March 2021 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

60 transactions
tracked across cybersecurity vendors in March 2021
$2.38B
in disclosed funding capital
38 funding rounds
— of which 15 were Seed or Series A
22 acquisitions — anchored by Okta's $6.50B deal for Auth0

Get the full March 2021 dataset — every named company, round, investor, and segment.

What March told us

March 2021 reframed the cyber M&A market. Okta's $6.50B acquisition of Auth0 was the largest cyber M&A event the workbook has tracked through this point — the prior workbook record was Forescout's $1.43B take-private by Advent International in July 2020. The Auth0 deal sat alongside two further large March events: STG's $4.00B carve-out of McAfee Enterprise from McAfee Corp, and TPG Capital's $1.40B merger of Thycotic and Centrify into a combined identity platform. Three cyber M&A events at $1B-plus scale inside a single month, across distinct buyer cohorts (cyber-strategic, PE carve-out, PE platform-build), is a density the workbook does not have a prior parallel for — no prior month had cleared more than one $1B-plus cyber M&A event. March also produced the densest single-month transaction count the workbook had tracked through this point at 60 transactions, and the month's cumulative disclosed M&A reached $12.32B across five nine-figure events (Auth0, McAfee Enterprise, Thycotic/Centrify, PayPal's $200M Curv pickup in Crypto, and Dropbox's $165M DocSend acquisition in Data).

Funding activity ran $2.38B across 38 disclosed rounds — the largest disclosed funded month the workbook has tracked through March 2021. Snyk at $300M Series D+ in AppSec led the funded side and was the company's second workbook event after a $200M Series D+ in September 2020. Orca Security at $210M Series C in Detection/Response, Feedzai at $200M Series D+ in Fraud, SecurityScorecard at $180M Series D+ in Ratings, Coalition at $175M Series D+ in Cyber Insurance, and Jumio at $150M in Identity rounded out the funded headline cohort.

Identity carried the segment count with eleven March transactions across funded rounds and M&A combined — Auth0, Thycotic/Centrify, Jumio, Socure ($100M Series D+), and seven smaller events. AppSec ran five, Data ran six, and GRC ran five. The OSINT and Crypto segments make their first workbook appearances this month, via Mastercard's $52M acquisition of Gemini Advisory and PayPal's $200M acquisition of Curv respectively — both segments debuting through strategic M&A from non-cyber buyers entering identity-adjacent and crypto-adjacent categories.

Stage and segment breakdown

March 2021 Stage & Segment Breakdown
March 2021 Stage & Segment Breakdown
StageCount
Seed5
Series A10
Series B7
Series C6
Series D+7
Growth Funding1
Acquisition22
Top segmentsTransactions
Identity11
Data6
AppSec5
GRC5
Vulnerability4
Fraud3
New segment in the taxonomy this month: "OSINT", "Crypto" enter the Pinpoint segment taxonomy for the first time in March 2021. Emergent categories are added when they first appear in vendor positioning; this is the first workbook event in this classification.

Two deals worth your attention

Okta's $6.50B acquisition of Auth0. Okta agreed to acquire Auth0 at $6.50B, the largest cyber M&A event the workbook has tracked through March 2021. The deal combined the workforce-identity leader with the customer-identity (CIAM) leader inside Identity, closing a gap that both companies had operated against each other across roughly five years of competition. At $6.50B, the Auth0 deal sat roughly 4.5x above the prior workbook M&A record (Forescout/Advent International at $1.43B, July 2020) and marked the first time a pure-cyber strategic buyer had cleared a multi-billion-dollar acquisition at scale in the data set.

Snyk — $300M Series D+ in AppSec. Snyk raised $300M Series D+ for its developer security platform, the largest funded round of March and the company's second workbook event. The round followed a $200M Series D+ in September 2020 by six months — a 50% scale-up over the prior round size in the same segment classification — and confirmed that developer-first AppSec was clearing nine-figure rounds at compressed cadence.

Companies we've covered before

Snyk first appeared in September 2020 with a $200M Series D+ in AppSec. The March 2021 $300M Series D+ is Snyk's second tracked event, same segment classification, and a 50% step-up over the prior round in roughly six months.

Orca Security first appeared in May 2020 with a $20M Series A in Detection/Response, returning in December 2020 with a $55M Series B in the same segment. The March 2021 $210M Series C is Orca's third tracked event — same segment classification across all three — and one of the cleaner A-to-B-to-C single-segment ramps the workbook tracks inside cloud-native detection.

Auth0 first appeared in July 2020 with a $120M Series D+ in Identity. The March 2021 $6.50B acquisition by Okta closes a roughly eight-month workbook arc and is the largest CIAM-to-workforce-IAM combination the data set has tracked.

McAfee Enterprise first appeared in September 2020 with the McAfee Corp IPO event ($100M tagged in Endpoint). The March 2021 $4.00B carve-out by STG splits the Enterprise business out from McAfee Corp and is one of the larger PE-led cyber-asset carve-outs the workbook tracks through this point.

The other 58 transactions are in the data feed — including the 22 acquisitions whose values never hit the press. Get March's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2021-04-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.