As the stock market dropped more than 20% in 2022 and prices rise at the pump and grocery store, there are some markets that have shown their ability to weather the storm and retain strong demand and growth even amongst broader market turmoil. One example of this: the cybersecurity market.
In the first half of 2022, the cybersecurity industry saw venture capital funding continue to pour into the space, according to Momentum Cyber’s Market Review for 1H 2022. While it may not have reached the record-setting levels of 2021, venture capital funding was steadily on par with the first half of last year. Additionally, while IPOs have not re-emerged and revenue multiples have declined for public companies, M&A overall remained strong, showing the continued demand for cybersecurity as a strategic business target.
“Cyber threats around the world continue to escalate and drive continued innovation and investment in the cybersecurity space. While public markets may be down on the whole, businesses continue to prioritize spending on cybersecurity, making it an area that continues to provide significant opportunity for investors and strategic buyers,” said Dave DeWalt, Managing Director, NightDragon.
“Our firm has helped hundreds of startups navigate several downturns over the last 27+ years. These ‘reset events’ consolidate crowded markets and inevitably lead to the most impactful innovations within the startup world. As today’s economy slows down, cyber attackers are speeding up. That’s why cyber budgets remain high and how the cyber market continues to outpace other IT sectors. The next 24 months remain an opportunity to invest in early stage cyber startups, from both a pricing and technical innovation standpoint,” said Spencer Tall, Managing Director, AllegisCyber Capital.
These trends are tracked by NightDragon and AllegisCyber sister company Momentum Cyber, the industry’s first investment bank focused exclusively on cybersecurity, in its Cybersecurity Market Review for 1H 2022. This annual report is the industry-leading report on the state of cybersecurity funding and deal activity. Here are some takeaways from Momentum’s report on the first half of 2022:
VC Funding Remains Strong in Cyber
While public markets have slowed down considerably this year, cybersecurity has remained relatively active especially from a venture capital financing perspective. In the first half of 2022, there was an incredible $12.5 billion in venture capital invested across 531 deals. This is comparable to the first half of 2021, which saw $12.6 billion in funding and was by all counts a record year for cybersecurity investment. In fact, Q1 and Q2 in 2022 still ranked as the 3rd and 6th highest quarters of all-time for financing volume, only sitting behind the record-setting pace in 2021.
The most active sector for VC funding this half was Risk & Compliance, which saw the greatest number of deals by a wide margin (105). Other categories that saw significant activity included data security (85), identity and access management (54), network and infrastructure security (44), application security (42) and SecOps/IR/threat intelligence (40). Of the deals tracked, 37 raised more than $100 million and 14+ were put in the unicorn category, including Abnormal, Beyond Identity, JupiterOne, Material Security, Nord Security, Perimeter 81, Sonar, Teleport, and others.
While the overall numbers were encouraging, Momentum Cyber did track that deal count did slow down slightly towards the latter half of Q2 2022 as the market continued to slow. This could portend a future slowdown to come, or be a lull before an additional wave of funding as companies need cash to continue operations through 2022 and beyond.
Cyber IPOs Still MIA
We continue to experience the longest IPO drought in cybersecurity history, with no new cyber IPOs in 2022 so far this year. It’s not for lack of cybersecurity companies of the right size and maturity waiting in the wings, but struggling markets have made it less appealing for companies to abandon private markets and take that next step towards an IPO. Still, many strong IPO candidates remain and there is a large pipeline of vendors who may IPO in late 2022 or early 2023.
M&A Remains Strong Alongside Mega Deals
The first half of 2022 saw some of the biggest acquisition deals in cybersecurity history, both from a financing size perspective and from their significance. The largest of those deals was Broadcom’s $69.2B acquisition of VMware, which accounted for a large portion of total M&A in the half. However, there were also seven more deals valued at more than $1B in the first half of 2022, including WatchGuard ($1.5B), Barracuda ($4B), Datto ($6.2B), Sailpoint ($6.9B), Mandiant ($5.3B) and others.
However, even with these mega deals aside, M&A in cyber remained strong on the whole. Excluding the VMware-Broadcom deal, there was $33.4B in M&A in cyber in 1H 2022, which is only a small tick down from the $39.4B in M&A in the same period last year. The most active sectors during the first half included managed security services, identity and access management, risk and compliance, network and infrastructure security and security consulting.
Private Equity Interest in Cyber Remains High
As we have seen in previous quarters, private equity interest in cybersecurity continued to remain strong in Q1 and Q2 of 2022. Some of the biggest deals in the quarter include private equity, including Thoma Bravo’s acquisition of SailPoint, KKR’s acquisition of Barracuda, and TA Associates’ acquisition of Veracode. In total, there were 56 acquisitions by private equity in 1H 2022.
What We’re Watching Going Forward
The cybersecurity challenge isn’t likely to slow down any time soon, thanks to factors such as ongoing geopolitical conflict, heightened government involvement, increasingly distributed workforces and accelerating digital transformation. While not exclusive to 2022, these factors have been amplified by a number of events, further cementing the importance of security in the current environment. Given these trends, the need for innovation in cybersecurity defenses is only increasing. Momentum Cyber calls out identity and access management, risk & compliance, attack surface management, blockchain and ICS + OT as categories to watch going forward. Additionally, the ever-increasing role of cybersecurity services will be a space to watch as managed security services continue to grow as a sector and organizations everywhere look for support in devising and implementing their security strategies.
“The first half of 2022 was a tale of two quarters. Strategic activity in the first quarter reached an all-time high with a very sharp decline in the second quarter," said Eric McAlpine, Co-Founder and Managing Partner at Momentum Cyber. "Acquirors and investors have taken a much more cautious approach to deals recently including a heavy favoritism to profitability - or a path to it - over growth at all costs. A paradigm shift we haven't seen broadly since the financial crisis over a decade ago. Still, the cybersecurity industry remains very healthy and in 'growth mode' and therefore strategic activity will most certainly pick back up.”
Read the full 1H 2022 report here.