2022 Cyber Security Vendor Funding Report
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
2022 Cyber Security Vendor Transaction Highlights
Get the full 2022 dataset — every named company, round, investor, segment, and acquisition.
Crunching the Numbers
- The $14.45B raised in FY 2022 represents a 30% decrease in funding raised compared to 2021 ($20.55B).
- Funding volume increased by 1% with 307 funding rounds tracked in FY 2022 compared to 305 in 2021.
- Early-stage funding (Seed, Series A) represented 51% of total funding volume.
- 42 funding rounds above $100M accounted for 56% of all capital raised while representing just 14% of funding volume.
Join our mailing list to receive quarterly report analysis
Highlights and Analysis
In 2022 our team tracked $14.45 billion in disclosed cybersecurity vendor funding across 307 rounds, a 30% decline from 2021's peak. Funding was front-loaded — $5.3 billion in Q1 — then stepped down through the year to $1.86 billion in Q3 and $2.92 billion in Q4. The count of rounds held roughly flat while the dollars compressed: the same number of companies raised, for less.
The year's defining activity was on the M&A side, where private-equity-led identity consolidation dominated. Thoma Bravo alone took three public identity vendors private — SailPoint ($6.9 billion), Ping Identity ($2.8 billion), and ForgeRock ($2.3 billion) — concentrating roughly $12 billion of identity-and-access infrastructure under a single sponsor.
Strategic buyers stayed active alongside the sponsors. Google's $5.4 billion acquisition of Mandiant was the largest hyperscaler-led cyber acquisition the workbook has tracked — though not the first, as Microsoft and IBM had made cyber acquisitions before it. Disclosed M&A totaled $31.61 billion across 25 priced deals.

Funding Overview
Funding in 2022 read as normalization from an unsustainable peak. The $14.45 billion was still the second-heaviest year the workbook had recorded, but the trajectory mattered more than the total: Q1's $5.3 billion gave way to a second half that ran at roughly half that quarterly pace.
Large rounds thinned relative to 2021 — 42 rounds of $100 million or more, against 65 the year before — but capital still found scale in established platforms:
- XDR and detection drew the largest single round — Securonix's $1 billion growth round, the year's biggest, with eSentire ($325 million) and BlueVoyant ($250 million) behind it.
- Identity stayed the most-funded segment by total — $1.74 billion across 32 rounds, led by 1Password's $620 million Series C.
- AppSec and developer security held up — $1.13 billion across 26 rounds, including SonarSource's $412 million round.
- Managed services scaled — Arctic Wolf's $401 million debt round and NetSPI's $410 million growth round reflected MSSP and MSP momentum that also showed up in acquisition activity.
Seed and Series A made up 51% of rounds — the broad base held even as late-stage dollars compressed. The year read as a controlled step-down, not a collapse.

Market & Macro Signals
Four dynamics shaped 2022.
Private equity consolidated identity. Three public identity vendors went private to Thoma Bravo in one year (SailPoint, Ping Identity, ForgeRock), with KnowBe4 going to Vista ($4.6 billion) — identity and security training were the sponsors' priorities.
Hyperscaler-scale strategic M&A. Google/Mandiant ($5.4 billion) and Google/Siemplify ($500 million) marked the largest hyperscaler cyber acquisition to date, building on prior moves by Microsoft and IBM rather than opening the category.
Managed services consolidated. MSSP and MSP roll-ups gathered pace — Computer Services Inc to Centerbridge ($1.6 billion) plus a stream of smaller regional acquisitions — a category becoming structurally more important.
Funding rotated toward selectivity. As capital tightened through the year, growth-at-all-costs rounds gave way to fewer, more selective late-stage deals while the early-stage base stayed broad.

M&A Activity & Strategic Moves
Disclosed M&A reached $31.61 billion across 25 priced transactions (of 109 total). Private equity drove the dollars, and identity was the most-consolidated category. The year's largest deal was Thoma Bravo's $6.9 billion take-private of SailPoint.
The priced deals group by buyer type:
- PE take-privates dominated identity. SailPoint ($6.9 billion), Ping Identity ($2.8 billion), and ForgeRock ($2.3 billion) — all Thoma Bravo — took three public identity vendors private.
- PE reached beyond identity. KnowBe4 to Vista ($4.6 billion, security training), Computer Services Inc to Centerbridge ($1.6 billion, managed services), and Tufin to Turn/River ($570 million, GRC).
- Hyperscaler and strategic buyers stayed in. Google/Mandiant ($5.4 billion) and SentinelOne/Attivo ($616.5 million) extended platform capability through acquisition.
- Secondary buyouts appeared. KKR's $4 billion acquisition of Barracuda from Thoma Bravo was a sponsor-to-sponsor sale, not a take-private — a sign of how far cyber had become a private-equity asset class.
Private equity, not strategic acquirers, set the tone in 2022. The identity take-privates in particular concentrated a critical category under a small number of sponsors.
No cybersecurity vendor the workbook tracked completed a conventional IPO in 2022 — the traditional public-market window that had opened in 2021 was closed for the year. The sole listing came via SPAC merger: ZeroFox, an OSINT and digital-risk vendor, went public on Nasdaq (ZFOX) through a blank-check combination in August.

Looking Ahead
2022 ended with funding normalized and consolidation accelerating.
Three themes carry into 2023:
- Whether the funding step-down continues — the second-half pace, if sustained, points to a leaner 2023.
- Whether PE consolidation broadens beyond identity — the sponsors showed appetite across categories, not just access management.
- Whether managed services keeps consolidating — the MSSP roll-up pace suggests a structural shift rather than a one-year event.
The 2022 picture is one of discipline returning to funding while private equity reshaped the public-vendor landscape. Expect both — leaner funding and sponsor-led consolidation — to continue testing the market into 2023.
The full 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full 2022 dataset →
Methodology
Every transaction in this report was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available. Figures are workbook-derived and reflect ongoing corrections, so they may differ slightly from the originally published 2022 report.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
