Venture capital financing of cyber companies slid to $18.5 billion in 2022

Venture capital investments in cybersecurity firms showed a significant dip in the second half of 2022, according to data collected by financial research firm Momentum Cyber. 

VC financing for cybersecurity startups reached $18.5 billion, representing a steep decline from the $30.3 billion seen in 2021 — but it was still the second-highest year on record. Experts had warned over the summer that an unpredictable economy would affect how much risk VC firms would be willing to accept when investing in startups.

More than $3.1 billion was invested in identity and access management companies like 1Password, Semperis and Beyond Identity, while the compliance and threat intelligence sectors both saw more than $2 billion in investments. 

Overall more than $6.3 billion was invested in the first quarter through 327 deals, while $5.7 billion was invested over 296 deals in the second quarter. From there, the industry saw a steep decline in VC investments, reporting $3 billion and $3.5 billion in the third and fourth quarters, respectively. 

The slide in the second half of the year tracks with the overall economics for publicly traded cybersecurity companies. Almost all of them saw their valuations decrease in 2022 compared to 2021. Firms like SentinelOne, Okta, Rapid7 and CrowdStrike experienced large declines.

The need for cybersecurity products and services hasn't decreased, though, said Momentum Cyber executive chairman Dave DeWalt. 


“While Cybersecurity venture investment slowed in the second half of the year, continued budget increases from security teams and ongoing cybersecurity and geopolitical risk gives us optimism about the long-term future of this industry,” DeWalt said.

“We live at a seminal time in Cybersecurity history, with risk rising to levels greater than we have ever seen, while at the same time many businesses are unfortunately being forced to do more with less amidst a global economic slowdown.”

M&A deals keep rolling

Last year saw some of the biggest mergers and acquisitions deals ever in the industry. They totaled $119.8 billion, according to Momentum Cyber, up from $80.9 billion in 2021.

The numbers were bolstered by several massive deals like Broadcom’s $69.2 billion acquisition of VMware and Google's $5.3 billion purchase of Mandiant.

The private equity firms Vista Equity and Thoma Bravo were behind several big purchases. Vista Equity purchased KnowBe4 for $4.3 billion and Thoma Bravo bought Sailpoint for $6.9 billion, ForegeRock for $2.25 billion and Ping Identity for $2.8 billion. 


There were 13 deals in 2022 valued at greater than $1 billion. The purchases represented a larger trend of private equity firms showing interest in cybersecurity companies, with a total 110 deals in the cybersecurity sector throughout the year.

“A decade ago, private equity made up around 10% of cybersecurity deals. Today that number has grown to almost 50%. When you have an industry that has consistent double digit growth, as far as cybersecurity spend year-over-year, it’s an area that is going to attract capital,” said Dino Boukouris, founder of Momentum Cyber.

“I expect to see an increase in overall M&A activity, but at lower valuations than what we saw in 2022. Additionally, cybersecurity spending and budgets continue to rise somewhere in the neighborhood of 7-10%, even in the midst of the recession."

On Tuesday, Reuters reported that telecom AT&T is planning to sell its cybersecurity division, which was named AlienVault before it was acquired by the company in 2018 for about $600 million.

Workers at cybersecurity firms, meanwhile, have not been spared from the layoffs seen across the tech industry in general. Sophos laid off 450 employees globally and OneTrust fired 950 employees — a 25% dip in headcount. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.