The once red-hot cybersecurity startup space is experiencing a drastic slowdown in terms of funding, according to data from Crunchbase.
The amount of money that investors have poured into early-stage companies fell 63% to $1.6 billion in the second quarter of this year compared to $4.3 billion in the same period last year. This marks the lowest quarterly total since the end of 2019 when startups raised just under $1.6 billion.
For the first half of the year, cybersecurity startups brought in only $4.3 billion in funding, down 60% from the $10.8 billion raised in the first half of 2022. There were also far fewer deals, with only 312 funding rounds completed in the first six months of 2023 compared to 507 the year before.
The number of large late-stage deals was also sharply lower. In the first half of 2022, 33 deals of $100 million or more were funded. But this year saw just 11 mega-rounds totaling more than $100 million each.
In the second quarter, only five rounds exceeded $100 million including a $190 million investment in Blackpoint Cyber and a $132 million round completed by ID.me.
While venture investment has declined broadly, the massive drop in cybersecurity – traditionally viewed as a “recession-proof” sector – has been stunning. However, cyber attacks continue unabated even as enterprise budgets tighten.
AI Can Make Cybersecurity Solutions Cheaper but Investors Are Still Cautious
Artificial intelligence and automation could make cybersecurity operations more efficient. In addition, public cybersecurity companies have seen share price gains that may spur more merger and acquisition activity and revive venture funding.
However, startups seeking funding will need to demonstrate “capital efficiency” by showing progress in research and development in addition to sales and marketing metrics, said Alex Doll of Ten Eleven Ventures in response to a survey performed by TechCrunch to investors in the space.
It remains uncertain how long funding for cybersecurity startups will remain out of sync with enterprise spending needs. Some investors expect a rebound “within the next 12 to 18 months” as the economic picture becomes clearer.
The drastic funding slowdown highlights how rapidly the startup and venture capital environments can change. After a huge wave of growth investments in 2021, private investors have now shifted to seeking profitability and efficiency, dramatically slowing deal flow and valuations across industries. But even a traditionally stable sector like cybersecurity has not been immune.
Business Leaders Believe a ‘Catastrophic’ Cybersecurity Event Could Happen in Two Years
Business leaders are becoming more aware of their organizations’ cybersecurity issues, according to the World Economic Forum’s 2023 Global Cybersecurity Outlook. Yet, they still struggle to communicate cyber risks in a way that motivates action.
The study found that 91% of respondents believe a catastrophic cyber event is likely in the next two years. Meanwhile, 43% think a cyber attack could materially affect their own organization. As a result, businesses are investing more in day-to-day defenses.
The survey’s respondents said that they are now focusing more on preventing business disruption and limiting their businesses’ reputational damage rather than stealing data. Geopolitical instability has also heightened data protection concerns and influenced where businesses operate and invest.
Business leaders acknowledge that their supply chains and partners expose them to cyber risks. In response, they plan to strengthen third-party controls and reconsider business relationships if they fail to meet their cyber security standards.
Large digital transformation projects add complexity and risk as organizations integrate new technologies to modernize their processes but at the same time need to keep their systems well protected.
In this regard, business leaders often struggle to balance technology value against increased cyber risks. More respondents now see cybersecurity regulations as effective, though compliance remains challenging.