There have been a decent number of tuck-in acquisitions in 2024. Flow Security (CRWD) and Eureka Security (TNBL) were fairly notable.
The main open question right now is about AI Security and Safety - specifically, whether to build or buy.
Most other segments (DSPM, OT Security, Vulnerability Management, CNAPP, etc) have largely been acquired and consolidated.
The thing is, there aren't that many startups in the space left that garner mutual interest in acquisition.
It's basically bimodal now, whereby
- a number of Series B/C startups have enough cash in hand to potentially do a tuck-in for a Seed or Series A AI Safety/Security startup and as such don't want to get acquired by a larger company because they have a strategic path forward to differentiating themselves from larger players [Acquirers interested, Startups uninterested]
- a number of Series E/F companies that have raised capital at multi-billion valuations but do not have a path forward to generate revenue at those valuations (eg. Lacework valued at $9B but ARR shy of $100M) [Startups interested, Acquirers uninterested]
Most notably, the earlier stage startups are now founded by startup founders who already have a $1M-50M net worth now due to successful cybersecurity exits in the 2019-23 period (IPO or acquisition). You can see this first hand in the Israeli and Bay Area cybersecurity startup scene.
The main open question right now is about AI Security and Safety - specifically, whether to build or buy.
Most other segments (DSPM, OT Security, Vulnerability Management, CNAPP, etc) have largely been acquired and consolidated.
The thing is, there aren't that many startups in the space left that garner mutual interest in acquisition.
It's basically bimodal now, whereby
- a number of Series B/C startups have enough cash in hand to potentially do a tuck-in for a Seed or Series A AI Safety/Security startup and as such don't want to get acquired by a larger company because they have a strategic path forward to differentiating themselves from larger players [Acquirers interested, Startups uninterested]
- a number of Series E/F companies that have raised capital at multi-billion valuations but do not have a path forward to generate revenue at those valuations (eg. Lacework valued at $9B but ARR shy of $100M) [Startups interested, Acquirers uninterested]
Most notably, the earlier stage startups are now founded by startup founders who already have a $1M-50M net worth now due to successful cybersecurity exits in the 2019-23 period (IPO or acquisition). You can see this first hand in the Israeli and Bay Area cybersecurity startup scene.