and services and adopting a “one-stop-shop” approach to address the disproportionate growth in the number of tools needed to secure enterprise infrastructure. M&As have historically been a preferred growth method for cybersecurity companies, with major deals being announced during the quarter. Meanwhile, various large industry names evaluating takeover offers, venture capitalists looking for exits, and an environment of falling valuations can be expected to lead to major deals in the coming quarters.

Regulations: State privacy laws by the (baker’s) dozen; social networks continue to pay the price

Analyst Take: The highlight of US cybersecurity regulation in Q3 2023 was the release of the roadmap and implementation plan for the National Cybersecurity Strategy, which was unveiled by the Biden Administration in March. Individual states continued to add to the list of state privacy laws, with Colorado’s and Connecticut's privacy regulations (introduced over the past two years) going into effect during the quarter. Social media giants continued to rack up fines, with Meta adding billions to its already hefty pile of penalties.

• The White House releases the implementation plan for US National Cybersecurity Strategy. On July 13, 2023, the ONCD at the White House published the NCSIP—an implementation roadmap for the NCS unveiled by the White House earlier this year.

• Under five core strategic pillars, the NCSIP outlines 65 specific initiatives, each assigned to one of 18 federal agencies for action with corresponding timelines. The road map will be coordinated by the ONCD, assisted by the Office of Management and Budget (OMB). Refer to Appendix 1 for notable initiatives under the NCSIP.

• The SEC adopted a new rule on public companies' disclosure of cyber incidents, requiring them to report incidents within four days of determining whether the breach is material to investors. The rule requires companies to periodically demonstrate that they are taking the necessary steps to address threats.

• Two new names added to the list of states with comprehensive privacy regulations: The Colorado Privacy Act (CPA) and Connecticut’s Data Privacy Act (CTDPA) went into effect during Q3 2023, while Oregon and Delaware each enacted new data privacy regulations, bringing the total number of states in the US with a comprehensive privacy law to 13, as of end-September 2023.

• While the California Privacy Rights Act (CPRA)—an amendment of the existing California Consumer Privacy Act (CCPA)—has technically been in effect since January, California courts issued a ruling in July delaying the enforcement of certain provisions of the Act until March 2024.

Privacy laws signed into law during Q3 2023

Privacy laws that came into effect in Q3 2023

• Globally, the EU adopted an adequacy decision on the EU-US Data Privacy Framework, allowing the transfer of personal data to the US without additional security measures.

• Social media companies continue to find themselves in the crosshairs of regulators 
  • Meta found itself in trouble with Norway’s privacy watchdog, Datatilsynet, which banned Meta’s platforms from displaying behavioral ads in the country. Meta reportedly ignored the ban, risking a fine of NOK 1 million (~USD 100,000) per day and sought an injunction against the order, which was overturned by the Oslo court. Datatilsynet subsequently asked the EDPB to enforce the fine. Meta has racked up nearly EUR 2.3 billion (~USD 2.5 billion) in GDPR fines to date, including a record-breaking USD 1.2 billion penalty for transferring EU user data to the US in May.
  • ByteDance’s TikTok was fined EUR 345 million (~USD 368 million) late in the quarter for breaching children’s data privacy laws under the GDPR, following a ruling by the central EU privacy body in August.

Funding: Cyber funding rebounds though still far below 2022 levels

Analyst Take: Though funding across most sectors within Cybersecurity seems to be slowly bouncing back since 1H 2023, we observed fewer “mega” growth fundings compared with recent quarters. The conservative growth in total funding and smaller deal sizes may point to a more mature investment strategy by funders across most sectors as tech funding begins to recover.

Cybersecurity Q3 2023 funding summary

• Cybersecurity companies raised more than USD 1.5 billion across 59 funding rounds in Q3 2023—an 11.8% YoY increase compared with Q3 2022 in terms of total funds and an 18% YoY increase in the number of rounds (~USD 1.4 billion across 50 rounds). Investment in IAM was a primary driver of the increase, with total funds raised in Q3 2023 across this sector growing nearly 5x YoY to USD 228.3 million compared with USD 40.2 million in Q3 2022.

• An upward trend in funding was observed in Next-gen Cybersecurity (4.2% YoY) and Digital Privacy Tools (31.0% YoY), though Cyber Insurance funding decreased by nearly 50% YoY compared with Q3 2022. Next-gen Email Security raised no funding during the quarter.

