Quarterly Report, Q3 2021: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q3 2021 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q3 2021, our team tracked 107 transactions, including 62 funding rounds, 43 M&A events, and 2 IPOs. Disclosed funding totaled $3.65B, up 128% from the $1.6B recorded in Q3 2020, while the M&A column ran at the year's heaviest deal count. The quarter was anchored by NortonLifeLock's $8B acquisition of Avast — the largest strategic, non-PE acquisition the workbook has tracked and the second-largest disclosed acquisition overall, behind only Proofpoint. Technically, it is a strategic acquisition by a publicly traded acquirer: Avast, listed in London, was delisted on completion, while NortonLifeLock and the combined company remained publicly traded — which distinguishes it from the PE-led take-privates that defined the year's largest deals.
Of the 43 acquisitions, 9 disclosed prices totaling $13.94B, with Avast and TransUnion's $3.1B acquisition of Neustar together accounting for 80% of disclosed deal value. The 43-deal count is the highest of any 2021 quarter and underscores a market in which consolidation breadth widened even as disclosed dollars concentrated in a small number of large strategic transactions.
Late-stage capital remained available but more evenly distributed than in the first half. Fourteen rounds cleared $100M, led by Netskope's $300M and Snyk's $300M — Snyk's second $300M-plus raise of the year — followed by Cybereason's $275M. The disclosed top three accounted for roughly $875M, about 24% of the quarter's disclosed funding, and 25 of the 62 funding rounds were Seed or Series A. The quarter also saw two cyber vendors reach the public market: network-security vendor IronNet listed in August through a SPAC merger (NYSE: IRNT) rather than a conventional IPO, and identity vendor ForgeRock completed a traditional IPO in September — both extending the public-market reopening that began in Q2.

Funding Overview
The 62 funding rounds tracked in Q3 2021 highlight a market in which late-stage capital spread across detection, SASE, and cyber-insurance leaders rather than concentrating in a single category.
Capital concentration at the top was moderate. Fourteen rounds cleared $100M: Netskope ($300M), Snyk ($300M), Cybereason ($275M), BitSight ($250M), Coalition ($205M), At-Bay ($185M), JumpCloud ($159M), Arctic Wolf ($150M), Saviynt ($130M), Sourcegraph ($125M), LogicGate ($113M), and Virsec ($100M). The disclosed top three together (Netskope, Snyk, Cybereason) accounted for roughly $875M — about 24% of the quarter's disclosed funding.
What stands out in Q3 2021 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- SASE and secure access, where Netskope's $300M round anchored continued enterprise demand for converged network-and-security access delivered from the cloud
- Cyber insurance, where Coalition's $205M and At-Bay's $185M reflect sustained investor appetite for the insurable-exposure category, building on Coalition's earlier 2021 raise
- Managed detection and response, where Cybereason's $275M and Arctic Wolf's $150M signal continued demand for managed and platform-based detection across the endpoint and SOC stack
- Security ratings and exposure, where BitSight's $250M Series D+ reinforced quantified third-party risk as a durable late-stage thesis
This distribution reflects a market in which late-stage capital broadened across SASE, cyber insurance, managed detection, and ratings, rather than concentrating in the cloud-and-identity clusters that led the first half of the year.

Market & Macro Signals
Several structural dynamics are visible in the Q3 2021 transaction record.
First, strategic acquisition reached a new dollar tier for consumer security. NortonLifeLock's $8B acquisition of Avast is the largest strategic, non-PE acquisition the workbook has tracked and the second-largest disclosed acquisition overall. Structured with cash-and-stock consideration for Avast shareholders, it is a strategic acquisition that leaves the combined company publicly traded — strategic consolidation operating at a scale previously seen in the dataset only in PE-led take-privates.
Second, funding grew sharply year over year. Disclosed funding of $3.65B sits 128% above the $1.6B recorded in Q3 2020, reflecting a market in which late-stage capital remained actively deployed across detection, access, and insurance categories even as round count stayed measured.
Third, the M&A count reached the year's high. Forty-three acquisitions cleared the workbook this quarter, the broadest of any 2021 quarter, with 34 undisclosed. Strategic acquirers including Akamai (Guardicore), Microsoft (RiskIQ), Rapid7 (IntSights), and Tenable (Accurics) extended platforms across segmentation, threat intelligence, and cloud security.
Finally, undisclosed M&A did significant work. Of the 43 acquisitions, 34 came without disclosed prices, including recognizable strategic moves by Akamai, Microsoft, Rapid7, F5, and LG. The breadth of acquirer activity signals continued platform-building across segmentation, threat intelligence, OT security, and detection/response.

M&A Activity & Strategic Movement
Q3 2021 recorded 43 M&A transactions — the broadest acquisition count of any 2021 quarter — with disclosed-deal dollars concentrated in two large strategic transactions. The most notable transaction was NortonLifeLock's $8B acquisition of Avast, the quarter's largest deal and the largest strategic, non-PE acquisition the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- TransUnion acquired Neustar ($3.1B), extending its identity, fraud, and risk-data capabilities and ranking as the quarter's second-largest disclosed deal
- Kape Technologies acquired ExpressVPN ($936M), consolidating the consumer-VPN market
- Akamai acquired Guardicore ($600M), adding micro-segmentation to its edge-security portfolio
- Microsoft acquired RiskIQ ($500M), folding attack-surface management and threat intelligence into its security stack
- Rapid7 and Tenable added IntSights ($335M) and Accurics ($160M) respectively, extending into threat intelligence and infrastructure-as-code security
Across these transactions, the structural pattern is clear: strategic acquirers operated at a materially larger dollar scale than in prior quarters, led by NortonLifeLock's consumer-security combination, alongside the broadest acquisition count of the year. Consumer security, identity-and-fraud data, threat intelligence, and segmentation were the most active consolidation categories this quarter.

Looking Ahead
Q3 2021 marks a quarter in which strategic acquisition reached a new dollar tier for consumer security, funding grew sharply year over year, and the M&A count reached its annual high.
We expect the following dynamics to continue through the remainder of 2021:
- Strategic acquirers will continue operating at larger dollar scale, as platform and consumer-security vendors pursue combinations alongside the established PE take-private cohort
- Late-stage capital will favor SASE, managed detection, and cyber insurance, the categories that absorbed the heaviest growth-stage funding this quarter
- Strategic tuck-in M&A will continue at high volume, as acquirers absorb adjacent capabilities across segmentation, threat intelligence, and OT security
From a go-to-market perspective, Q3 2021 marks a quarter in which strategic acquirer dollars caught up to the PE take-private tier and funding accelerated sharply against the prior year. The interplay between large strategic combinations, a record acquisition count, and broad-based late-stage funding will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q3 2021 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q3 2021 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
