Cybersecurity startups had been pretty resilient despite the downturn in venture capital funding, but that run has ended in recent months.
Venture investments in cybersecurity startups in the second quarter plunged 63% to $1.6 billion, according to data from Crunchbase. Funding was down 40% sequentially from the first quarter, and was the lowest since the fourth quarter of 2019. Funding in the first half of 2023 was down 60% from a year earlier.
The number of $100 million funding rounds has fallen by 67% so far this year, from 33 to 11. Just five of those deals came in the second quarter: Blackpoint Cyber, ID.me, Cyera, Cybereason, and Eagle Eye Networks, and the highest was Blackpoint’s $190 million Series C round. Gone were the eye-popping deals that still appeared in the first quarter, like SandboxAQ’s $500 million funding round, Netskope’s $401 million convertible note deal, and Wiz’s $300 million funding round.
In this new tough funding environment, founders are looking for ways to cut costs and slow cash burn, and some startups may have little choice but to shut down operations.
“The macroeconomic headwinds, the interest rate hikes, the persistent inflation as well as the collapse of several tech banks has definitely slowed down the pace of the cybersecurity investments since 2022,” said Umesh Padval, who is a venture partner at Thomvest Ventures. “Venture capital funds are focused on their current portfolio companies, which are affected by the slowdown in spending among their customers, and thus are investing less in new deals.”
Featured Cybersecurity Software
See the Top Cybersecurity Startups
What It Takes To Win in the Current VC Market
Venture investors like to say they focus on the long-term, but they tend to turn cautious when markets fall. This time is no different.
But for those venture investors that are willing to take a contrarian approach, there are certainly interesting opportunities, especially as valuations have become more reasonable. “Several great companies have been formed during downturns such as Zscaler, Palo Alto Networks, Fortinet, and Cylance,” said Padval.
Here are some of the factors that venture investors are looking for in the current market.
Generative AI can help make cybersecurity systems more user-friendly because of the natural language prompts. Generative AI technology can also be useful in detecting and warding off attacks.
“From what I’ve seen, these deals fall into three buckets,” said Seth Spergel, managing partner at Merlin Ventures. “First, there are those that really don’t have a good use case for it, and are just trying to shoehorn it into their presentations to impress VCs. Next, there are deals that are using it in a valid way but the technology doesn’t materially change the value of their product. And finally, there are those that are able to build entirely new types of solutions by leveraging gen AI’s capabilities. The third type are the ones that are attracting the most interest right now.
“I’m not particularly excited about systems that use gen AI to just summarize findings in a slightly more user-friendly way,” Spergel added. “But tools that can extract insight from entirely new data sources and replace manual processes in ways that could not be done at scale before are very interesting.”
Be Better Than Competitors
There are many point solutions. But customers are looking to consolidate their IT environments. This is why a startup must have a differentiated product.
“Is your product 10x better than your competitors?” asked Deepak Jeevankumar, a managing director at Dell Technologies Capital. “How can you adjust your product roadmap to ensure you are solidifying your position as a critical component of your customers’ cybersecurity stack? These are the questions founders should ask themselves and the areas they should invest in to survive the current market.”
With less funding to go around, focusing on overlooked markets can be easier. There is not as much competition for certain categories. But there also needs to be serious pain points to address.
“We are looking at the impact of generative AI on the cybersecurity industry, the intersection of development and security, and enhancing cybersecurity in underserved geographies and SMBs/mid-market companies,” said Jeevankumar.
Cybersecurity Startups Getting Funded
Here are four cybersecurity startups that have managed to get funding in this tough environment.
Funding Date: July 2023
Amount: $35 million
Before founding Protect AI in 2022, Ian Swanson and Daryan Dehghanpisheh worked on massive data science systems at AWS and Oracle.
“We recognized very clearly that even the most sophisticated adopters, deployers and builders of artificial intelligence applications and machine learning systems had major security vulnerabilities that were not being addressed by the existing security ecosystem, or the existing ML and MLOps vendors,” said Dehghanpisheh.
In one case, he and Swanson saw how a data breach on a machine learning system negatively impacted three customers in the same vertical market. With some investigation, they realized how existing policies did not address or have the ability to detect the problem.
They then looked for solutions to help out but there were none on the market. “That was our ‘aha’ moment,” said Dehghanpisheh. “We knew these risks and vulnerabilities were real, and that we needed to move beyond MLOps and include security, which led us to ML Security Operations or MLSecOps.”
Protect AI’s platform is called AI Radar, which is for AI developers, ML engineers and application security (AppSec) professionals. The technology allows for identifying and remediating security risks – such as data leaks and model poisoning – for ML pipelines.
Given the strong interest in AI, Protect AI had a fairly smooth funding process. “We had a lot of venture capital companies knocking on our door, so we were in a position to make the choice of who we wanted to work with,” said Swanson.
Funding Date: July 2023
Amount: $30 million
SAVVY addresses the growing enterprise security challenges with the adoption of SaaS applications. The system can intervene with the user at the moment when there is a risky action – and recommend a safer alternative.
“This innovative approach resonated with investors who recognized the importance of addressing the ever-present ‘human’ attack surface and protecting enterprises across browsers and work apps like Slack and Teams,” said Guy Guzner, who is the CEO and cofounder of SAVVY.
He is a second-time entrepreneur, which has helped him build and scale SAVVY.
As for the funding process, his experience was critical, and he was able to leverage his strong network.
“However, it didn’t mean any shortcuts or compromises in evaluating our business,” Guzner said. “We had to thoroughly demonstrate the value and the potential of our Workforce Security Automation platform. It was a methodical process, where VCs carefully evaluated our company through consensus at partner investment committees. It was evident they were keen to select the most promising investments and pick true market winners. This level of scrutiny and consideration was a departure from the FOMO-driven rush we experienced in our earlier SAVVY seed funding round, which was largely reflective of business in general at the time.”
Funding Date: July 2023
Amount: $3.3 million
Anand Prakash is one of the world’s highest-ranked white-hat hackers. Over the years, he has detected serious vulnerabilities in systems from companies like Twitter, Meta and Uber.
“While doing bug bounties, I was constantly discovering different sets of exploitable bugs in companies’ cloud environments, even without access to their cloud infrastructure,” said Prakash. “This proved that the traditional cloud security tools deployed by such organizations weren’t working – and weren’t giving them visibility into the real threats. To protect themselves, organizations need something that thinks from the attacker perspective and shares top actionable items right away. That’s why we built PingSafe.”
At the heart of the company is a sophisticated cloud-native application protection platform (CNAPP). It addresses many threats at high speed and scale.
“I think we stood out because of our product and strong growth in the past year,” said Prakash. “We grew more than 10x and quadrupled our customer base, which includes top brands like Flipkart, Razorpay, and Near Intelligence. Our ‘attacker intelligence’ is also a strong differentiator in our category, and we were constantly winning deals against some of the larger incumbents.”
Funding Date: June 2023
Amount: $2.7 million
When the California Consumer Privacy Act (CCPA) began implementation in 2020, Aaron Mendes and Justin Wright realized that it would be hard for consumers to know where all their personal data would be located. It would make it difficult for them to exercise their privacy rights.
This wound up being the inspiration for PrivacyHawk. The company has built a system that makes it easy for anyone to protect their personal data.
Yet the funding process was far from easy. “It required a lot of networking, hustling, and hundreds of pitches. It requires unwavering optimism and perseverance,” said Mendes, who is the CEO of PrivacyHawk. “You have to have thick skin because no matter who you are and what you’re pitching, most investors say no to 99% of their opportunities.”
See the Top Cybersecurity Companies
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.