Equity Research
State of Security : Key Cybersecurity Topics and Metrics
August 1, 2024
State of Security : Key Cybersecurity Topics and Metrics
State of Security : Key Cybersecurity Topics and Metrics
This document is being provided for the exclusive use of jamie.arestia@avepoint.com.
01 August 2024

State of Security

Key Cybersecurity Topics and Metrics

J.P. Morgan does and seeks to do business with companies covered in its research reports. As a result, investors should be aware that the firm may have a conflict of interest that could affect the objectivity of this report. Investors should consider this report as only a single factor in making their investment decision.

We review prominent industry developments and investor themes over the past few weeks, plans for the weeks ahead, and highlights of major recent news events in the Cybersecurity sector.

Select Topics to Follow

CrowdStrike: Global IT Outage

The IT outage caused by a CrowdStrike Falcon content update continues to evolve on a daily basis. We view the incident as a black eye for the company to recover from, but expect the quality of response from the company will go a long way toward supporting the business and the brand longer term. Customers in the U.S. woke up on July 19th to news of an outage but also to a solution, a company that had been working toward recovery through the night, and an executive team that was able to marshall immediate support of IT leaders and Government agencies while maintaining a high level of transparency. The impact of the outage will be discussed for years, but we believe the company can emerge with a favorable reputation and an ability to take share as a best of breed platform vendor longer term. Near-term, we expect fundamental headwinds will include credits to customers under SLAs, delayed/slipped/lost business, costs related to business interruption/recovery at customers, and incentives offered to customers over the next year. The latest questions we’ve fielded from investors involve the extent of legal exposure CRWD could have but we continue to think exposure will be capped at thresholds in contracts and channel conversations so far indicate that vendors with better IT management practices seem to have fared better than expected.

Notes
 

Wiz’s $23bn Takeover News Shifts

The Wall Street Journal reported that talks between Google (covered by JPM analyst Doug Anmuth) and Wiz fell apart, with Wiz deciding to pursue an IPO instead. While we have no knowledge of a deal or conversations and in spite of the news that talks fell apart, we think the news bodes well for Security Software valuations due to the high implied valuation reported in the article. The company most recently completed $1bn of Series E funding on May 7, 2024, putting the company’s pre-money valuation at $11.9bn. (Wall Street Journal)

News Emerges of Tenable Takeover Interest

Bloomberg this week reported that Tenable hired an advisor after receiving takeover interest. We note that we have no knowledge of a deal at this point and have not seen a company comment regarding the transaction. TENB shares appreciated over 8.5% over the past 5 trading days. The company reported its 2Q24 earnings results last night.

IBM Estimates Average Cost of Data Breach Hit $4.9mm

The cost of a data breach increased by 10% y/y in 2024, averaging roughly $4.9mm according to IBM’s Cost of a Data Breach Report. The increase in costs is largely associated with the combination of business disruptions and post-breach customer support and remediation. Over 70% of breached organizations reported that the cyber attack caused a significant or very significant business disruption. More than half of the organizations are passing through these costs to their customers. Fighting AI with AI remains important for Security, with over 67% of organizations deploying AI for Security, an increase of 10% y/y. AI in Security is helping lower the time and cost of a potential cyber attack by approximately 98 days and $2.2mm, respectively, compared to those with no AI use in prevention workflows. In our opinion, vendors will continue to leverage AI for Security.

Zscaler Reports 18% y/y Growth in Ransomware

As of April 2024, ransomware surged by 18% y/y, according to the Zscaler ThreatLabz 2024 Ransomware Report. In 2023 ransomware payments exceeded $1bn, and a ransom payout by a single company reached more than double the highest publicly known ransom payment at $75mm. The energy sector experienced the highest increase in ransomware attempts, at 527% y/y. Geographically, the US, UK and Germany saw the largest increase in ransomware attacks over the past year, at 102%, 50% and 35%, respectively. Breaches (particularly high-profile ones such as UNH and Microsoft) are prompting increased interest and awareness around the importance of Security, lending support for Cybersecurity spend, in our opinion.

