Investment May Be Down, but Cybersecurity Remains a Hot Sector

There's still a great deal of capital available for innovative companies helping businesses secure their IT environments.

Dave DeWalt, Founder & CEO, NightDragon

May 31, 2023

3 Min Read
a concept image of a blue and white dollar sign over a blurred out background of graphs and charts
Source: Deepagopi2011 via Adobe Stock Photo

Despite a more cautious approach to financing, investors continue to scour the country for the next generation of cybersecurity startups that can aid enterprises in the never-ending quest to safeguard critical IT systems.  

Yes, the topline number may be bad: Investment in security companies fell nearly 40% in 2022, to $18.5 billion, according to a recent report from Momentum Cyber, a financial advisory firm where I serve as chairman. But despite the decline, it is still well above pre-pandemic totals. And with a vast market opportunity ahead, the funding environment is expected to remain strong while other areas of tech slow down.

In fact, in the past two years alone, investors have poured nearly $50 billion into the cybersecurity industry, per Momentum Cyber's report, while mergers and acquisitions (M&A) activity continued at a record pace. Meanwhile, the industry's new hyperfocus on AI and the advancements the technology will support should only amplify investor interest. However, it's clear there are shifting priorities founders need to be aware of.

As the cadence of attacks accelerates, investors are flocking to vendors providing tools that can help enterprises verify employee and machine identity to secure access to their systems. With the growing number of new regulations, they're also now more interested in security vendors that help companies manage both risk and compliance. And as cybersecurity teams become larger and more central to the business, more financiers are backing providers building tools that better connect the division with IT.  

While the investor capital may not be as free-flowing as the past several years, cybersecurity remains a promising and high-growth sector. It has to because attacks aren't stopping. Still, there are new considerations that founders must take into account when fundraising. And the current cycle may require them to look beyond the traditional investment hubs. 

The In-Demand Sectors 

Given the increasing number of cyberattacks, it's no surprise that identity and access management tools continued to garner the highest amount of investment last year, at $3.2 billion, accounting for 17% of the sector's total 2022 financing volume. 

But other areas are seeing major growth. Investment into vendors providing risk and compliance tools, like Drata and Pentera, grew 12%, to $3 billion. Meanwhile, vendors that help manage security operations and provide threat intelligence, like Swimlane or Coralogix, nabbed $2.1 billion. 

The Growing Investment Hubs

The top five states for investment — California, New York, Texas, Virginia, and Massachusetts — are not too surprising. They've been the traditional hubs for years. 

However, new markets are emerging that could provide entrepreneurs with access to different investors and new sources of talent. 

For example, in 2022, Florida was home to 22 investments that totaled $381 million, a 35% increase from 2021. Meanwhile, other markets saw sharp declines. Cybersecurity investment in Colorado, for example, fell 62%, to $239 million. 

Room for Innovation 

The seismic shift in attention to AI should only continue to propel the cybersecurity sector in 2023. The topic was inescapable at this year's RSA Conference. And with such a large market opportunity ahead, investors continue to eagerly fund new security startups. 

Last year, there were 516 early-stage deals, a nearly 20% increase, totaling $1.5 billion. However, late-stage companies could face a more selective investor audience. In 2022, the number of Series C deals and beyond fell 16%, to 247, with the overall financing volume also falling to $10.6 billion. 

There still remains a ridiculous amount of available capital out there for innovative companies that help businesses tackle the increasingly complex task of securing their IT environments. 

But scrappy founders should recognize the sentiment shift among investors and follow the money appropriately to make fundraising their next round as painless as possible. 

About the Author(s)

Dave DeWalt

Founder & CEO, NightDragon

Dave DeWalt is one of the preeminent leaders in cybersecurity and technology, leading some of the world’s most influential companies toward immense success over the past 30 years. A four-time CEO, Dave been at the helm of some of the most impactful companies in the sector, creating more than $20 billion in shareholder value and driving some of the largest acquisition deals and IPOs in history. He currently serves as Founder and CEO of NightDragon, a venture capital and advisory firm building the world’s largest platform for growth for late-stage cybersecurity, safety, security and privacy companies. A sought-after advisor and executive leader, Dave has held more than 40 board of director roles at influential companies such as Delta Airlines, Optiv, Claroty, Five9, Mandiant, and Forescout Technologies. Dave is also a deeply committed public servant dedicated to advancing public-private partnership, including serving four administrations on the President's National Security Telecommunications Advisory Committee (NSTAC).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights