December 2021 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full December 2021 dataset — every named company, round, investor, and segment.
What December told us
December 2021 closed the year with a third major public-cyber take-private and a tightly-packed funded column. Permira's $5.80B acquisition of Mimecast in Email completed the year's take-private wave that had begun with Proofpoint in April ($12.30B) and McAfee Consumer in November ($14.00B). The three take-privates combined for $32.10B in disclosed value across 2021 — more than the cumulative cyber M&A column of any prior full year the workbook tracks — and structurally removed three large public-cyber names from the listed-market comp set inside a single calendar year.
Funding activity ran $2.15B across 33 rounds. Claroty's $400M Series D+ in OT/ICS led the funded side, returning the company to the workbook for its third tracked event in 18 months after rounds in June 2020 ($50M) and June 2021 ($140M). Claroty also moved on M&A inside the same month — the company acquired Medigate at $400M in IoT, a dual funded-and-acquiring move inside a single month that the workbook does not have a prior parallel for at this scale. Sysdig at $350M (stage G) growth funding in Container followed (its second 2021 round after April's $188M Series D+), with Incode at $220M Series B in Identity, Noname Security at $135M Series C in API, Panther Labs at $120M Series B in Analytics, and CyCognito at $100M Series C in Vulnerability rounding out the named cohort.
M&A breadth was lighter than November — nine acquisitions overall, with three carrying nine-figure disclosed values: Mimecast, Claroty/Medigate, and Coinbase's $150M acquisition of Unbound Security in Data. The year closes at 467 transactions, $20.65B in disclosed funding, and $66.62B in disclosed M&A — the highest cyber M&A annual column the workbook had tracked through this point by a wide margin, anchored by four public-cyber repricings (Proofpoint, Avast, McAfee Consumer, Mimecast) that collectively reset the listed-cyber comp set across Email, Endpoint, and consumer cybersecurity inside twelve months.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 5 |
| Series A | 6 |
| Series B | 9 |
| Series C | 7 |
| Series D+ | 2 |
| P/E Funding | 1 |
| Spinout | 1 |
| Acquisition | 9 |
| Top segments | Transactions |
|---|---|
| Data | 6 |
| Identity | 4 |
| IoT | 3 |
| Automation | 2 |
| API | 2 |
| 2 |
Two deals worth your attention
Permira's $5.80B acquisition of Mimecast. Permira agreed to take Mimecast private at $5.80B, the third major 2021 public-cyber take-private after Proofpoint (April, $12.30B) and McAfee Consumer (November, $14.00B). Combined, the three transactions reached $32.10B in disclosed take-private value across 2021 — more than the cumulative cyber M&A column of any prior full year the workbook tracks. Mimecast had traded publicly since 2015 in the email security category; its removal from the listed-market comp set followed Proofpoint's by roughly eight months and continues the year's structural pattern of PE buyers absorbing public-cyber assets at scale.
Claroty — $400M Series D+ in OT/ICS AND $400M acquisition of Medigate. Claroty closed two transactions inside December: a $400M Series D+ funded round in OT/ICS and a $400M acquisition of Medigate in IoT. The dual move — same dollar size on both sides, inside the same calendar month — is a structural cadence the workbook does not have a prior parallel for. The combined activity took Claroty's December disclosed transaction value to $800M and consolidated its position across operational technology and healthcare-adjacent device security. The funded round was Claroty's third workbook event after $50M in June 2020 and $140M Series D+ in June 2021 — same-segment across all three rounds, with each round more than 2.5x the prior.
Companies we've covered before
Claroty first appeared in June 2020 with a $50M Series D in OT/ICS, returning in June 2021 with a $140M Series D+ in the same segment. The December 2021 $400M Series D+ is Claroty's third tracked event — same segment classification across all three — and one of the workbook's clearest exact-twelve-month-cadence single-segment ramps. Claroty's same-month $400M acquisition of Medigate is the workbook's first vendor-as-both-funded-and-acquirer event at nine-figure scale inside one month.
Sysdig first appeared in April 2021 with a $188M Series D+ in Container. The December 2021 $350M growth round (stage G) is Sysdig's second tracked event, same segment classification, and a 1.9x step-up over the prior round in eight months.
Noname Security first appeared in June 2021 with a $60M Series B in API. The December 2021 $135M Series C is Noname Security's second tracked event, same segment classification, and a 2.25x step-up inside the API security category six months apart.
Medigate first appeared in September 2020 with a $30M Series B in IoT. The December 2021 $400M acquisition by Claroty closes a roughly 15-month workbook arc and is one of the larger healthcare-adjacent device-security strategic acquisitions the data set tracks.
The other 40 transactions are in the data feed — including the 9 acquisitions whose values never hit the press. Get December's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
