Cybersecurity VC Funding Plunged In 2022, But That’s Not A Bad Thing

The slowdown in venture capital in cybersecurity is ‘healthy for the market’ in a number of ways, given that the 2021 funding environment for cybersecurity was ‘really frothy,’ one investor tells CRN.

Venture capital funding for cybersecurity companies declined significantly in 2022 from the record highs of the year before, as the economy cooled and VC funding overall took a hit.

There’s an argument to be made that this is more positive than negative, however, given how over-heated the funding environment for security startups had gotten in 2021, two venture investors told CRN.

VC funding for cybersecurity companies totaled $18.5 billion in 2022, according to security-focused advisory firm Momentum Cyber, which released the findings Wednesday as part of its Cybersecurity Almanac 2023.

That was down about 37 percent from 2021, when security VC surged to $29.3 billion, Momentum Cyber reported. However, it was still well above the $12.4 billion raised by cybersecurity companies in 2020 and the $9.7 billion in funding for the sector in 2019.

[Related: 10 Hot Cybersecurity Companies You Should Watch In 2023]

The slowdown has been a welcome change, though, given the fact that the funding environment in 2021 for cybersecurity was “really frothy,” said Spencer Tall, managing director at venture firm AllegisCyber.

For investors, “you really couldn’t do proper diligence on deals,” Tall said. “It made for some bad deals, honestly.”

As a result, a lot of cybersecurity companies were getting funded that shouldn’t have been, according to Morgan Kyauk, managing director at venture firm NightDragon.

“There were a lot of companies getting funded as if they were full-on products and platforms — but in reality, they were really just features,” Kyauk told CRN. “Those shouldn’t necessarily have been a company.”

Assuming that there are now fewer startups getting funded in cybersecurity, that’s good for partners and customers — who have become accustomed to having to wade through an overwhelming number of security companies to work with. It’s also good for existing vendors that will now have greater access to talent, Tall said.

“Less startups means there’s better people available for each startup,” he told CRN. “So I think innovation actually doesn’t take a hit.”

Other benefits of the funding environment in cybersecurity include salaries coming down to a more reasonable level, Tall said. At many of the companies that raised massive rounds, “people spent accordingly,” he said. “They were paying people at private companies the same salary they would get at a public company. And then they still got their stock.”

The cybersecurity funding decline came in the second half of 2022 as the macroeconomic picture dimmed. The third and fourth quarters of the year saw a total of $6.5 billion in VC funding raised by cybersecurity companies, down from $12.1 billion during the first half of 2022, according to the Momentum Cyber report.

All in all, “I think it’s healthy for the market,” Tall said. “It’s certainly healthy for VCs, but I think it’s healthy for founders and companies as well.”

Solid companies in cybersecurity will still get funded, Kyauk said. It’s just that the greater discipline around investing in the sector “will ensure that the capital is flowing towards companies that are truly solving a problem, that are truly creating a platform.”