Quarterly Report, Q4 2024: Cyber Security Vendor M&A and Funding News

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

75 transactions
tracked across cybersecurity vendors in Q4 2024
$1.70B
in disclosed funding capital across 57 funding rounds
32 Seed or Series A rounds
— 56% of funding activity
18 M&A events
, 9 with disclosed prices totaling $2.55B

Get the full Q4 2024 dataset — every named company, round, investor, segment, and acquisition.

Highlights and Analysis

In Q4 2024, our team tracked 75 transactions, including 57 funding rounds and 18 M&A events. Disclosed funding totaled $1.70B, modestly above the $1.59B recorded in Q4 2023, while round count contracted from 85 to 57. The quarter closed full-year 2024 disclosed funding at $9.52B across 307 funding rounds, a 9% increase over 2023's $8.70B. The year's structurally distinctive shift, however, sat in the M&A column: the acquirer cohort widened materially beyond pure-play cyber strategics.

Late-stage capital remained selective at the top. Four rounds cleared $100M — Cyera ($300M Series D+, a follow-on to its Q1 $300M growth round), Armis ($200M Series D+), Halcyon ($100M Series C), and Upwind ($100M Series B) — followed by Axiado ($60M Series C), Sublime Security ($60M Series B), HUMAN ($50M growth), and Bugcrowd ($50M growth). Early-stage activity continued to drive volume, with 32 of the 57 funding rounds at Seed or Series A.

The M&A column was unusually heavy in disclosed dollars relative to deal count. Eighteen acquisitions included nine disclosed transactions totaling $2.55B, anchored by Sophos' $859M acquisition of SecureWorks — the quarter's largest disclosed deal and a meaningful PE-orchestrated consolidation of two mid-cap detection-and-response platforms. Wiz's $450M acquisition of Dazz, CrowdStrike's $300M acquisition of Adaptive Shield, and N-able's $266M acquisition of Adlumin round out the upper tier.

Total Funding by Month
Total Funding by Month

Funding Overview

The 57 funding rounds tracked in Q4 2024 highlight a market in which late-stage capital concentrated at the top of the range while round count contracted to the lowest quarterly total of the year.

Four rounds exceeded $100M: Cyera ($300M follow-on), Armis ($200M), Halcyon ($100M), and Upwind ($100M). Below that band, growth-stage activity stayed steady across Axiado ($60M Series C), Sublime Security ($60M Series B), HUMAN ($50M growth), Bugcrowd ($50M growth), and a long tail of $20–$45M Seed and Series A rounds. Seed and Series A activity (32 of 57 rounds, or 56%) held within the year's normal range despite the lower absolute count.

What stands out in Q4 2024 is where that capital is clustering. A meaningful portion of investment is concentrating around:

This distribution reflects a market in which late-stage capital concentrated on a small set of high-traction vendors while early-stage formation broadened across AppSec, GRC, and AI-aligned categories.

Total Funding by Quarter
Total Funding by Quarter

Market & Macro Signals

Several structural dynamics are visible in the Q4 2024 transaction record.

First, PE-orchestrated public-cyber consolidation returned to the M&A column. Sophos' $859M acquisition of SecureWorks — both vendors operating in detection and response under PE ownership (Thoma Bravo's Sophos absorbing Dell-spun SecureWorks) — marked the quarter's largest disclosed deal. The transaction extends the multi-year pattern of PE-sponsored mid-cap consolidation across the public-cyber cohort.

Second, AppSec consolidation accelerated at scale. Wiz's $450M acquisition of Dazz extends the CNAPP platform into application security posture management. The transaction adds to a multi-quarter pattern in which AppSec and cloud-security platforms are converging at the acquirer level.

Third, SaaS-security entered the strategic-acquirer column at disclosed scale. CrowdStrike's $300M acquisition of Adaptive Shield brings dedicated SaaS-posture management into the Falcon platform and signals that incumbent endpoint vendors are willing to own SaaS-security as a category through M&A rather than partnership.

Finally, mid-market XDR consolidation continued. N-able's $266M acquisition of Adlumin and Arctic Wolf's $160M acquisition of Cylance assets together add to a multi-quarter pattern of MSSP-aligned and MSP-aligned acquirers absorbing detection-and-response capabilities. The transactions extend the strategic-consolidation dynamic into the mid-market managed-security tier.

Q4 2024 Funding Volume by Category
Q4 2024 Funding Volume by Category

M&A Activity & Strategic Movement

Q4 2024 recorded 18 M&A transactions, with strategic activity concentrated heavily at the top of the disclosed-price range. The most notable transaction was Sophos' $859M acquisition of SecureWorks, the quarter's largest disclosed deal and a PE-orchestrated consolidation of two public-cyber detection-and-response platforms.

Additional activity across the quarter reinforces this direction:

Across these transactions, the strategic pattern is clear: nine disclosed acquisitions totaling $2.55B — more than the quarter's $1.70B in disclosed funding — signal that acquirer capital deployment outpaced primary funding for the first time in 2024. Detection and response, AppSec, and SaaS-security were the most contested strategic categories.

Stepping back to the full year, the disclosed M&A column distributed across an unusually broad buyer cohort: $8.65B in PE-led take-privates (Thoma Bravo/Darktrace, Hg/AuditBoard, Haveli/ZeroFox), $2.65B in non-cyber strategic acquisition (Mastercard/Recorded Future), $1.02B in PE-orchestrated strategic consolidation (Sophos/SecureWorks, Arctic Wolf/Cylance assets), and $4.89B across 16 pure-cyber strategic acquisitions — $17.21B in total disclosed M&A. PE-aligned activity (~$9.67B) materially exceeded pure-cyber strategic dollars (~$4.89B), and Mastercard's entry marked the first non-cyber strategic to acquire a cyber platform at meaningful scale — a structural broadening of who buys cyber that did not appear at this magnitude in 2023.

Q4 2024 Top Funded Rounds
Q4 2024 Top Funded Rounds

Looking Ahead

Q4 2024 closes the year with a market in which the central shift sat in the acquirer cohort: PE-led disclosed activity outpaced pure-cyber strategic dollars, a non-cyber strategic entered at meaningful scale, and disclosed M&A dollars at the top of the range outran primary funding for the quarter.

We expect the following dynamics to carry into 2025:

From a go-to-market perspective, 2024 closed with disclosed funding modestly ahead of 2023 ($9.52B vs. $8.70B), but the year's structurally distinctive shift sat in the acquirer column: PE sponsors, PE-orchestrated strategics, and a non-cyber strategic together absorbed more disclosed M&A capital than pure-play cyber acquirers — an inversion of 2023's strategic-dominant pattern. Vendors entering 2025 will be measured against a market in which acquirer appetite has clearly broadened: PE sponsors hunting mature mid-cap cash flow, adjacent-industry strategics extending into cyber capability ownership, and pure-cyber platforms continuing tuck-in consolidation. The interplay between disciplined late-stage capital and a widening acquirer cohort will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem.

The full Q4 2024 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2024 dataset →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2025-01-10 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.