• On a QoQ basis, the total funding raised during Q3 2023 grew 56.8% and the number of funding rounds grew by 5.4% compared with just under USD 1.0 billion raised in 56 rounds in Q2 2023. This growth was seen across all industries except Next-gen Email Security and was driven by Digital Privacy Tools.

Average deal size by industry (USD million)

• The trend of declining YoY deal sizes seen in the first half of 2023 continued into Q3, with average deal sizes down nearly 13% overall compared with Q3 2022. On a per-industry basis, the average deal size remained mostly stable. However, Cyber Insurance saw a large decrease (57.3%), while IAM was the only segment to see an increase in average deal size (up 26.2% YoY). 

• The share of growth-stage funding declined across the sector in favor of a higher share of early-stage funding rounds (~34% of all rounds) during Q3 2023 compared with the same quarter last year (~26% of all rounds), with total early-stage funds increasing by 64.0% YoY. This change was driven by the increase in the total funds raised through early-stage rounds across the Next-gen Cybersecurity (up 97.4% YoY) and Cyber Insurance (up 63.9% YoY) industries. 

• In contrast, the Digital Privacy space witnessed a 52.6% YoY increase in growth-stage funding on the heels of OneTrust’s USD 150 million funding round. IAM startups went from seeing no growth-stage rounds in Q3 of last year to recording three rounds during Q3 2023.

Top 10 funding rounds across Cybersecurity (Q3 2023)

• The largest round in Q3 was SASE vendor Cato Networks’ USD 238 million venture financing led by Lightspeed Venture Partners, which valued the company at USD 3 billion. Digital Privacy Tools company OneTrust raised USD 150 million at a “down” valuation of USD 4.5 billion and IAM startup SpyCloud closed a USD 110 million Series D.

• Resilience closed a USD 100 million Series D round, the largest in the Cyber Insurance segment. Another USD 100 million round by secure networking firm Nord Security rounded out the top five rounds of the quarter, which saw far fewer ubiquitous super-sized financings, as seen in 2022 and slightly less frequently in 1H 2023.

• The 10 largest startup funding rounds of Q3 2023 totaled nearly USD 1 billion or ~65% of the total funding raised during the period. These were primarily growth rounds, along with a number of early-stage fundings.

Product updates: GenAI integrations continue; other developments focus on automation and consolidation

Analyst Take: GenAI integrations continued in Q3 with cybersecurity vendors continuing to incorporate the technology into their offerings to enable natural language user interfaces. Outside of GenAI, the focus appears to be on automation and feature rationalization, as the number of point solutions and platforms required to secure enterprises continues to grow in complexity and number. 

• Cybersecurity-GenAI integration continued into Q3 2023
  • The trend of integrating GenAI into cybersecurity products seen in the first half of the year continued into Q3, with varying implementations across all Cybersecurity segments and use cases.
  • Google Cloud launched a program to integrate GenAI across its entire portfolio, notably an extension of its “Duet” AI assistant and CISA-aligned updates for its security offerings. Duet will integrate with Google’s multiple security products, including Mandiant Threat Intelligence, Chronicle Security Operations, and Google Cloud Security Command Center, to summarize and generate tailored threat reports and facilitate natural language interactions.
  • Tenable announced Exposure AI, a tool that provides security posture information and mitigation advice, while Lookout introduced SAIL, a GenAI assistant for its mobile security solution that allows users to navigate the platform, analyze telemetry, and receive industry knowledge and tips. 
  • Orca Security’s implementation, built on OpenAI’s GPT-4, provides a search tool for discovering cloud assets. In addition, Versa announced GenAI upgrades for its secure access service edge (SASE) platform, and Exabeam unveiled AI and GenAI-powered capabilities to improve threat detection and response.

• Other Cybersecurity product updates focus on portfolio rationalization in a bid to help combat tool sprawl in Q3
  • Palo Alto Networks launched a graph-based CI/CD security module for its Prisma Cloud platform, which provides developers a unified solution to safeguard applications and software pipelines. The module integrates graph-based technology from the recent acquisition of Cider Security. Simultaneously, Stellar Cyber broadened the coverage of its Open XDR platform to encompass both OT and IT devices, streamlining operations and facilitating a more effective response to lateral attacker movement.
  • Microsoft extended advanced multi-cloud posture management features of its Defender for Cloud platform to Google Cloud. Defender now offers workload protection across all three major public cloud providers. Cisco enhanced its recently launched XDR solution with ransomware detection and recovery, focusing on near-real-time recovery and enhancing cybersecurity, in line with the company’s broader strategy for a unified, AI-driven security, cross-domain security platform.

