A ceramic unicorn piggy bank with stacks of coins before it
Photo: Annie Spratt/Unsplash

Flight of the security unicorns

Protocol Enterprise

Hello, and welcome to Protocol Enterprise! Today: why big funding rounds for security startups are starting to wane, and forget about bug bounties — now there are hacker bounties. Plus: this week in enterprise tech moves.

Thinning the herd

While cybersecurity spending is widely expected to be more resilient in the face of an economic slowdown than many sectors, a lot of startups in the space are under pressure.

The likely result, industry watchers say, is a much-needed shrinking of the vast landscape of security companies. And data on recent funding and valuations in security suggests the groundwork is being laid.

  • M&A activity in cybersecurity was actually down a bit in the first half of the year (148 deals vs. 167 a year ago), though still well above the same period of 2020, according to data from advisory firm Momentum Cyber.
  • But on the funding front, things are definitely cooling off. Q2 saw a slowdown in both VC deals (241 vs. 269 a year ago) and total funding ($5.4 billion vs. $6.8 billion) for security startups, Momentum Cyber reported.
  • Perhaps even more tellingly, median valuations for seed-stage companies in cybersecurity fell to $12 million during Q2 (down 33% from Q1) and dropped to $40.5 million for Series A startups in security (a 10% decrease from Q1), according to a report from DataTribe.

That's important because much of the M&A ahead will involve earlier-stage security startups getting acquired by larger players, according to security-focused venture investors who I've spoken with recently,

  • "There are a lot of things in process right now, and I think the activity is going to be very high — but the dollar amount is going to be very low," said Spencer Tall, a managing director at AllegisCyber Capital.
  • Large security vendors right now are primarily "focused on the good deals" in terms of M&A rather than acquiring the unicorns, said Mike Janke, co-founder and investment board member at DataTribe. The major vendors don't necessarily want to spend billions on a big-name player, when they could instead buy one of their competitors for $100 million, Janke said.
  • Along with acquisitions, he's also expecting to see an increase in mergers between similarly sized, privately held security vendors. Last month's merger of Human Security and PerimeterX is one example of this happening so far.

One cybersecurity company that has upped its M&A activity recently is cloud security vendor Netskope, which has acquired two security startups — Infiot and WootCloud — since June.

  • Netskope CEO Sanjay Beri told me that the company is taking the opportunity to consolidate technologies because that's what CISOs are looking for.
  • Along with simplifying security for customers, taking a unified platform approach like this also offers a major cost savings, from not having to operate and maintain multiple tools, Beri said.
  • "In this climate, [security teams] have accelerated their need to consolidate and move to the cloud," he said.
— Kyle Alspach (email | twitter)


Chip shortage could undermine national security: The global shortage of semiconductors has impeded the production of everything from pickup trucks to PlayStations. But there are graver implications than a scarcity of consumer goods. If the U.S. does not ensure continued domestic access to leading-edge semiconductor manufacturing, experts say our national security could suffer.

Read more from Micron

Enterprise moves

Over the past week Salesforce shook up its leadership team, Atlassian hired a finance exec from Microsoft, UiPath snapped up an exec from Google Cloud and more.

Brian Millham was appointed president and COO at Salesforce. Millham was previously president of the customer success group.

Gavin Patterson was promoted to chief strategy officer at Salesforce. Patterson was previously chief revenue officer where he helped push a global growth strategy.

Joe Binz was appointed CFO of Atlassian. Binz was formerly corporate vice president of finance at Microsoft.

Brigette McInnis-Day is the new chief people officer at UiPath. McInnis-Day was formerly VP of human resources at Google Cloud and COO of SAP SuccessFactors.

Amy Appleyard is now chief revenue officer at LastPass. Appleyard was formerly senior vice president of global sales at Malwarebytes and vice president of sales VMware.

Jesse Calderon joined Modern Health as CTO. Calderon was formerly senior vice president at Tableau and a VP of engineering at SAP.

— Aisha Counts (email | twitter)

Around the enterprise

The U.S. government announced it would offer rewards as large as $10 millionfor information leading to the arrest of five members of the Conti ransomware gang.

CenturyLink suffered a major outage affecting customers in the Mountain Time Zone, according to NetBlocks.


Chip shortage could undermine national security: To ensure American security, prosperity and technological leadership, industry leaders say the U.S. must encourage domestic manufacturing of chips in order to reduce our reliance on East Asia producers for crucial electronics components.

Read more from Micron

Thanks for reading — see you tomorrow!

Recent Issues