Funding represents a 138% YOY increase from $12.4 billion in 2020 to $29.3 billion in 2021, while Cybersecurity M&A activity skyrocketed by more than 294% to $77.5 billion according to Momentum Cyber’s Almanac for 2022.
2021 was a historic year for the Cybersecurity industry, featuring record highs in investment, a spur in innovation across sectors, and the rapid growth of threats with several high-profile breaches. This immense growth does not appear to be slowing down anytime soon as the industry prepares for an even bigger 2022.
“We are entering a new age of Cybersecurity risk that is testing our defenses across every commercial and government organization,” said Dave DeWalt, founder and managing director, Momentum Cyber and NightDragon Security. “It is the responsibility of defenders like us to keep investing in and nurturing innovation to combat this existential threat and ensure a safe and secure future for all.”
Global Threats On The Rise
The need for Cybersecurity innovation has never been more critical as determined threat actors continue their assault on our nations’ critical infrastructure and networks around the globe.
A myriad of Cyberattacks targeting all facets of life and have manifested in increasingly concerning ways over the course of 2021. Attacks on core infrastructure grew, including a major disruption to the availability of fuel to millions of people with the shutdown of the Colonial Pipeline, interruption of food supply with an attack on JBS, and the crippling of the Irish health system.
On top of that, supply chain attacks, like SolarWinds, Kaseya, and Microsoft Exchange, highlighted the dangers of our increasingly interconnected and technology dependent world. Significant vulnerabilities discovered and actively exploited in 2021, including the Log4j discovery and NSO’s zero-click exploitation spyware, reinforced this growing risk area and highlighted the need for new innovation to reinforce our defenses across every commercial and government organization.
Investment In Cyber Is Keeping Pace With Threats
While 2021 experienced a dramatic increase in threats, investors and entrepreneurs have risen to the occasion to fund and create emerging technologies at a break-neck pace in order to combat the escalating risk. These innovations span across industries, specific needs, and threat types, aiming to keep users safe in an uncertain future.
According to the Cybersecurity focused investment bank Momentum Cyber, total investment into Cybersecurity soared in 2021 more than doubling over the previous year. Investors poured $29.3 billion in total venture capital financing across 1,000+ deals in CY 2021, up from $12.4 billion in 2020. Of the 1,042 total transactions, 82 were greater than $100 million and total financing volume was up 136% over the year prior. Categories such as Cloud Security and Identity & Access Management particularly captured the attention of investors as rounds like Lacework’s $1.3B series D, Orca’s $550M Series C, and Transmit Security’s $543M Series A stood out in these sectors.
“The heightened pace of industry spend, innovation investment and M&A activity in cybersecurity is a clear reflection of cyber threats as the existential risk to the digitized global economy. Where you have a microprocessor and data, you have cyber risk as the entire spectrum of bad human behavior digitizes in parallel with our economic infrastructure,” said Bob Ackerman, founder and managing director, AllegisCyber Capital. “Looking forward, it’s hard to see any let up in this contentious game of cat and mouse between attackers and defenders.”
M&A Activity At All Time High
There was a stunning increase in M&A activity in 2021, with significant acquisitions for companies in Endpoint Security, Cloud Security, Identity & Access Management, and Managed Services. Total M&A volume soared to over three times what it was in 2020, with $77.5 billion in total deals in 2021 across 286 transactions. This total is up from $19.7 billion in 2020 across 178 transactions.
A record fourteen M&A deals in 2021 were valued at greater than $1 billion, including Advent International and a consortium of investors’ $14.1B acquisition of McAfee, Proofpoint’s $12.3 billion acquisition by Thoma Bravo, Avast and NortonLifelock’s $8.0B merger, Auth0’s $6.4 billion acquisition by Okta, and more. These deals across several sub-verticals attest to the broad range of challenges that need to be solved in Cybersecurity given the ever evolving threat landscape.
Private Equity Takes Center Stage
One noteworthy trend in 2021 was Private Equity’s ever-increasing appetite for Cyber. Private Equity firms have steadily become involved in deals in the Cybersecurity space, however, 2021 saw a substantial surge of activity, particularly with the year’s largest transactions. While traditionally, Private Equity activity in a sector can be viewed in a number of ways, firms nowadays are establishing themselves as true growth partners and not just financial engineers.
McAfee’s $14.1B acquisition by Advent International and a consortium of investors, Proofpoint’s $12.3B acquisition by Thoma Bravo, and Mimecast’s acquisition by Permira are just a few examples of deal activity involving Private Equity. By the numbers, Private Equity or strategic PE-backed buyers were involved in 45% of all transactions across M&A in 2021, accounting for 57% of the total amount spent this past year.
Record Levels of IPO Activity And Valuations Signal Criticality Of Cybersecurity
The term “unicorn” is no longer reserved for a select few companies in Cyber with over 30 unicorns minted in 2021 Cyber versus 6 in 2020 and valuations were at record levels. There was also a flurry of IPO activity this past year as companies went public both via traditional routes and via SPAC. Major IPOs in 2021 included KnowBe4, Darktrace, SentinelOne, Riskified, and ForgeRock, as well as IronNet’s SPAC deal.
Signs Point To Emerging Trends In 2022
Investors are now looking to 2022 with a focus. The shift to remote work sparked innovation in 2021 and many promising technologies and exciting trends have begun to take shape as we head into the new year including Cybersecurity’s emerging relationship with cryptocurrency and blockchain, the DevOps shift-left with a focus on catering to developers, managed detection and response, zero trust’s continued attention, and an expanding focus on ICS + OT as industrial security grows. While it remains to be seen how these sectors will evolve over the coming year, investors will certainly be paying close attention.
Where We Stand In 2022
The Cybersecurity market remains intimidating with the increase in severity of the threat landscape. This unprecedented challenge has opened up a world of new opportunities for companies and investors alike to develop disruptive technologies to combat attacks. New threats, exceptional innovation, and invested capital will only increase in the years ahead coming off a game-changing 2021, and this perfect storm of events carries the market forward into the new golden age of Cybersecurity.
“Last year I went on record predicting that 2021 would be the most profound year in Cybersecurity in our global history, and it was,” said Robert Herjavec, founder and CEO of Herjavec Group and star of ABC’s Emmy award winning ratings giant “Shark Tank”. “My prediction remains the same for 2022 as we are truly in a golden era of Cybersecurity.”
To discuss these issues further, please join us for our NightVision webinar on Feb. 24, featuring NightDragon Founder Dave DeWalt, Herjavec Group CEO Robert Herjavec, Fishtech Group CEO Gary Fish, Momentum Cyber Managing Partner Eric McAlpine, and AllegisCyber Managing Director Bob Ackerman.