• Product developments across security access service edge (SASE) also continue to drive unification
  • Microsoft also entered the secure service edge (SSE) market with dual offerings: 1) Entra Internet Access, a secure web gateway (SWG) for internet, SaaS, and resource access, and 2) Entra Private Access, a zero-trust network access (ZTNA) solution for private applications across cloud environments. Microsoft’s existing cloud access security broker (CASB), Defender for Cloud Apps, completes its SSE offering.
  • Lumen Technologies also unveiled enhancements to its SASE solution, featuring SSE for secure internet and SaaS access, and cloud-hosted gateways for centralized and flexible security and cloud hosting, while Fortinet integrated its FortiSASE solution with its WLAN portfolio, providing unified LAN and WAN security to secure connections at remote work sites and distributed edges.

• Digital privacy tools join a growing list of platforms that prevent data breaches resulting from LLM use
  • Data privacy automation specialist Lightbeam.ai announced Spectra Copilot, a system designed to help organizations protect sensitive data and deploy AI, including large language models (LLMs). Copilot learns compliance policies to identify sensitive data, monitors activity, and maintains identity-centric records for compliant data disclosure.
  • TripleBlind launched an AI privacy platform leveraging a patented technology, AI Blinding, which allows the running of privacy-preserving analysis on datasets.

• Cyber Insurance product innovation focused on SMBs; At-Bay continued its full-stack push
  • At-Bay completed its transition into a full-stack insurer and began issuing its own cyber and tech errors and omissions (E&O) policies on an excess and surplus (E&S) paper written by At-Bay Specialty; competitor Coalition was also reportedly preparing to launch a cyber reinsurance managing general agent (MGA).
  • Mulberri, an AI-driven insurance platform, launched a cyber insurance MGA to simplify cyber coverage for SMBs. Meanwhile, Zurich North America introduced its Cyber Concierge Suite, offering admitted cyber coverage and response support to middle-market businesses.
  • In other news, cyber ratings and response firm SecurityScorecard announced a new managed service to help businesses implement third-party risk management controls.

• Email security companies also jumped on the GenAI bandwagon
  • Abnormal Security unveiled "CheckGPT," a service that uses natural language processing (NLP), AI, and a suite of open-source LLMs to detect AI-driven email attacks. Meanwhile, IRONSCALES introduced GPT-powered phishing simulation testing (PST) and accidental data exposure (ADE) to enhance cybersecurity training and prevent data exposure.

• IAM firms began to adopt a passwordless approach
  • Ping Identity introduced PingOne for Customers Passwordless, a cloud solution designed to expedite passwordless initiatives and enable the design, testing, and deployment of secure customer experiences; Infisign launched its IAM platform, offering passwordless authentication and zero-trust security and privileged access security to manage sensitive assets. 
  • In other IAM developments, Oracle has enhanced its identity governance and administration service to help manage the identity lifecycle by providing no-code workflow creation and automated/simplified access configuration as well as the provisioning of new applications. It also allows administrators to grant access to resources based on common variables such as attributes, roles, or policies while maintaining granularity.

Notable product updates by type during Q3

Note: Excludes Cyber Insurance product updates

Source: Compiled by SPEEDA Edge based on multiple sources

Partnerships: Alphabet once again powers GenAI capabilities of various cybersecurity tools

Analyst Take: Similar to 1H, GenAI integrations were a recurring theme in the Next-gen Cybersecurity space yet again, with Alphabet leading the way by partnering with several cybersecurity companies to integrate GenAI capabilities into various cybersecurity products. Outside of GenAI, partnerships were focused on expanding product capabilities, introducing joint solutions, and expanding geographical reach. 

• We observed a similar level of notable partnerships (54) across the different verticals of Cybersecurity in Q3 2023, with the most number of partnerships related to Next-gen Cybersecurity (~54% of all partnerships). Product collaborations were the most common, accounting for ~93% of all activity.

