Quarterly Report, Q4 2022: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q4 2022 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q4 2022, our team tracked 89 transactions, including 70 funding rounds and 19 M&A events. Disclosed funding totaled $2.92B, down 64% from the $8.06B recorded in Q4 2021, while round count contracted from 107 to 70. Full-year 2022 funding closed at $14.46B, down 31% from the $20.65B recorded across 2021. The quarter recorded no cyber IPOs, but the M&A column carried the structural weight: two PE-orchestrated public-cyber take-privates — KnowBe4 and ForgeRock — anchored disclosed deal dollars and extended the year's PE-acquirer pattern into the awareness-training and identity-governance tiers.
Late-stage capital remained available but concentrated narrowly. Four rounds cleared $100M, led by NetSPI's $410M growth round — the largest disclosed cyber funding round of the quarter — followed by Arctic Wolf's $401M debt round, Drata's $200M Series C, and Snyk's $196.5M Series G follow-on. Below that band, Versa Networks ($120M debt round), Apiiro ($100M Series B), Securiti ($75M Series C), Immersive Labs ($66M growth), Akeyless ($65M Series B), Tines ($55M Series B), and Anonos ($50M growth) populated the next band. Early-stage activity drove the majority of round count, with 36 of the 70 funding rounds at Seed or Series A.
The M&A column included 19 acquisitions, of which 3 disclosed prices totaling $7.10B. Vista Equity Partners' $4.6B take-private of KnowBe4 — the largest Training-segment acquisition the workbook has tracked by a very wide margin (next is Infosec at $191M) — and Thoma Bravo's $2.3B announced acquisition of ForgeRock together accounted for roughly 97% of disclosed M&A capital and extended the year's PE-orchestrated take-private pattern across two additional public cyber vendors.

Funding Overview
The 70 funding rounds tracked in Q4 2022 highlight a market in which late-stage capital concentrated narrowly while early-stage formation continued at a measured pace.
Capital concentration at the top was pronounced. Four rounds cleared $100M: NetSPI ($410M), Arctic Wolf ($401M debt), Drata ($200M), and Snyk ($196.5M follow-on). Below that band, growth-stage activity stayed steady across Versa Networks ($120M debt), Apiiro ($100M), Securiti ($75M), Immersive Labs ($66M), Akeyless ($65M), Tines ($55M), Anonos ($50M), and a long tail of $25–$45M Seed and Series A rounds. The disclosed top four together accounted for roughly $1.21B, about 41% of the quarter's disclosed funding.
What stands out in Q4 2022 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Security testing and offensive security, where NetSPI's $410M growth round — the quarter's largest disclosed funding round — anchored a category in which penetration-testing-as-a-service and offensive-security platforms continued to attract late-stage capital
- Managed detection and response, where Arctic Wolf's $401M debt round reinforces that MDR platforms continued to absorb meaningful capital even as equity rounds at the late end became more selective
- Governance, risk, and compliance, where Drata's $200M Series C, Anonos' $50M growth round, and continued early-stage formation across the segment reflect persistent enterprise demand for compliance automation
- AppSec and software supply chain, which led the segment mix with 12 transactions, anchored by Snyk's $196.5M Series G follow-on and Apiiro's $100M Series B, and reflecting continued buyer demand across pre-production controls
This distribution reflects a market in which capital is concentrating on platforms with clear enterprise traction across security testing, managed detection, GRC, and AppSec, while debt financing emerged as an additional late-stage capital channel.