2023 OpenAI Breach

Earlier this month, it was revealed that OpenAI suffered a hack last year regarding details on the design of its AI technologies. The hack breached an online forum discussing the details of the company’s latest AI technologies, but not its AI core systems. Employees and OpenAI’s board of directors were told about the breach in April 2023. The news was not shared with law enforcement agencies, nor the public, as no known information pertaining to customers or partners had been stolen, and the company did not believe this breach was a state sponsored attack. The breach raises fear of potential future hacks from foreign adversaries, and the company has already prevented five covert influence operations aimed at using its models for deceptive activity this year.

2024 Voice of the CISO

CISOs continue to face heightened concerns as the threat landscape continues to evolve. Roughly 70% of CISOs feel at risk of experiencing a material cyber attack over the next year according to 2024 Voice of the CISO report. Most CISOs are aware of the potential risks, and a little under half view their organization unprepared to cope with a targeted cyber attack, showing an increasing disconnect between awareness and preparedness of an organization’s security posture. CISOs view ransomware, malware, email fraud and cloud account compromise as the leading threats over the next year. Ransomware rose to the top of the list in 2024. Consolidation remains a key priority for CISOs, as Security budgets remain tight in the current macro environment, and almost half (48%) of CISOs have been asked to cut staff, delay backfills or reduce spending. Enterprises still have a desire to consolidate the number of vendors they need to manage, and we think that the Security Software market remains ripe for consolidation, expecting best-of-bread platforms will continue to benefit across our coverage universe.

Executive Changes

  • Check Point: In connection with its earnings release on July 24th, Check Point announced the appointment of a new CEO, Nadav Zafrir, who will assume the role in December 2024. See greater detail in our note.
  • Rapid7: On July 9th, RPD announced the promotion of three sales leaders to General Manager and that its Chief Customer Officer Mr. Larry D’Angelo stepped down on July 12, 2024 to pursue a new opportunity. See greater detail in our note.
  • CS Disco: CS Disco appointed Mr. Richard Crum to Executive Vice President and Chief Product Officer, who succeeded Mr. Kevin Smith on July 10th.
  • Cellebrite: The creation of Cellebrite Federal Solutions was announced on July 17th, and will include a board of independent directors spanning previously high ranking officials from U.S. Special Forces, Department of Homeland Security, 9/11 Review Commission and SAP. See greater detail in our note.

Notable Upcoming JP Morgan Events

Please reach out to your sales representative for more details.

  • J.P. Morgan Summer Series: Security Software - Webinar - Aug 20 at 11am ET - Registration link
  • J.P. Morgan US All Stars Conference - London - Sep 17-18
  • J.P. Morgan Software Forum - Napa Valley - Oct 8-9
  • J.P. Morgan Equity Opportunities Forum - Miami Beach - Nov 13-14

Figure 7: Upcoming On-cycle Earnings

August
Monday Tuesday Wednesday Thursday Friday
5 6 7 8 9
Fortinet (4:30pm ET) CyberArk(8:30am ET)
Rapid7(4:30pm ET) N-able(8:30am ET)
Qualys(5:00pm ET) CS Disco(5:00pm ET)
12 13 14 15 16
Cellebrite (8:30am ET)

Source: Company reports.

Performance and Valuation

Despite ongoing levels of elevated demand, we expect interest rates and macro uncertainty will remain primary factors that move multiples across our coverage universe ( Figure 8). Security multiples have continued to improve relative to Software overall (ex-Security) over the past year. In our view, valuation levels reflect better than anticipated performance across our coverage over the last few quarters relative to lower expectations due to conservative commentary from management teams and expectations for interest rate cuts beginning at the end of 2024. We note that average multiples for Security stocks we follow tend to be more volatile than the Software stocks we track due to a higher concentration of high growth, high multiple stocks in the cohort.

Figure 8: Historical View of Multiples

2010-July 2024

Source: Bloomberg Finance L.P., J.P. Morgan Research.

Growth premium materializing for those with balanced growth. Companies that read the room properly have focused on balanced growth with better profitability and have realized stock price appreciation driven by both fundamentals and multiples YTD. The growth premium we saw in 2021 and 2022 had evaporated by the beginning of 2023 due in part to a rising rate environment and growing macro concerns. However, we have recently begun to see a return of the growth premium, particularly for stocks that can deliver balanced growth and profitability ( Figure 10).

Consensus estimates remain reasonable. Security Software demand remains high and budgets are stable according to our industry conversations. Although elevated multiples still imply that buy-side bars are a little higher, consensus sell-side estimates remain reasonable in our view, and vendor commentary has driven consensus estimates lower for CY24. Consensus reflects lower revenue and billings growth expectations for CY24, which were revised lower by -1.2% and -2.4%, respectively, on average over the last year.

Our coverage universe now trades at an average of 8.6 x EV/CY24E sales as of 7/31/24 compared with 4.8x just prior to our industry initiation (1/20/23 for EV/CY23E sales).

Figure 13: Security Comps

As of 7/31/2024

Pricing Valuation
Price JPM Upside Market Current EV/Sales EV/Sales/G EV/EBITDA EV/FCF EV/(FCF-SBC) EV/ARR EV/ARR/G P/E
Company Ticker Rating 7/31/2024 PT (%) Cap EV CY24 CY25 CY24 CY25 CY24 CY25 CY24 CY25 CY24 CY25 CY24 CY25 CY24 CY25 CY24 CY25
Cellebrite DI Ltd CLBT Overweight 13.70 14.00 2% 2,696 2,420 6.4x 5.2x 0.31x 0.22x 31.0x 23.3x 23.6x 18.5x 31.6x 24.7x 6.1x 5.0x 0.23x 0.24x 40.3x 31.9x
Check Point Software Technologies Ltd CHKP Neutral 183.45 180.00 -2% 20,840 17,782 6.9x 6.5x 1.06x 0.91x 14.9x 13.8x 16.6x 16.0x 19.6x 19.1x 6.3x 5.9x 0.86x 0.87x 20.1x 18.3x
Crowdstrike Holdings Inc CRWD Overweight 231.96 330.00 42% 58,028 55,069 13.9x 11.1x 0.47x 0.45x 56.8x 41.2x 72.5x 39.1x --- --- 12.9x 10.2x 0.49x 0.40x 63.9x 49.4x
CyberArk Software Ltd CYBR Overweight 256.38 300.00 17% 12,239 12,002 12.8x 10.2x 0.48x 0.41x --- 56.6x --- 58.3x --- --- 12.1x 10.0x 0.42x 0.46x --- 65.7x
Fortinet Inc FTNT Neutral 58.04 63.00 9% 44,720 42,690 7.4x 6.5x 0.83x 0.47x 24.9x 21.6x 24.9x 21.3x 29.8x 25.5x 6.9x 6.0x 0.73x 0.40x 33.2x 29.8x
N-able Inc/US NABL Neutral 13.94 14.00 0% 2,609 2,805 6.0x 5.4x 0.56x 0.50x 17.0x 15.1x 31.9x 27.6x 73.8x 59.2x 6.0x 5.4x 0.64x 0.45x 31.7x 26.8x
Okta Inc OKTA Neutral 93.94 110.00 17% 15,732 14,567 5.7x 5.1x 0.44x 0.38x 28.7x 25.2x 25.8x 22.4x --- --- 5.6x 4.9x 0.49x 0.34x 39.5x 34.5x
Palo Alto Networks Inc PANW Overweight 324.73 340.00 5% 115,149 109,917 13.0x 11.3x 1.02x 0.78x 46.1x 38.0x 31.5x 29.4x 49.6x 48.1x 12.5x 10.8x 1.12x 0.71x 59.0x 50.3x
Qualys Inc QLYS Underweight 149.14 125.00 -16% 5,626 5,083 8.4x 7.7x 0.88x 0.90x 19.9x 18.3x 23.5x 20.9x 39.0x 34.4x 8.0x 7.4x 0.83x 0.90x 28.2x 25.5x
Rapid7 Inc RPD Neutral 39.34 46.00 17% 2,912 3,431 4.1x 3.8x 0.54x 0.51x 17.2x 15.3x 21.4x 18.5x 57.8x 44.1x 4.0x 3.8x 0.64x 0.58x 18.1x 17.7x
SentinelOne Inc S Overweight 22.90 25.00 9% 8,336 7,562 9.3x 7.3x 0.29x 0.27x --- 72.7x --- --- --- --- 8.2x 6.4x 0.29x 0.24x --- ---
