Quarterly Report, Q2 2022: Cyber Security Vendor M&A and Funding News

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

125 transactions
tracked across cybersecurity vendors in Q2 2022
$4.38B
in disclosed funding capital across 94 funding rounds
45 Seed or Series A rounds
— 48% of funding activity
31 M&A events
, 8 with disclosed prices totaling $12.07B

Get the full Q2 2022 dataset — every named company, round, investor, segment, and acquisition.

Highlights and Analysis

In Q2 2022, our team tracked 125 transactions, including 94 funding rounds and 31 M&A events. Disclosed funding totaled $4.38B, down 14% from the $5.10B recorded in Q2 2021, while round count rose from 79 to 94. Year-to-date funding has reached $9.68B through two quarters, an 8% increase over the same period in 2021. The quarter recorded no cyber IPOs, but the M&A column carried the structural weight: two PE-orchestrated public-cyber take-privates — SailPoint and Barracuda Networks — anchored disclosed deal dollars at a combined $10.9B, the heaviest disclosed-M&A concentration the workbook has recorded since Q4 2021.

Late-stage capital remained selective and modestly distributed. Twelve rounds cleared $100M, led by SonarSource's $412M growth round — the largest disclosed cyber funding round of the quarter — followed by Critical Start's $215M growth, Abnormal Security's $210M Series C, Semperis' $200M Series C, and Pathlock's $200M. Below that band, Mosyle ($196M Series B), Fortress ($125M), Veza ($110M Series C), Teleport ($110M Series C), ThreatLocker ($100M Series C), Nord Security ($100M), and Material Security ($100M Series C) populated the next band. Early-stage activity drove a meaningful share of transaction volume, with 45 of the 94 funding rounds at Seed or Series A.

The M&A column included 31 acquisitions, of which 8 disclosed prices totaling $12.07B — the quarter's structurally distinctive concentration. Thoma Bravo's $6.9B take-private of SailPoint — the largest pure-identity acquisition the workbook has tracked and the largest pure-identity take-private — and KKR's $4B take-private of Barracuda Networks together accounted for roughly 90% of disclosed M&A capital and signaled that PE-orchestrated public-cyber take-privates had moved from a 2021 thread into a sustained 2022 acquirer pattern.

Total Funding by Month
Total Funding by Month

Funding Overview

The 94 funding rounds tracked in Q2 2022 highlight a market in which late-stage capital remained available across a broad set of category leaders while early-stage formation continued at a steady pace.

Capital concentration at the top was even rather than top-heavy. Twelve rounds cleared $100M: SonarSource ($412M), Critical Start ($215M), Abnormal Security ($210M), Semperis ($200M), Pathlock ($200M), Mosyle ($196M), Fortress ($125M), Veza ($110M), Teleport ($110M), ThreatLocker ($100M), Nord Security ($100M), and Material Security ($100M). Below that band, growth-stage activity stayed steady across mid-market rounds and a long tail of $25–$80M Seed and Series A rounds. No single round dominated the quarter's disclosed total.

What stands out in Q2 2022 is where that capital is clustering. A meaningful portion of investment is concentrating around:

This distribution reflects a market in which capital is broadening across enterprise-relevant categories — identity, data, AppSec, email, and managed detection — without concentrating on a single category leader.

Total Funding by Quarter
Total Funding by Quarter

Market & Macro Signals

Several structural dynamics are visible in the Q2 2022 transaction record.

First, PE-orchestrated public-cyber take-privates reached the disclosed-M&A column at scale. Thoma Bravo's $6.9B take-private of SailPoint and KKR's $4B take-private of Barracuda Networks together totaled $10.9B — more than double the quarter's disclosed funding from venture sources. The combination signals that PE appetite for mature public cyber vendors had moved from a 2021 thread into a sustained 2022 acquirer pattern operating alongside strategic-platform consolidation.

Second, identity reached the top of the M&A column. SailPoint's $6.9B take-private is the largest pure-identity acquisition the workbook has tracked, exceeding Okta's $6.5B acquisition of Auth0 in Q1 2021 by a modest margin and standing as the largest pure-identity take-private of any year in the workbook. The transaction reset the identity-governance comp set and signaled that PE sponsors viewed mature identity vendors as durable cash-flow platforms.

Third, late-stage capital broadened rather than concentrated. Twelve rounds cleared $100M with no single round dominating the quarter's disclosed total. The pattern reflects investor appetite distributed across a wider set of category leaders than Q1 — identity, data, email, AppSec, endpoint, and managed detection all attracted late-stage capital.

Finally, strategic tuck-in M&A continued at sustained pace. Of the 31 acquisitions, 23 came without disclosed prices, including strategic moves by ReliaQuest (Digital Shadows), Synopsys (WhiteHat Security), Tenable (Bit Discovery), Turn/River Capital (Tufin), and a tail of mid-market consolidators. The breadth of acquirer activity signals continued platform-building across threat intelligence, AppSec, vulnerability, and GRC.

Q2 2022 Funding Volume by Category
Q2 2022 Funding Volume by Category

M&A Activity & Strategic Movement

Q2 2022 recorded 31 M&A transactions, with strategic activity concentrated heavily in PE-orchestrated public-cyber take-privates. The most notable transaction was Thoma Bravo's $6.9B take-private of SailPoint, the quarter's largest deal and the largest pure-identity acquisition the workbook has tracked.

Additional activity across the quarter reinforces this direction:

Across these transactions, the structural pattern is clear: PE-orchestrated public-cyber take-privates absorbed the majority of disclosed M&A capital, while strategic-platform acquirers pursued targeted tuck-ins across AppSec, threat intelligence, vulnerability, and network-security policy. Identity, email, and AppSec were the most active consolidation categories.

Q2 2022 Top Funded Rounds
Q2 2022 Top Funded Rounds

Looking Ahead

Q2 2022 reinforces the year's emerging shape: PE-orchestrated public-cyber take-privates operate as a sustained acquirer channel alongside strategic-platform consolidation, late-stage capital remains available across a broad set of category leaders, and early-stage formation continues at scale.

We expect the following dynamics to continue through the second half of 2022:

From a go-to-market perspective, Q2 2022 marks the quarter in which PE-orchestrated public-cyber take-privates moved from thread to sustained pattern. The interplay between PE-sponsored acquisition of mature public cyber vendors, continued strategic-platform tuck-in activity, and broadly distributed late-stage venture capital will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.

The full Q2 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2022 dataset →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2022-07-10 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.