💰 Security, Funded #116 - Breaches, Budgets, and Bottom-lines: Cyber's Rollercoaster Ride!

Hey there,

Happy Monday, and I hope you had a great weekend. In this week’s issue, we’ve got:

• 📈 Tapering off in funding volume

• 🛍️ Slowest week for acquisitions in 2023

• 🤔 High switching cost and Okta’s 12% haircut

• 💰️ 15 companies raised funding, 1 company acquired

I’m sure you already know about the latest Okta breach from last week, and as a result, their stock dropped nearly 12% after hours.

I don’t normally cover this side of our industry with so many other great resources covering it better than I could, but when there are stock implications, I think it makes sense to weigh in.

This series of breaches at Okta is especially troubling because a platform like Okta isn't just another cybersecurity tool; it’s an essential business function of modern corporations. A breach at a point of trust like this can have far-reaching implications that go beyond a conventional cybersecurity incident.

Given Okta’s upcoming November 30th earnings call and a recent poll in this newsletter showing that companies rarely switch vendors post-breach, it’s plausible that this dip is a short-term phenomenon. The real key here is the lack of viable market alternatives and the high switching costs, making Okta a likely candidate for recovery despite what it does or does not do.

The company’s future—both in terms of customer trust and share price—will hinge on how effectively it can pivot towards heightened security and transparency up to this next call. This upcoming earnings call could serve as the inflection point that either reinstates market and customer confidence or exacerbates existing concerns.

Onward to this week's issue.

Last week’s poll:

Vibe Check - CISOs
Where are you spending most of your cyber budget? Think about not just software costs but the people and services that support each.

Network / Cloud and Logging / SIEM led last week’s poll, with Access & IAM things coming in 3rd. I had personally expected Logging / SIEM to be the biggest bucket today. Still, many said they were buying more things through the Cloud Service Providers (CSPs), which could account for some of the upward trajectory in Network / Cloud spending. Any way you shake it, these big three areas dominate most cyber budgets today.

📅 YTD Funding

A rolling 12-week chart to compare funding and acquisitions each week between 2022 and 2023.

Funding volume and transactions have tapered off a bit over the last four weeks. This timeframe in 2022 was a bit of a mixed bag, with some huge transactions and uncommonly low weeks.

It was a very slow week for acquisitions last week and actually the lowest volume in all of 2023. It is also possible that some transactions are waiting to be announced at a later date for better PR timing, a game that is often played in our industry.

💰 Funding Summary

• 15 companies raised $252.8M across 12 unique product categories

• 1 company was acquired or had a merger event across 1 unique product category

🧩 Funding By Product Category

• $80.0M for Passwordless Authentication across 1 deal

• $56.5M for Anti-Bot across 3 deals

• $55.0M for Fraud and Financial Crime Protection across 2 deals

• $20.0M for Secure Collaboration and Messaging across 1 deal

• $15.0M for Trust & Safety across 1 deal

• $7.0M for Artificial Intelligence (AI) Privacy Assurance across 1 deal

• $6.5M for Professional Services across 1 deal

• $3.5M for Security and Compliance Automation across 1 deal

• $3.0M for SaaS Security Posture Management (SSPM) across 1 deal

• $3.0M for Identity Verification across 1 deal

• $3.0M for Data Protection across 1 deal

• $280.2K for Threat Intelligence across 1 deal

🏢 Funding By Company

• SecureW2, a United States-based passwordless authentication platform, raised a $80.0M Private Equity Round from Insight Partners. (more)

• Prove Identity (formerly Payfone), a United States-based identity verification and fraud detection platform, raised a $40.0M Venture Round from Capital One Ventures and MassMutual Ventures. (more)

• Fingerprint, a United States-based bot detection and device identity platform, raised a $33.0M Series C from Nexus Venture Partners. (more)

• Workstorm, a United States-based secure collaboration and messaging platform, raised a $20.0M Series A from Author Capital Partners. (more)

• Darwinium, a United States-based bot-detection and abuse prevention platform, raised an $18.0M Series A from U.S. Venture Partners. (more)

• Reality Defender, a United States-based AI deepfake media and content detection platform for media networks, raised a $15.0M Series A from DCVC. (more)

• Spec, a United States-based fraud and financial crimes protection platform, raised a $15.0M Series A from SignalFire. (more)

• Harmonic Security, a United States-based platform to discover and control the usage of GenAI platforms and sensitive data in training models, raised a $7.0M Seed from Ten Eleven Ventures. (more)

• Two Six Technologies, a United States-based professional services firm focused on national security and cyber defense, raised a $6.5M Venture Round. (more)

• Netacea, a United Kingdom-based anti-bot platform to protect websites and APIs from automated threats, raised a $5.5M Venture Round from Mercia Asset Management PLC. (more)

• Compliance Risk, a United States-based security and compliance automation platform, raised a $3.5M Seed from Bellini Capital. (more)

• Anonybit, a United States-based decentralized biometric identification platform, raised a $3.0M Seed from JAM FINTOP. (more)

• CipherStash, an Australia-based sensitive data discovery, data searching, and data encryption platform, raised a $3.0M Seed from Skip Capital. (more)

• Zygon, a France-based SaaS security posture management (SSPM) platform, raised a $3.0M Seed from Axeleo Capital. (more)

• Crossword Cybersecurity, a United States-based cyber threat intelligence and research group, raised a $280.2K Convertible Note. (more)

🌎 Funding By Country

• $241.3M for United States across 12 deals

• $5.5M for United Kingdom across 1 deal

• $3.0M for France across 1 deal

• $3.0M for Australia across 1 deal

🤝 Mergers & Acquisitions

• Specialized Technical Services, a Jordan-based professional services firm focused on digital transformation and cybersecurity consulting, was acquired by ZainTech for an undisclosed amount. (more).

📚 Great Reads

• How the End of Free Money Changes Sales Strategy in Cybersecurity - I got the opportunity to be on the Bare Knuckles & Brass Tacks podcast to share my thoughts about how the end of zero interest rates has fundamentally changed sales strategy for cybersecurity companies (also on Apple Podcasts).

• Leading Cybersecurity with a Control vs. Resilience Strategy - Kelly Shortidge reviews two contrasting approaches to cybersecurity, the control strategy and the resilience strategy, and considers human limitations and behaviors of security programs.

• *How to Create Your Trust Center Strategy - SafeBase is the only enterprise-ready Trust Center that reduces the security questionnaire burden and creates a review process that buyers love. Explore how LinkedIn, Asana, Jamf, and Synk create their Trust Center Strategy and position security programs as a strategic advantage.

• How to Exit Nano - The ultimate guide on exiting Nano, just in case you ever find a system where the ultimate text editor (vim) isn't installed, and you have to use the inferior Nano.

_{*Sponsored content and/or affiliate link.}

🧪 Labs

🎶 Hi, it’s me. I’m the [vulnerability], it’s me. 🎵