Quarterly Report, Q2 2023: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q2 2023 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q2 2023, our team tracked 116 transactions, including 97 funding rounds and 19 M&A events. Disclosed funding totaled $1.96B, down 55% from the $4.38B recorded in Q2 2022, while round count rose from 92 to 97 — the highest quarterly round count of 2023 so far. Year-to-date funding has reached $4.85B through two quarters, a 49% decrease from the same period in 2022.
Early-stage activity dominated transaction volume: 67 of the 97 funding rounds were Seed or Series A — a 69% share that marks the heaviest early-stage tilt of 2023 so far. Capital concentration at the late end remained modest, with five rounds clearing $100M — Blackpoint Cyber ($190M growth), ID.me ($132M Series D+), Quantexa ($129M Series D+), Cybereason ($100M growth), and Cyera ($100M Series B) — followed by Auradine ($81M Series A), Coro ($75M Series C), and SourcePass ($65M growth).
The M&A column was lighter in deal count and concentrated at the top. Nineteen acquisitions included seven disclosed transactions totaling $1.42B, anchored by Crosspoint Capital Partners' $870M take-private of Absolute Software — the quarter's largest deal and a continuation of the PE-sponsored public-cyber take-private dynamic visible in Q1. Cyber-to-cyber strategic consolidation also returned to the disclosed column with F-Secure's $224M acquisition of Lookout's mobile-security business.

Funding Overview
The 97 funding rounds tracked in Q2 2023 highlight a market in which early-stage formation broadened materially while late-stage capital remained selective and modestly distributed.
Five rounds cleared $100M: Blackpoint Cyber ($190M), ID.me ($132M), Quantexa ($129M), Cybereason ($100M), and Cyera ($100M). Below that band, growth-stage activity stayed steady across Auradine ($81M), Coro ($75M), SourcePass ($65M), Huntress ($60M Series C), Fourthline ($54M Series B), Semgrep ($53M Series C), Safe Security ($50M Series B), Halcyon ($50M Series A), and a long tail of $25–$45M Seed and Series A rounds. Seed and Series A activity (67 of 97 rounds, or 69%) reached the highest share of any quarter in 2023 so far.
What stands out in Q2 2023 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Identity and access infrastructure, which led the segment mix with 16 transactions, anchored by ID.me's $132M Series D+ and continued early-stage formation across identity governance and authentication
- Data security and data governance, where Cyera's $100M Series B — a follow-on to the vendor's $60M 2022 round — reinforced data-layer security as a category absorbing growth-stage capital
- AppSec and software supply chain, which together accounted for nine transactions including Semgrep's $53M Series C, reflecting persistent buyer demand across pre-production controls and developer-aligned security tooling
- Detection, response, and managed security, where Blackpoint Cyber's $190M growth round, Huntress' $60M Series C, and a tail of MSSP-aligned funding reflect continued enterprise demand for managed-detection-and-response delivery
This distribution reflects a market in which capital is broadening across enterprise-relevant categories — identity, data, AppSec, and managed detection — while remaining selective at the late end.

Market & Macro Signals
Several structural dynamics are visible in the Q2 2023 transaction record.
First, PE-orchestrated public-cyber take-privates continued from Q1. Crosspoint Capital Partners' $870M take-private of Absolute Software extends the multi-quarter pattern of PE sponsors absorbing mature mid-cap public cyber vendors. Combined with Q1's Sumo Logic and Magnet Forensics take-privates, the year-to-date pattern shows PE sponsors operating as a sustained acquirer channel alongside strategic-platform consolidation.
Second, strategic cyber-to-cyber consolidation returned at meaningful scale. F-Secure's $224M acquisition of Lookout's mobile-security business marked one of the quarter's largest disclosed strategic deals and signaled that pure-cyber vendors continue to pursue targeted business-unit acquisitions in addition to whole-company strategic absorption.
Third, early-stage formation broadened materially. Sixty-seven of the 97 funding rounds were Seed or Series A, the highest share of any quarter in 2023 so far. The pattern signals that company formation continues to widen across identity, AppSec, data, and emerging risk categories, even as late-stage capital remains modestly distributed in dollar terms.
Finally, undisclosed M&A continued to do significant work. Of the 19 acquisitions, 12 came without disclosed prices, including strategic moves by Akamai (Neosec), Snyk (Enso Security), IBM (Polar Security), Cisco (ArmorBlox), Databricks (Okera), Informatica (Privitar), Bitdefender (Horangi Cyber Security), and HashiCorp (BluBracket). The breadth of acquirer activity signals continued platform-building across API security, data, AppSec, email security, and cloud governance.

M&A Activity & Strategic Movement
Q2 2023 recorded 19 M&A transactions, with strategic activity weighted toward PE-orchestrated take-private capital and targeted strategic tuck-ins. The most notable transaction was Crosspoint Capital Partners' $870M take-private of Absolute Software, the quarter's largest deal and a continuation of the PE-sponsored public-cyber take-private dynamic visible in Q1.
Additional activity across the quarter reinforces this direction:
- F-Secure acquired Lookout's mobile-security business ($224M), extending its consumer-and-enterprise mobile-security footprint through a strategic carve-out from a US-based identity-and-mobile vendor
- Thales acquired Tesserent ($119M), the Australia-based cyber services vendor, extending Thales' regional services delivery
- Socure acquired Berbix ($70M), deepening identity-verification capabilities through a strategic tuck-in
- IBM acquired Polar Security ($60M), adding data security posture management to the IBM Security portfolio
- Snyk and ZeroFox completed two more disclosed deals — Enso Security ($50M) and LookingGlass Cyber ($26M) respectively — extending AppSec orchestration and threat-intelligence capabilities
- Akamai, Cisco, Databricks, Informatica, Bitdefender, and HashiCorp each completed targeted acquisitions (Neosec, ArmorBlox, Okera, Privitar, Horangi Cyber Security, and BluBracket respectively) without disclosed pricing, signaling continued platform-building across API security, email security, data, GRC, and AppSec
Across these transactions, the strategic pattern continues: PE-orchestrated take-private capital absorbed the majority of disclosed M&A dollars, while strategic-platform acquirers pursued targeted tuck-ins across API security, identity, data, and AppSec. The combination of one disclosed PE take-private and a broad tail of undisclosed strategic deals continues the pattern set in Q1.

Looking Ahead
Q2 2023 reinforces the year's emerging shape: PE-led take-private activity persists at scale, late-stage capital is selective and dispersed across categories, and early-stage formation continues to broaden across identity, AppSec, data, and managed-security delivery.
We expect the following dynamics to continue through the second half of 2023:
- PE-led take-private activity will continue testing the public cyber cohort, with mature mid-cap vendors remaining the primary candidate set for PE-orchestrated private ownership
- Strategic tuck-in M&A will continue at sustained pace, as platform vendors absorb adjacent capabilities across data, API security, identity, and AppSec
- Late-stage capital will remain dispersed and selective, favoring vendors with demonstrable enterprise traction across identity, data, and managed detection
From a go-to-market perspective, the implications are increasingly clear. The bar for late-stage capital remains higher than in the 2021–2022 cycle, while PE sponsors and strategic-platform acquirers continue to operate actively across the public-cyber cohort. Vendors entering the second half of 2023 will be measured against a market in which clear category leadership, durable cash flow, and platform fit serve as the primary differentiators for both funding and acquirer attention.
The full Q2 2023 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2023 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
