May 2021 Cyber Funding & M&A Brief

Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.

At a glance

40 transactions
tracked across cybersecurity vendors in May 2021
$1.38B
in disclosed funding capital
30 funding rounds
— of which 12 were Seed or Series A
10 acquisitions — 1 with disclosed value ($400M Jamf–Wandera)

Get the full May 2021 dataset — every named company, round, investor, and segment.

What May told us

May 2021 ran a steady disclosed-funded month with thin M&A. Funding activity totaled $1.38B across 30 rounds — a near-match to April's $1.39B reading and a continuation of the multi-month $1B+ pattern the workbook had been tracking since March. Forter at $300M Series D+ in Fraud led the funded side, followed by Wiz at $120M Series B in Cloud, NetSPI at $90M growth in Training, Immuta at $90M Series D+ in Data, Salt Security at $70M Series C in API, and Arkose Labs at $70M Series C in Fraud. Twelve of the 30 rounds cleared at Seed or Series A.

Wiz's second Series B at $120M is the in-year repeat worth noting — the company had cleared a $130M Series B in March, making May a $250M cumulative Series B over two months in the same segment. Salt Security's $70M Series C extended the company's continuous API-segment funding arc to three rounds across roughly a year — Series A in June 2020 at $20M, Series B in December 2020 at $30M, Series C in May 2021 at $70M — a clean A-to-B-to-C ramp inside a single segment classification.

M&A column ran light on disclosed value but produced one nine-figure transaction. Jamf's $400M acquisition of Wandera in Zero Trust was the only disclosed M&A event of the month. The deal extended Jamf's Apple-device management platform into mobile threat defense for enterprise iOS deployments. Nine further acquisitions cleared without disclosed values — a column composition consistent with the workbook's mass-undisclosed M&A baseline.

Stage and segment breakdown

May 2021 Stage & Segment Breakdown
May 2021 Stage & Segment Breakdown
StageCount
Seed3
Series A9
Series B10
Series C5
Series D+2
Growth Funding1
Acquisition10
Top segmentsTransactions
AppSec5
Vulnerability3
API3
Detection/Response3
Identity3
GRC2

Two deals worth your attention

Forter — $300M Series D+ in Fraud. Forter raised $300M Series D+ for its e-commerce fraud prevention platform, the largest funded round of May. The round was Forter's second workbook event after a $125M Series D+ in November 2020 — same segment classification, 2.4x the prior round size, six months apart — and one of the larger Fraud-segment rounds the workbook had tracked through May 2021.

Jamf's $400M acquisition of Wandera. Jamf acquired Wandera at $400M, the only disclosed M&A event of May. The deal extended Jamf's Apple-device management platform into mobile threat defense and zero-trust networking for enterprise iOS deployments, a category extension consistent with the broader pattern of MDM/UEM vendors absorbing mobile-security specialist capabilities.

Companies we've covered before

Forter first appeared in November 2020 with a $125M Series D+ in Fraud. The May 2021 $300M Series D+ is Forter's second tracked event, same segment classification, and a 2.4x step-up over the prior round.

Wiz first appeared in December 2020 with a $100M Series A in Cloud, returning in March 2021 with a $130M Series B in the same segment. The May 2021 $120M Series B is Wiz's third tracked event — same segment classification across all three — and a second Series B inside two months, taking cumulative Series B to $250M.

Immuta first appeared in June 2020 with a $40M Series C in Data. The May 2021 $90M Series D+ is Immuta's second tracked event, same segment classification, and a clean C-to-D+ step-up inside data access governance.

Salt Security first appeared in June 2020 with a $20M Series A in API, returning in December 2020 with a $30M Series B in the same segment. The May 2021 $70M Series C is Salt Security's third tracked event — same segment classification across all three — and one of the cleaner A-to-B-to-C single-segment ramps the workbook tracks inside API security.

The other 38 transactions are in the data feed — including the 10 acquisitions whose values never hit the press. Get May's details and more →

Methodology

Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.

Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.

About Pinpoint Search Group

Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.

Get the underlying data

The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.

Subscribe to the data feed

Published 2021-06-05 · last updated 2026-06-25. The narrative and aggregate figures above are free; the full per-deal dataset is available to subscribers.