The Current Market For Cyber Security Founders & Investors

The news that cyber security financing slowed down slightly in the first half of 2022 and continued to slide in Q3 has had some commentators questioning whether valuations have peaked, particularly when it comes at a time of economic slowdown.

Certainly, if it was another part of technology, this perspective might be valid. Yet it is worth considering the demand side: put bluntly, the need for sophisticated, effective cyber defenses isn’t going away. Digital transformation continues to accelerate, and with that comes an expansion of risk. The more online companies are, the more their operations are targets for bad actors. 

Add to this the increasing professionalism and expertise of attackers, many of whom are backed by or directly employed by nation-states, and it is unsurprising when data from PwC reports that more than 50% of organisations expect a surge in reportable incidents above 2021 levels.  

Cybersecurity Is Still A Priority

Norges Bank Investment Management, the world’s largest sovereign fund, appears to agree with the sentiment: its Chief Executive Officer recently told the Financial Times that cyber security has eclipsed tumultuous financial markets as its biggest concern, as it faces an average of three “serious” cyber attacks each day and they are becoming “increasingly sophisticated”. 

As such, cyber security remains the undisputed spending priority for businesses and public sector organisations, with 69% of respondents to PwC’s survey predicting a rise in cyber spending this year. 

In addition, Microsoft, Google, and IBM all recently announced major investment plans in the sector, all of which will contribute to driving demand for tools, solutions, and support services (such as training and certification). 
Technology valuations have taken a hit in the last few months, and we’re entering a time when companies are going to be prioritising certain investments. Some tech sectors are going to struggle to not be seen as luxuries, or at least nice-to-haves, whereas others are firmly embedded in decision-makers’ conscious as necessities. Cyber security is very definitely one of the latter, which gives those operating in the space an advantage.

The Attraction Of An Evolving Sector

Plus, there is the fact that the sector is constantly evolving, one of its most fascinating aspects and one that makes it extremely attractive to investors. Even as companies acquire new tools, vendors are having to come up with updates, devise new solutions for emerging issues, and try to stay ahead of the latest threats. Granted, there are some areas, such as managed services, end-point security, and messaging security that are crowded and dominated by established players, but newer segments offer more to investors focusing on cyber. These include External Attack Surface Management (EASM), Secure Access Service Edge (SASE), Digital Risk Protection (DRP), Network Detection and Response (NDR), and Continuous Controls Monitoring (CCM). 

Of course, that doesn’t mean a SASE start-up, for instance, should expect the funding to just roll in. The basic principles of being investable still apply. Having differentiated intellectual property and a solid growth profile, coupled with a management team with the right mix of experience, energy, and vision, are all critical. 

Financing is going to be more subdued for some time. There is significant volatility in capital markets, which puts pressure on both private and public valuations, shackles initial public offerings and makes funding rounds harder and more drawn out. 

A Fragmented Market

At the same time, the market remains fragmented. As such, there are a number of mergers and acquisitions taking place involving both strategic buyers and financial sponsors, with further consolidation expected.  

YTD Q3-2022, $16.5 bn has been invested across 799 cyber security financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth . This included eight worth more than $1 billion, with Google’s $5.3 billion acquisition of Mandiant, Broadcom’s $69.2 billion purchase of VMware, and Thoma Bravo’s $6.9 billion deal for SailPoint among the most notable. More recently, Thoma Bravo’s  $2.3 billion move for ForgeRock and Vista Equity spending $4.6 billion on KnowBe4 (less than two years after the latter’s initial public officering) illustrate the continued strength of M&A in the sector. 

The Implications For Founders & Investors

This all has implications for both start-ups and their investors.  For the former, there is an opportunity to adjust business plans and focus on sustainable growth while exploring ways to extend their runway to preserve cash until market conditions improve. At the same time, they need to maintain the strength of their IP and continue to invest in research and development. This means they need to strike a balance between maintaining cash levels and enhancing their proprietary offerings. 

Investors need to readjust their expectations and look at how they can support their portfolios to maintain that balance between protecting cash and continuing R&D.

Depending on the start-up’s management team, this may be the first economic downturn they’ve experienced whether professionally or as founders. As such, investors should bring to bear their own experiences to advise and support their portfolio teams. In doing so, they can not only ensure that start-ups are well placed to capitalise on economic improvements but will help boost valuations when funding and IPO markets start to reopen. 

Strong IP & Clear Growth Lead To Opportunities

Companies are going to continue to need cyber security. In certain areas, competition is tough, but in emerging segments, there are still opportunities for both start-ups and investors to identify opportunities.

The dip in financing is to be expected in the current macroeconomic environment, but with strong IP, clear sustainable growth potential, and a large defined addressable market, start-ups can and will continue to prosper. As they do, we as investors need to fulfill our roles as advisors to founders and ensure our portfolio companies are approaching the slowdown in the right manner. 

Damien Henault is Partner at TempoCap 

You Might Also Read:

The Cyber Security Investment Boom Continues:

 

« The Role Of Policies In Driving ‘Secured Productivity’
Chinese Hackers Steal $20m US Covid Relief Benefits »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cloud Credential Council (CCC)

Cloud Credential Council (CCC)

The CCC is a leading provider of vendor-neutral certification programs that empower IT and business professionals in their digital transformation journey.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Micro Focus

Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver trusted and proven mission-critical software that keeps the digital world running.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Acutec

Acutec

Acutec is an award winning IT support, services and solutions provider including managed IT Security and backup/disaster recovery.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Karate Labs

Karate Labs

Karate is an open-source unified test automation platform combining API testing, API performance testing, API mocks & UI testing.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.