• Big Tech once again dominated Cybersecurity partnerships, with Alphabet in the lead
  • Alphabet, via Google Cloud, was the biggest participant in cybersecurity collaborations, with over 14 partnerships across Next-gen Cybersecurity (11), Digital Privacy Tools (2), and IAM (1). 
    • These include alliances with Splunk, Exabeam, and Symantec to integrate Google’s GenAI into cybersecurity products.
    • Besides GenAI collaborations, Alphabet’s activities included entering an expanded partnership with Lacework to offer enhanced security for Google Cloud environments and a collaboration with Carahsoft, Forescout, and stackArmor to develop cybersecurity solutions for public agencies. 
  • Microsoft also had an active quarter in terms of collaboration, mostly focusing on product integration and development with Next-gen Cybersecurity platforms, including Connectwise’s managed detection and response (MDR) product, Forescout’s detection and response tools, and Firedome’s IoT protection solution. Furthermore, Appdome, a mobile security company, announced an integration with a cloud-based service from Azure, and Sophos announced the launch of MDR for Microsoft Defender.

• Outside of Big Tech, cybersecurity players focused on integrations to expand capabilities and coverage of platforms, especially in the MDR space
  • Deloitte was one of the more active players, striking a deal with operational technology (OT) security vendor Claroty to extend its managed extended detection and response (MXDR) capabilities to industrial environments and added network security provider Netskope to its list of MXDR partners. The company also expanded its strategic relationship with Palo Alto Networks, launching a new secure software development lifecycle (SSDL) product.
  • Other notable cybersecurity partnerships include Ernst & Young collaborating with Secureworks to launch a new intelligent XDR (IXDR) solution, Stellar Cyber launching its XDR platform on Oracle’s Cloud Infrastructure (OCI) platform, and Lacework and Snowflake expanding their collaboration to allow users to access Lacework’s security data through Snowflake’s secure data platform.
  • SentinelOne reportedly unilaterally terminated a sales and collaboration agreement with Wiz, citing lack of execution, following rumors that it was contemplating an acquisition bid from the smaller firm. Company officials later clarified that the broader partnership was still ongoing and that only a specific reseller agreement had been discontinued.

• In the Digital Privacy space, partnership goals varied from distribution to automation and consolidation 
  • Secure data collaboration company Duality Technologies joined the Amazon Web Services (AWS) partner network and launched its platform on the AWS marketplace.
  • AI and data security governance company Privacera announced an integration with Collibra, a data intelligence platform, to enable automated data classification, policy enforcement, and auditing processes.
  • PwC UK signed an agreement with NowVertical Group to distribute the latter’s NOW Privacy data discovery and governance product in the UK market.
  • Thales and Intel joined forces to combine their respective CipherTrust Data Security and Trust Authority Attestation products to develop a comprehensive, unified data security platform.

• In Cyber Insurance too, collaborations focused on simplifying processes
  • Cowbell was among the most active during Q3, entering into an agreement with InsurTech company Zywave in September to streamline quoting processes, having previously announced it had joined AWS’ cyber insurance partner initiative in July.
  • Meanwhile, detection and response firm SentinelOne partnered with global specialty insurer Chubb to develop a streamlined cyber risk management solution for Chubb’s customers with over USD 100 million in revenue.

• Players in this space also leveraged partnerships to develop innovative new insurance and risk products and reinforce existing offerings globally
  • Insurers and risk quantifiers are partnering to offer incentives to organizations that invest in cybersecurity. SecurityScorecard and Measured Analytics partnered to offer discounts on cyber insurance premiums based on a policyholder’s risk score, while Mosaic Insurance and Safe Security launched a similar incentive in June.
  • Coalition partnered with HDI Global Specialty for additional cyber capacity in Canada. HDI will participate on a quota-share basis across all cyber insurance products offered by Coalition in the region. Similarly, Corvus Insurance expanded its relationship with Travelers, with the specialty insurer agreeing to provide capacity for Corvus products in the US.
  • Cloud security provider Barracuda partnered with cyber warranty company Cork to enable Barracuda’s MSP customers to offer specialized cyber warranty for SMBs.

• Next-gen Email Security firms pursued partnerships to expand the reach of their solutions
  • Telefónica Tech collaborated with Proofpoint to launch “Clean Email Business,” enhancing email security for medium-sized companies in Spain, addressing cyber threats and promoting compliance. Abnormal Security partnered with Smarttech247 for email protection in Europe, launching the VisionX MDR service to detect email threats using AI. 

