April 2021 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full April 2021 dataset — every named company, round, investor, and segment.
What April told us
April 2021 produced the largest cyber M&A event the workbook has tracked. Thoma Bravo's $12.30B acquisition of Proofpoint was the first major public-cyber take-private of 2021 and reset the workbook's M&A scale by a clear margin — the prior workbook record was Okta/Auth0 at $6.50B from one month earlier. Proofpoint had traded publicly since 2012; the take-private transferred a leading email-security vendor into PE ownership at a premium and marked the first time a multi-billion-dollar listed cyber name was removed from the public market in the data set's history. The Proofpoint deal is the structural marker for what public-cyber take-private behavior could look like at scale. Even as Proofpoint left the public market, two cyber vendors entered it: KnowBe4 and Darktrace both completed IPOs in April, the first public-market debuts of the 2021 wave.
Below Proofpoint, M&A breadth ran narrow but the disclosed-value tail held two further notable events. Mastercard acquired Ekata at $850M in Identity, extending the financial-services-strategic move into identity verification that the workbook had begun tracking in late 2020. Wipro picked up Ampion at $117M in GRC. Ten acquisitions cleared overall; the remaining seven cleared without disclosed values.
Funding activity ran $1.39B across 30 disclosed rounds. OneTrust at $210M Series C in GRC was the largest funded round, returning the company to the workbook for its second tracked event after a $300M Series C in December 2020. Sysdig at $188M Series D+ in Container, Druva at $147M (stage H) in Data, Vectra AI at $130M Series D+ in Detection/Response, Automox at $110M Series C in Endpoint, and Deep Instinct at $100M Series D+ in Endpoint rounded out the funded headline cohort. Fourteen of the 30 funded rounds cleared at Seed or Series A.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 7 |
| Series A | 7 |
| Series B | 4 |
| Series C | 3 |
| Series D+ | 6 |
| Acquisition | 10 |
| Top segments | Transactions |
|---|---|
| Identity | 7 |
| Data | 4 |
| Threat Intel | 3 |
| MSSP | 3 |
| 3 | |
| GRC | 3 |
Two deals worth your attention
Thoma Bravo's $12.30B acquisition of Proofpoint. Thoma Bravo agreed to take Proofpoint private at $12.30B, the largest cyber M&A event the workbook has tracked. The deal sat roughly 1.9x above the prior workbook M&A record (Okta/Auth0 at $6.50B, March 2021) and roughly 8.6x above the prior year's largest cyber M&A (Forescout/Advent International at $1.43B, July 2020). Proofpoint had traded publicly since 2012 in the email security category; the take-private transferred the company into PE ownership at scale and is the first multi-billion-dollar public-cyber removal the data set tracks. It is the structural marker for what public-cyber take-private behavior could look like across listed cyber names — a category that includes a number of publicly traded vendors trading above $5B equity value in early 2021.
OneTrust — $210M Series C in GRC. OneTrust raised $210M Series C for its privacy and GRC platform, the largest funded round of April and the company's second workbook event. The round followed a $300M Series C in December 2020 by four months — same segment classification, same Series C stage — making OneTrust one of the few vendors clearing two nine-figure Series C events at compressed cadence inside the workbook.
Companies we've covered before
OneTrust first appeared in December 2020 with a $300M Series C in GRC. The April 2021 $210M Series C is OneTrust's second tracked event, same segment classification, and a same-stage same-quarter-region repeat at near-identical scale.
The other 40 transactions are in the data feed — including the 10 acquisitions whose values never hit the press. Get April's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