Market & Macro Signals
Several structural dynamics are visible in the Q4 2022 transaction record.
First, PE-orchestrated public-cyber take-privates anchored the quarter and the year. Vista Equity Partners' $4.6B take-private of KnowBe4 and Thoma Bravo's $2.3B announced acquisition of ForgeRock extended the year's PE-acquirer pattern across two additional public cyber vendors. Combined with the SailPoint ($6.9B, Q2), Barracuda Networks ($4B, Q2), and Ping Identity ($2.8B, Q3) take-privates, full-year 2022 PE-orchestrated public-cyber take-privates totaled approximately $20.6B in disclosed acquisition capital, extending the 2021 take-private wave into a sustained second year of PE-orchestrated cyber consolidation.
Second, KnowBe4 sits as the largest Training-segment acquisition the workbook has tracked. At $4.6B, the KnowBe4 take-private exceeds the next-largest Training transaction (Infosec at $191M) by more than 20x. The transaction reset the security-awareness-and-training comp set and signaled that PE sponsors viewed mature awareness vendors as durable cash-flow platforms worth taking private at scale.
Third, debt financing emerged as a late-stage capital channel. Arctic Wolf's $401M and Versa Networks' $120M were the quarter's two largest debt rounds and together accounted for roughly $521M. The pattern reflects late-stage vendors selecting debt over equity in a period of compressed late-stage valuations and signals an additional capital channel operating alongside traditional growth-stage equity.
Finally, funding contracted materially year-over-year. Disclosed funding of $2.92B sits 64% below Q4 2021's $8.06B, and full-year 2022 funding of $14.46B closed 31% below 2021. The shift reflects compressed late-stage round sizes and lower late-stage round count rather than a contraction in early-stage formation, which continued at a measured pace through year-end.

M&A Activity & Strategic Movement
Q4 2022 recorded 19 M&A transactions, with disclosed-deal dollars concentrated heavily in two PE-orchestrated public-cyber take-privates. The most notable transaction was Vista Equity Partners' $4.6B take-private of KnowBe4, the quarter's largest deal and the largest Training-segment acquisition the workbook has tracked by a wide margin.
Additional activity across the quarter reinforces this direction:
- Thoma Bravo announced the $2.3B acquisition of ForgeRock, returning the identity-governance vendor to private ownership and extending PE-orchestrated identity acquisition into a third 2022 transaction following SailPoint and Ping Identity
- Palo Alto Networks acquired Cider Security ($195M), adding software-supply-chain security to its Prisma Cloud platform and extending Cortex coverage across the development lifecycle
- A tail of mid-market consolidators completed targeted strategic acquisitions without disclosed pricing across identity, AppSec, and managed-security delivery, reflecting continued platform-building activity at moderate volume
Across these transactions, the structural pattern that defined 2022 is clear: PE-orchestrated public-cyber take-privates absorbed the majority of disclosed M&A capital across all four quarters, with Thoma Bravo, Vista Equity Partners, KKR, and Centerbridge Partners each entering the cyber-acquirer column at scale. Strategic-platform tuck-in activity continued in parallel at moderate volume, with software-supply-chain security and identity standing out as the categories where strategic consolidation activity concentrated.
Full-year 2022 closed with approximately $20.6B of disclosed PE-orchestrated cyber take-private capital, extending the 2021 take-private wave into a sustained second year of PE-orchestrated public-cyber consolidation. The combination of compressed late-stage funding ($14.46B, down 31% from 2021) and outsized PE-orchestrated M&A activity marks 2022 as the year in which a high-volume PE-acquirer pattern carried through a second consecutive year.

Looking Ahead
Q4 2022 closes the year with a market in which PE-orchestrated public-cyber take-privates operated as the dominant disclosed-M&A channel and late-stage funding compressed materially across the second half.
We expect the following dynamics to shape the cyber capital cycle entering 2023:
- PE-orchestrated take-private activity will continue testing the mid-cap cyber cohort, as PE sponsors continue targeting mature vendors with durable cash flow and clear platform positioning following the 2022 take-private wave
- Late-stage capital will remain selective and modestly distributed, favoring vendors with measurable enterprise traction across category leaders in detection/response, identity, AppSec, and managed security
- Strategic tuck-in M&A will continue at moderate volume, as platform vendors absorb adjacent capabilities across software-supply-chain security, identity, AppSec, and managed-security delivery
From a go-to-market perspective, 2022 closes as the year in which PE-orchestrated public-cyber take-privates became a sustained acquirer pattern rather than an episodic thread. The interplay between PE-sponsored acquisition of mature public cyber vendors, continued strategic-platform tuck-in activity, and compressed late-stage venture capital will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem entering 2023.
The full Q4 2022 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2022 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