• Notable activity in the IAM space was limited; Incode’s dual partnership stood out
  • Partnership activity in the IAM space was subdued with Incode’s two partnerships: 1) Carahsoft, to offer its identity verification services to the US public sector, and 2) Snappt, to combine its identity verification technology with Snappt’s fraud detection platform.

Notable Big Tech partnerships across Next-gen Cybersecurity during Q3

Note: Refer to Appendix 2 for full list of notable partnerships by Big Tech firms

Source: Compiled by SPEEDA Edge based on multiple sources

M&A: Cisco-Splunk mega deal dominates amid SASE consolidation; IAM sees significant activity

Analyst Take: The Cybersecurity space is no stranger to M&As, but in recent quarters, the sizes of deals have been shrinking. Cisco’s USD 28 billion all-cash deal to acquire Splunk in Q3 seems to have reversed that trend and may serve as a catalyst for more deals, as major industry names evaluate takeover offers amid falling valuations across the sector. The Splunk deal, while significant, represents a ~25% discount over its peak market capitalization three years ago. 

• Cisco’s USD 28 billion all-cash acquisition of Splunk was the highlight of the quarter 
  • The Cisco-Splunk deal is expected to close in Q3 of 2024, subject to regulatory review and other standard approvals. It is Cisco's largest cybersecurity acquisition yet. Cisco plans to leverage Splunk’s observability platform to provide enhanced, AI-powered observability across hybrid and multi-cloud environments, complementing existing capabilities.
  • The next largest deal, Thales’ acquisition of data and application security vendor Imperva from private equity firm Thoma Bravo, paled in comparison at a (still not insignificant) USD 3.6 billion. The deal is expected to close early in 2024 and help Thales expand further into the Cybersecurity space by leveraging Imperva’s large and diverse customer base, with plans to offer a global integrated identity, data, and application security portfolio.
  • Rumors were floated in August about a potential acquisition of publicly-traded SentinelOne by venture-backed startup Wiz, although this was ultimately denied by SentinelOne as part of a positive earnings announcement. BlackBerry and Rapid7 were also reportedly considering takeover offers and IronNet announced intent to delist as part of a take-private deal with C5 Capital. 

• The quarter also witnessed significant M&A activity focusing on SASE
  • Check Point acquired security service edge (SSE) company Perimeter 81 for USD 490 million and SaaS security vendor Atmosec for an undisclosed sum, as part of its strategy to deliver a leading unified SASE platform. 
  • Coro snapped up Privatise to add SASE capabilities to its all-in-one SMB security platform. 
  • Netskope acquired Kadiska to add digital experience management (DEM) to its SASE product.

• Other notable cybersecurity acquisition news during Q3 2023 includes:
  • Reports of Palo Alto Networks being in talks to acquire Talon Cyber and Dig Security for a reported USD 600 million–700 million and USD 300 million–400 million, respectively; CrowdStrike agreeing to acquire Bionic for ~USD 350 million; Rubrik’s USD 250 million acquisition of Laminar; and Honeywell’s acquisition of OT security firm SCADAfence.

• Cyber insurance M&A also showed a drive to expand product expertise and coverage 
  • Coalition acquired privacy assistant app Jumbo in what is reportedly an acqui-hire deal and Safe Security acquired RiskLens, developer of the FAIR risk quantification standard, to integrate FAIR into its cyber risk platform.

• Consolidation of products was a goal evident in IAM as well
  • Tenable signed an agreement to acquire startup Ermetic for USD 265 million to integrate the latter’s identity-focused cloud security solutions into its Tenable One exposure management platform. Other examples include Thoma Bravo closing its USD 2.3 billion acquisition of ForgeRock and subsequently merging the company with Ping Identity and SailPoint’s USD 8.3 million acquisition of Osirium.
  • Cisco also acquired identity threat detection and response startup Oort for an undisclosed sum to enhance its IAM and XDR products. Q3 brings Cisco’s count of security-related acquisitions to five in 2023 so far.

Trend in M&A activity during 2023

Appendices

1. Notable initiatives under the National Cybersecurity Strategy Implementation Plan

2. Notable Big Tech partnerships across Cybersecurity

3. Startups that raised funding for the first time in Q3