While most would probably prefer that the cyber threat landscape not be as big or active as it has become in recent years, there are always winners in private industry in every set of adverse circumstances. In this case, it’s the cybersecurity market. Venture capital flocked to cybersecurity startups in 2021, leading to a record $29.5 billion raised (more than double the amount seen in 2020).
Over 1,000 deals were struck in total, with 84 of them exceeding $100 million. 30 of these startups cleared the $1 billion valuation threshold to earn the title of “unicorn.”
Hot cybersecurity market fueled by pandemic threat growth, tech innovations
San-Francisco based Momentum Cyber, a leading financial advisory firm in the cybersecurity market, has collected and published these “snapshot” overviews of relevant venture capital activity (examining the activity of over 3500 global companies) since 2016.
In addition to the overall $29 billion raised in 2021 (something that shattered all previous annual records), the cybersecurity market saw $77.5 billion in total mergers and acquisitions (M&A) activity. The most active M&A sector was security consulting, with 50 total deals on the year. There were 286 M&A deals, with a median disclosed deal value of $119 million. The largest of these deals were McAfee’s acquisition by an investor consortium for $14.1 billion, ThomaBravo’s acquisition of ProofPoint for $12.3 billion, and Norton Lifelock’s acquisition of Avast for $8 billion. Several other deals cracked the billion dollar mark, including STG’s acquisitions of both McAfee Enterprise Business ($4 billion) and FireEye’s product division ($1.2 billion).
Turning to financing, there were 1,042 deals with risk and compliance being the most active sector (170 raises). There were 82 capital raises of over $100 million including $1.3 billion for cloud security firm Lacework, $605 million for cloud applications platform Snyk, and $550 million for AWS- and Azure-focused Orca Security. In total, 130 deals that involved private equity firms were completed in 2021.
Lacework and Orca were also among the 30 new unicorns for the year. The average revenue multiples were up greatly from 2020, shooting all the way from 7.1x then to 28.2x last year. And several companies that debuted IPOs in 2021 surged in stock price immediately afterward: AI security firm Darktrace (65%), endpoint security platform SentinelOne (44%) and security training platform KnowBe4 (43%). One notable exception to this trend was payment security firm Riskified, which plunged 65% in value in the second half of 2021.
Some blips such as Riskified aside, cybersecurity market stocks in general had a great year in 2021. Leading the pack in growth was enterprise security firm Fortinet, which grew by 147% in value. Other big winners in this area were Zscaler, Palo Alto Networks, McAfee and Mimecast.
Venture capital bets big on cybersecurity
While the dollar amounts laid down in M&A deals nearly quadrupled from what was spent in 2020, the proportional increase of financing activity was much greater than overall M&A activity on the year. Venture capital activity increased among just about all subsectors of the cybersecurity market, but there were particularly big jumps in a few specific categories: risk and compliance, data security, application security and endpoint security.
So what spurred all of this interest from venture capital? The most obvious answer is one of the correct ones; the general spike in cyber crime drove interest in defense and tools all across the cybersecurity market, particularly given the cluster of highly publicized attacks and vulnerabilities in 2021 that became household topics even for people with no interest in tech matters (JBS, Colonial Pipeline, Kasera, NSO Group).
Another driver is the massive shift to remote work prompted by the pandemic, something that also fed into the cyber crime wave. Momentum Cyber projects that this trend continues, but with an increasing focus on blockchain technologies as a source of security. “Zero trust” is also poised to break out as a standard approach. The threat landscape is also projected to grow and get worse in 2022, something that would feed the trends of the past two years.
The most obvious factors are not the only ones, however. For example, cyber security is increasingly a topic brought to company boardrooms due to the potential costs of lapses. Innovation in private companies also contributed heavily to venture capital interest in the industry. The number of years some of the new unicorns have been in business can be counted on one hand.
Momentum managing direction Dave DeWalt referred to this period as the “golden age of cyber,” and given the numbers it’s hard to argue with that assessment. However, he also cautioned that this wave will not last forever. DeWalt said to look for oversaturation in the cybersecurity market to begin chipping away at venture capital interest in 2022, along with high-profile startup bankruptcies and a change in priorities coming in 2023.