Tenable Holdings Inc TENB Overweight 45.92 56.00 22% 5,450 5,297 5.8x 5.0x 0.41x 0.30x 30.1x 23.5x 26.9x 20.6x --- 73.6x 5.4x 4.6x 0.30x 0.26x 41.4x 31.9x
Varonis Systems Inc VRNS Overweight 55.13 59.00 7% 6,645 6,106 11.1x 9.8x 1.04x 0.77x --- --- 72.8x 56.2x --- --- 9.6x 8.4x 0.54x 0.56x --- ---
Zscaler Inc ZS Overweight 179.35 230.00 28% 27,634 25,394 11.0x 8.3x 0.43x 0.25x 48.2x 35.4x 51.4x 35.6x --- --- 10.4x 8.1x 0.51x 0.28x 60.4x 44.6x
Average 8.7x 7.4x 0.62x 0.51x 30.4x 30.8x 35.2x 29.6x 43.0x 41.1x 8.1x 6.9x 0.58x 0.48x 39.6x 35.5x
Median 7.9x 6.9x 0.51x 0.46x 28.7x 23.5x 26.4x 22.4x 39.0x 39.3x 7.4x 6.2x 0.52x 0.42x 39.5x 31.9x
High growth avg, >20% y/y 10.7x 8.4x 0.39x 0.32x 45.3x 45.8x 49.2x 37.9x 31.6x 24.7x 9.9x 7.9x 0.39x 0.32x 54.9x 47.9x
Low growth average, <20% y/y 7.6x 6.8x 0.75x 0.61x 19.2x 15.8x 30.6x 25.9x 44.9x 43.4x 7.1x 6.3x 0.68x 0.56x 33.9x 29.4x
Other Security Related JPM Coverage
Box Inc BOX Overweight 28.12 32.00 14% 4,183 3,988 3.7x 3.5x 0.96x 0.60x 12.1x 10.6x 11.4x 10.0x 27.2x 21.7x 3.7x 3.4x 0.96x 0.49x 17.9x 14.7x
Dropbox Inc DBX Neutral 23.92 29.00 21% 8,150 8,352 3.3x 3.2x 1.71x 1.21x 8.3x 7.9x 8.9x 9.0x 14.2x 14.1x 3.2x 3.2x 1.36x 1.57x 11.5x 10.9x
Datadog Inc DDOG Overweight 116.44 140.00 20% 41,450 39,412 15.2x 12.5x 0.64x 0.60x --- --- 53.5x 56.0x --- --- 13.9x 11.4x 0.55x 0.53x --- 67.3x
Dynatrace Inc DT Overweight 43.92 55.00 25% 13,214 12,377 7.8x 6.7x 0.40x 0.41x 53.6x 41.1x 37.7x 25.0x --- 55.0x 7.5x 6.4x 0.43x 0.38x 36.3x 29.7x
Elastic NV ESTC Overweight 109.67 128.00 17% 11,112 10,596 7.5x 6.5x 0.39x 0.41x 43.4x 33.1x 64.0x 45.0x --- --- 7.0x 6.1x 0.38x 0.41x --- 61.3x
Cloudflare Inc NET Neutral 77.50 80.00 3% 26,240 25,808 15.6x 12.3x 0.55x 0.46x --- --- --- --- --- --- 14.2x 11.3x 0.50x 0.43x --- ---
Non-Covered Security
BlackBerry Ltd BB -- 2.42 -- -- 1,426 1,391 2.3x 2.2x -0.09x 0.64x --- 32.7x --- 36.0x --- --- --- --- --- 73.5x
Gen Digital Inc GEN -- 25.99 -- -- 16,556 24,139 6.2x 6.0x 2.63x 1.92x 10.1x 9.7x 10.6x 17.8x 11.2x 19.7x --- --- 12.1x 10.9x
Palantir Technologies Inc PLTR -- 26.89 -- -- 64,539 60,671 22.5x 18.6x 1.05x 0.91x 66.6x 57.3x 67.9x 56.4x --- --- --- --- --- 68.8x
Rubrik Inc RBRK -- 37.20 -- -- 6,545 6,585 8.0x 6.3x 0.26x 0.23x --- --- --- --- --- --- --- --- --- ---
SecureWorks Corp SCWX -- 7.70 -- -- 665 618 1.9x 1.8x -0.19x 0.44x 63.0x 40.5x --- --- --- --- --- --- --- 60.8x
Total Security Average 8.6x 7.3x 0.68x 0.60x 32.9x 30.1x 35.6x 30.5x 35.4x 36.6x 8.2x 6.9x 0.61x 0.53x 34.2x 39.3x
Total Security Median 7.5x 6.5x 0.54x 0.47x 29.4x 25.2x 26.9x 25.0x 30.7x 30.0x 7.2x 6.3x 0.52x 0.44x 33.2x 31.9x

