Quarterly Report, Q4 2022: Cyber Security Vendor M&A and Funding News

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

89 transactions
tracked across cybersecurity vendors in Q4 2022
$2.92B
in disclosed funding capital across 70 funding rounds
36 Seed or Series A rounds
— 51% of funding activity
19 M&A events
, 3 with disclosed prices totaling $7.09B

Get the full Q4 2022 dataset — every named company, round, investor, segment, and acquisition.

Highlights and Analysis

In Q4 2022, our team tracked 89 transactions, including 70 funding rounds and 19 M&A events. Disclosed funding totaled $2.92B, down 64% from the $8.06B recorded in Q4 2021, while round count contracted from 107 to 70. Full-year 2022 funding closed at $14.46B, down 31% from the $20.65B recorded across 2021. The quarter recorded no cyber IPOs, but the M&A column carried the structural weight: two PE-orchestrated public-cyber take-privates — KnowBe4 and ForgeRock — anchored disclosed deal dollars and extended the year's PE-acquirer pattern into the awareness-training and identity-governance tiers.

Late-stage capital remained available but concentrated narrowly. Four rounds cleared $100M, led by NetSPI's $410M growth round — the largest disclosed cyber funding round of the quarter — followed by Arctic Wolf's $401M debt round, Drata's $200M Series C, and Snyk's $196.5M Series G follow-on. Below that band, Versa Networks ($120M debt round), Apiiro ($100M Series B), Securiti ($75M Series C), Immersive Labs ($66M growth), Akeyless ($65M Series B), Tines ($55M Series B), and Anonos ($50M growth) populated the next band. Early-stage activity drove the majority of round count, with 36 of the 70 funding rounds at Seed or Series A.

The M&A column included 19 acquisitions, of which 3 disclosed prices totaling $7.10B. Vista Equity Partners' $4.6B take-private of KnowBe4 — the largest Training-segment acquisition the workbook has tracked by a very wide margin (next is Infosec at $191M) — and Thoma Bravo's $2.3B announced acquisition of ForgeRock together accounted for roughly 97% of disclosed M&A capital and extended the year's PE-orchestrated take-private pattern across two additional public cyber vendors.

Total Funding by Month
Total Funding by Month

Funding Overview

The 70 funding rounds tracked in Q4 2022 highlight a market in which late-stage capital concentrated narrowly while early-stage formation continued at a measured pace.

Capital concentration at the top was pronounced. Four rounds cleared $100M: NetSPI ($410M), Arctic Wolf ($401M debt), Drata ($200M), and Snyk ($196.5M follow-on). Below that band, growth-stage activity stayed steady across Versa Networks ($120M debt), Apiiro ($100M), Securiti ($75M), Immersive Labs ($66M), Akeyless ($65M), Tines ($55M), Anonos ($50M), and a long tail of $25–$45M Seed and Series A rounds. The disclosed top four together accounted for roughly $1.21B, about 41% of the quarter's disclosed funding.

What stands out in Q4 2022 is where that capital is clustering. A meaningful portion of investment is concentrating around:

This distribution reflects a market in which capital is concentrating on platforms with clear enterprise traction across security testing, managed detection, GRC, and AppSec, while debt financing emerged as an additional late-stage capital channel.

Total Funding by Quarter
Total Funding by Quarter

Market & Macro Signals

Several structural dynamics are visible in the Q4 2022 transaction record.

First, PE-orchestrated public-cyber take-privates anchored the quarter and the year. Vista Equity Partners' $4.6B take-private of KnowBe4 and Thoma Bravo's $2.3B announced acquisition of ForgeRock extended the year's PE-acquirer pattern across two additional public cyber vendors. Combined with the SailPoint ($6.9B, Q2), Barracuda Networks ($4B, Q2), and Ping Identity ($2.8B, Q3) take-privates, full-year 2022 PE-orchestrated public-cyber take-privates totaled approximately $20.6B in disclosed acquisition capital, extending the 2021 take-private wave into a sustained second year of PE-orchestrated cyber consolidation.

Second, KnowBe4 sits as the largest Training-segment acquisition the workbook has tracked. At $4.6B, the KnowBe4 take-private exceeds the next-largest Training transaction (Infosec at $191M) by more than 20x. The transaction reset the security-awareness-and-training comp set and signaled that PE sponsors viewed mature awareness vendors as durable cash-flow platforms worth taking private at scale.

Third, debt financing emerged as a late-stage capital channel. Arctic Wolf's $401M and Versa Networks' $120M were the quarter's two largest debt rounds and together accounted for roughly $521M. The pattern reflects late-stage vendors selecting debt over equity in a period of compressed late-stage valuations and signals an additional capital channel operating alongside traditional growth-stage equity.

Finally, funding contracted materially year-over-year. Disclosed funding of $2.92B sits 64% below Q4 2021's $8.06B, and full-year 2022 funding of $14.46B closed 31% below 2021. The shift reflects compressed late-stage round sizes and lower late-stage round count rather than a contraction in early-stage formation, which continued at a measured pace through year-end.

Q4 2022 Funding Volume by Category
Q4 2022 Funding Volume by Category

M&A Activity & Strategic Movement

Q4 2022 recorded 19 M&A transactions, with disclosed-deal dollars concentrated heavily in two PE-orchestrated public-cyber take-privates. The most notable transaction was Vista Equity Partners' $4.6B take-private of KnowBe4, the quarter's largest deal and the largest Training-segment acquisition the workbook has tracked by a wide margin.

Additional activity across the quarter reinforces this direction:

Across these transactions, the structural pattern that defined 2022 is clear: PE-orchestrated public-cyber take-privates absorbed the majority of disclosed M&A capital across all four quarters, with Thoma Bravo, Vista Equity Partners, KKR, and Centerbridge Partners each entering the cyber-acquirer column at scale. Strategic-platform tuck-in activity continued in parallel at moderate volume, with software-supply-chain security and identity standing out as the categories where strategic consolidation activity concentrated.

Full-year 2022 closed with approximately $20.6B of disclosed PE-orchestrated cyber take-private capital, extending the 2021 take-private wave into a sustained second year of PE-orchestrated public-cyber consolidation. The combination of compressed late-stage funding ($14.46B, down 31% from 2021) and outsized PE-orchestrated M&A activity marks 2022 as the year in which a high-volume PE-acquirer pattern carried through a second consecutive year.

Q4 2022 Top Funded Rounds
Q4 2022 Top Funded Rounds

Looking Ahead

Q4 2022 closes the year with a market in which PE-orchestrated public-cyber take-privates operated as the dominant disclosed-M&A channel and late-stage funding compressed materially across the second half.

We expect the following dynamics to shape the cyber capital cycle entering 2023:

From a go-to-market perspective, 2022 closes as the year in which PE-orchestrated public-cyber take-privates became a sustained acquirer pattern rather than an episodic thread. The interplay between PE-sponsored acquisition of mature public cyber vendors, continued strategic-platform tuck-in activity, and compressed late-stage venture capital will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem entering 2023.

The full Q4 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2022 dataset →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2023-01-10 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.