Quarterly Report, Q4 2021: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q4 2021 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q4 2021, our team tracked 126 transactions, including 89 funding rounds and 37 M&A events. Disclosed funding totaled $8.06B — the highest-funding quarter the workbook has tracked, up 178% from the $2.9B recorded in Q4 2020. The M&A column reached a new dollar tier as well: the $14B take-private of McAfee's consumer business by an investor consortium is the largest disclosed acquisition the workbook has tracked, surpassing Proofpoint, and removes another public-company name from the listed market.
Of the 37 acquisitions, 10 disclosed prices totaling $23.37B, with the McAfee consumer take-private and Permira's $5.8B take-private of Mimecast — a second public-company take-private this quarter — together accounting for 85% of disclosed deal value. PE-orchestrated take-privates, not strategic tuck-ins, defined the quarter's headline M&A dollars.
Funding set a record. Twenty rounds cleared $100M — the most of any 2021 quarter — led by Lacework's $1.3B Series D+, the largest disclosed funding round the workbook has tracked, followed by Invicti Security's $625M and Orca Security's $550M, Orca's second raise of the year. The disclosed top three accounted for roughly $2.48B, about 31% of the quarter's disclosed funding, and 35 of the 89 funding rounds were Seed or Series A.

Funding Overview
The 89 funding rounds tracked in Q4 2021 highlight a market in which late-stage capital reached record scale, concentrated heavily in cloud and application security.
Capital concentration at the top was pronounced. Twenty rounds cleared $100M: Lacework ($1.3B), Invicti Security ($625M), Orca Security ($550M), Socure ($450M), Claroty ($400M), Sysdig ($350M), Armis ($300M), Wiz ($250M), Devo ($250M), Incode ($220M), Coalition ($205M), Dragos ($200M), and a tail of $100M+ rounds. The disclosed top three together (Lacework, Invicti, Orca) accounted for roughly $2.48B — about 31% of the quarter's disclosed funding.
What stands out in Q4 2021 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Cloud and container security, where Lacework's $1.3B Series D+ — the largest disclosed round the workbook has tracked — sat alongside Orca's $550M, Sysdig's $350M, and Wiz's $250M, making cloud security the quarter's dominant funding cluster
- Application security, where Invicti Security's $625M growth round reinforced application and web-security testing as a destination for record-scale late-stage capital
- OT and industrial security, where Claroty's $400M and Dragos' $200M signal sustained investor demand for industrial and critical-infrastructure protection
- Identity verification, where Socure's $450M and Incode's $220M extended the year's heavy investment in identity proofing and verification
This distribution reflects a market closing the year at record funding scale, with capital concentrated in cloud, application, OT, and identity-verification leaders carrying clear enterprise traction.

Market & Macro Signals
Several structural dynamics are visible in the Q4 2021 transaction record.
First, PE take-privates reached a new dollar tier. The $14B take-private of McAfee's consumer business is the largest disclosed acquisition the workbook has tracked, and Permira's $5.8B take-private of Mimecast marks a second public-company take-private in the same quarter. Together they signal that PE sponsors are now removing public cyber names from the listed market at a combined scale not previously seen in the dataset.
Second, funding closed the year at record scale. Disclosed funding of $8.06B is the highest of any quarter the workbook tracks and sits 178% above Q4 2020. Twenty rounds cleared $100M, led by Lacework's $1.3B — the largest disclosed funding round in the dataset — reflecting a market in which late-stage capital was deployed at unprecedented scale into cloud and application security.
Third, capital concentrated in cloud and application security. Lacework, Invicti, Orca, Sysdig, and Wiz together absorbed the bulk of the quarter's largest rounds, reinforcing cloud-native and application security as the categories drawing the most aggressive late-stage checks at year-end.
Finally, undisclosed M&A did significant work. Of the 37 acquisitions, 27 came without disclosed prices, including strategic moves by OpenText (Zix), Claroty (Medigate), Coinbase (Unbound Security), and KnowBe4 (SecurityAdvisor). Disclosed dollars concentrated in two large take-privates while acquirer breadth stayed wide across email, IoT, and training.

M&A Activity & Strategic Movement
Q4 2021 recorded 37 M&A transactions, with disclosed-deal dollars concentrated overwhelmingly in two PE take-privates. The most notable transaction was the $14B take-private of McAfee's consumer business by an investor consortium, the quarter's largest deal and the largest disclosed acquisition the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- Permira completed the $5.8B take-private of Mimecast, removing a second public email-security vendor from the listed market and extending the quarter's PE take-private pattern
- OpenText acquired Zix ($860M), the quarter's largest strategic deal, adding email encryption and security to its information-management portfolio
- GBG and TransUnion added Acuant ($736M) and Sontiq ($638M) respectively, extending into identity verification and identity-protection data
- Schwartz Group acquired XM Cyber ($700M), taking the attack-path-management vendor into a strategic-owner portfolio
- Claroty acquired Medigate ($400M), extending its OT platform into connected-medical-device security
Across these transactions, the structural pattern is clear: PE-orchestrated take-privates absorbed the overwhelming majority of disclosed deal value, with two public-company take-privates in a single quarter setting a new dataset high. Email security, identity verification, and OT security were the most active consolidation categories this quarter.

Looking Ahead
Q4 2021 closes the year with PE take-privates reaching a new dollar tier and funding setting a record, leaving the market at peak intensity on both the venture and acquirer sides.
We expect the following dynamics to carry into 2022:
- PE-orchestrated take-privates will continue removing public cyber names from the listed market, as sponsors test mature mid-cap vendors across email, identity, and managed security following the McAfee and Mimecast transactions
- Late-stage capital will remain at elevated scale, concentrating on cloud, application, OT, and identity-verification leaders that drew the heaviest funding this quarter
- Strategic tuck-in M&A will continue alongside the take-private cohort, as platform vendors absorb adjacent capabilities across email, identity, and OT security
From a go-to-market perspective, Q4 2021 caps a year in which both venture and acquirer activity reached record scale, with PE take-privates and record-setting late-stage rounds defining the quarter. The interplay between large PE take-privates, record cloud-and-application-security funding, and continued strategic tuck-in activity will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.
The full Q4 2021 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2021 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
