What Does Post-Pandemic Cybersecurity Funding Look Like?


There is no argument that the COVID-19 pandemic uprooted the world’s economy, but has it equally disrupted venture capital (VC) and private equity (PE) investment in the cybersecurity industry?

To answer this question, Aite-Novarica Group analyzed 1,346 startup and scale-up investments from 2019 to April 2023. The results were somewhat unexpected: The gloomy investment picture reported by the press was not as dire as depicted, but it contained some cautionary tales. In this period, nearly US$50 billion has poured into cybersecurity companies.

The research shows a post-pandemic lockdown increase in investment deals. However, VC and PE firms are injecting less capital per deal. Investment firms are more cautious, and valuation multiples dropped substantially over the past two years. These firms have fewer choices owing to both fewer new cybersecurity startups and founders waiting for valuations to rise on existing vendors. This combination of factors makes for an interesting investment trajectory in the cybersecurity industry.

The graph below presents investments by year.

Post-Pandemic Cybersecurity Funding

Key findings of this study include:

  • The number of investment deals being made is the highest since the pandemic: Nineteen investment deals were closed monthly in 2019; today, that number is 33. This level has remained relatively consistent over the past three years.
  • Average investment deal size is shrinking: In 2019, the average deal size was US$27.9 million, spiking to US$52.5 million in 2021 and settling at US$28 million in 2023. The investment thesis has seemingly changed to lower valuations, focusing on maturing cybersecurity companies with demonstrated market acceptance.
  • Deals are taking longer: Historically, Series A rounds occurred when a company reached three years of age; today, this usually happens when a company is a little over four years old. The all-important Series A round is taking longer as investors exhibit more caution and founders wait for higher valuations to avoid the dreaded down round.
  • Investment firms are playing it safe: Less than 10% of investments flow into emerging cybersecurity technologies such as artificial intelligence (AI), blockchain, and the Internet of Things (IoT).
  • Swiss cybersecurity companies have the largest rounds: The U.S. and Israel may lead in total deals, but they lag significantly in average investment size. Israel ranks 10th in deal size, raising US$21.6 million per round vs. US$99.9 million for Switzerland.
  • The number of cybersecurity vendors is dropping substantially: In 2019, 186 new cybersecurity vendors were founded; in 2022, that number dropped to 60, a 68% decrease. Based on the current pace of emerging cybersecurity companies, this decline has continued into 2023.
  • Cybersecurity vendor valuations have dropped by 60%: Pre-pandemic valuations saw crazy numbers reported as high as 30 times trailing 12-month revenue, but generally, the numbers were in the 17-times range. Today, they have dropped to only seven times.
  • Founders’ business models should not include an initial public offering (IPO): Fewer than 100 public cybersecurity companies exist out of the estimated nearly 10,000 worldwide. Cybersecurity companies are considerably more likely to be acquired than to achieve a public offering.

Final Word

For founders of cybersecurity companies, I advise tightening up spending and holding on until valuations improve. For VC and PE firms, stop overinvesting in over-indulged market segments.

To learn more about startup and scale funding, check out Aite-Novarica Group’s report Pre/Post-Pandemic Look at Cybersecurity Industry Funding.