The past year saw record levels of cyber risk as attackers grew more sophisticated, they crossed lines from digital to physical and geopolitical tensions rose. The total impact of these attacks is expected to cost organizations $8 trillion globally in 2023 and grow to $10.5 trillion by 2025. At the same time, 2022 brought with it a new global economic slowdown that impacted companies and individuals around the world. Companies were forced to make cutbacks in spending and headcount and individuals faced rising costs for consumer goods.

Together, these two forces both increased the need for cybersecurity technologies and accelerated economic cutbacks - creating a unique dynamic for the cyber sector in 2022. The result was a combination of continued investment and mega acquisition deals in cybersecurity, alongside an overall dramatic drop off in funding and M&A in the second half of the year, according to new data from Momentum Cyber, the industry’s premier trusted advisor to the cybersecurity industry, in its 2023 Cybersecurity Almanac.

While the drop off in 2H demonstrated the impacts of the economy taking root in the cybersecurity sector, it overall has remained resilient when compared to other sectors of technology. For instance, 66% of CISOs surveyed recently said they increased cybersecurity budgets in 2022, with the same percentage saying they planned to also increase budgets in 2023.

“We live at a seminal time in cybersecurity history, with risk rising to levels greater than we have ever seen, while at the same time many businesses are unfortunately being forced to do more with less amidst a global economic slowdown. While cybersecurity venture investment slowed in the second half of the year, continued budget increases from security teams and ongoing cybersecurity and geopolitical risk gives us optimism about the long-term future of this industry. It’s times like these where true leaders stand apart from the rest and historically some of greatest and most impactful innovation can occur, a dynamic that stands to positively reshape our industry for many years to come,” said Dave DeWalt, Executive Chairman at Momentum Cyber and Founder, NightDragon.

“Despite a drop in total VC funding compared to 2021, meaningful investments and over-the-horizon innovations in emerging cyber sectors are still taking place for those who know where to look. 2022 also saw lots of inside rounds, with VCs giving portfolio companies more runway to hit growth targets. Those companies that hit their goals and can show clear ROI backed by hard numbers will thrive in 2023 with new investments and stepped-up valuations. Year after year regardless of macro conditions, cyber remains one of the most innovative markets in the world,” said Bob Ackerman, Founder and Managing Director, AllegisCyber Capital. 

Momentum Cyber’s annual report is the industry-leading report on the state of cybersecurity funding and deal activity. Here are some takeaways from Momentum’s report on 2022:

Mega Deals Drive Record M&A Levels

2022 saw some of the biggest acquisition deals in cybersecurity history, ones that will inevitably re-shape the industry for many years to come. In total, there was a record-breaking $119.8B in M&A in 2022, up 48% year over year from $80.9B the previous year, with 263 total deals throughout the year.

Multiple mega acquisition deals drove funding from what otherwise would have been a down year for M&A to instead far exceed previous years. Mega deals and acquisitions of public companies accounted for $103.2B of the total M&A in 2022, including the landmark $69.2B acquisition of VMware by Broadcom. 13 total deals in 2022 were valued greater than $1B, including Sailpoint ($6.9B), Datto ($6.2B), Micro Focus ($5.7B), Mandiant ($5.3B), KnowBe4 ($4.3B), Barracuda ($4.0B), Ping Identity ($2.8B) and Veracode ($2.5B).

Private Equity Interest in Cyber Grows 

Private equity continued to show increasing interest in the cybersecurity sector in 2022, with firms such as Advent International, KKR, Thoma Bravo, Vista Equity Partners, TA Associates and more conducting a total 110 deals in the cybersecurity sector throughout the year. In total, private equity deals accounted for 42% of total deal activity throughout the year.

Examples of larger private equity deals included the $6.9B acquisition of Sailpoint by Thoma Bravo, the $4.3B acquisition of KnowBe4 by Vista Equity Partners, the $4.0B acquisition of Barracuda by KKR, the $2.8B acquisition of Ping Identity by Vista Equity Partners and the $2.5B acquisition of Veracode by TA Associates.

“A decade ago, private equity made up around 10% of cybersecurity deals.  Today that number has grown to almost 50%. When you have an industry that has consistent double digit growth, as far as cybersecurity spend year-over-year, it’s an area that is going to attract capital,” said Dino Boukouris, Founder and Managing Director, Momentum Cyber.

VC Funding Drops Off Sharply in 2H 

Total VC financing in 2022 totalled $18.5B, which represented a 39% decline from the record-breaking $30.4B invested in 2021 but a 49% increase from the $12.4B spent in 2020. In total, 2022 represented the second most significant year of cyber financing behind 2021. There were 53 financings greater than $100M throughout the year, with the average round raised sitting at $24.1M. Top categories for VC investment included data security, identity and access management, risk and compliance, network and infrastructure security and security operations/threat intelligence.

That said, VC funding did show impacts from our current economic situation. Financing in 2022 was strong in Q1 and Q2, with $6.4B and $5.7B respectively, but saw a significant slow down in the second half of the year as the economy slowed, with $3.0B invested in Q3 and $3.5B invested in Q4.

Public Markets in Cyber Decline in 2022 

Public markets in cyber declined throughout the year in line with the overall market. High growth cyber companies declined 42.4%, low growth cyber declined 5.5% and the HACK index declined 28.1%.

Cybersecurity Services Evolve & Accelerate 

Increasing demand for cybersecurity services resulted in the sector becoming the most active sector for M&A in 2022 with 46 deals for MSSP companies alone (around 17% of all deals throughout the year by deal count). In total there have been more than 400 transactions in cybersecurity services since 2016 - 234 more transactions than identity and access management, the next highest sector during this period.

Drivers of this M&A include the increased productization of professional services, a desire for strategic buyers to round out service offerings and increase market share, private equity rollups, and a market shift towards services enabled by and scaled with technology (making cybersecurity services businesses appealing to investors and potential acquirers).

For a more thorough analysis of the state of cybersecurity services in 2022 and the impact of M&A in the sector, check out this special report by Momentum Cyber.

What We’re Watching Going Forward

While the current economic situation has slowed the record-breaking pace of cybersecurity funding of the past year, the need for the technology remains stronger than ever as the risk landscapes continue to grow more sophisticated and diverse every day. What’s more, these threats are driving the incorporation of cybersecurity into a broad set of ancillary markets, including physical, industrial, supply chain, blockchain, cloud, and more. The result is a broader and more essential industry than ever before.

“I expect to see an increase in overall M&A activity, but at lower valuations than what we saw in 2022. There is also a record high amount of dry powder ($300B+ for US VC's alone as of summer 2022) that needs to be deployed for VCs to make their LPs happy (read: money).  Additionally, ybersecurity spending and budgets continue to rise somewhere in the neighborhood of 7-10%, even in the midst of the recession. As such, given the underlying strength of the industry, coupled with an accelerating amount of dry powder, I also expect to see much stronger investment activity next year as this capital is deployed,” concluded Boukouris.