Source: Bloomberg Finance L.P., J.P. Morgan. DBX, DDOG, NET covered by Mark Murphy; BOX, DT, ESTC covered by Pinjalim Bora

New Federal Contracts

Federal spending continues to be an area of importance for security names as the US government develops and upgrades its IT security standards, agencies, and infrastructure. We track new security contracts and dollar amounts for our covered companies, but note that new federal contracts (both volume and value) typically peak in the second and third quarters of the calendar year from the federal appropriations cycle and agency budget flush. Additionally, new contract awards can be lumpy and span multiple years. However, we view these contracts as a growing opportunity for security vendors as federal budgets are expected to continue to increase ( Figure 16). We expect federal spending will remain elevated compared to discretionary spending growth overall.

Figure 14: FedRAMP Marketplace Approval Status

As of 6/29/24

CHKP None listed on FedRAMP marketplace website.
CLBT Announced intent to certify, none yet listed on FedRAMP marketplace website.
CRWD CrowdStrike Falcon Platform is Authorized, Moderate Impact. Falcon Platform for Government (High) is Ready, High Impact.
CYBR Endpoint Privilege Manager and Identity for Government are Authorized, High Impact.
FTNT None listed on FedRAMP marketplace website.
NABL None listed on FedRAMP marketplace website.
NET Cloudflare for Government is Authorized, Moderate Impact.
OKTA IDaaS Government High Cloud (GHC) is Authorized, High Impact. IDaaS Regulated Cloud is Authorized, Moderate Impact.
PANW Government Cloud Services is Authorized, Moderate Impact. GCS-HIGH is in Process, High Impact.
QLYS Qualys Cloud Platform is Authorized, Moderate Impact.
RPD InsightCloudSec for Government is Ready, Moderate Impact
S SentinelOne Singularity Platform is Authorized, Moderate Impact. Singularity Platform High is in Process, High Impact.
SPLK Splunk Cloud for FedRAMP Moderate is Authorized, Moderate Impact. Splunk Cloud for FedRAMP High is in Process, High Impact.
TENB Tenable.io is Authorized, Moderate Impact. Tenable Cloud Security for US Government (Ermetic) is in Process, Moderate Impact.
VRNS Varonis Data Security Platform and DatAdvantage Cloud are in Process, Moderate Impact.
ZS ZPA (Zero Trust Exchange) and ZIA (Secure Web Gateway) are Authorized, Moderate Impact. ZPA (Zero Trust Networking) and ZIA (Secure Web Gateway - High) are Authorized, High Impact.

Source: marketplace.fedramp.gov

Partnerships and Acquisitions

Security Software has historically been a sector in which a great deal of innovation occurs at the private company level. As a result, partnerships and acquisitions have also been meaningful. Cash conservation remains a focus considering the macro environment, but we continue to believe we will see meaningful consolidation and partnerships ahead. We have seen M&A activity pick up recently as multiples hover at more reasonable levels compared to recent years, and we expect to see more of this throughout 2024. Some recent financing rounds have been surprising but we have also seen a number of ‘down rounds,’ implying rationalization of valuation for some private companies.

Figure 17: M&A Reaccelerating YTD

Source: J.P. Morgan, Company reports.

Recent notable announced transactions this month:

  • RPD acquisition of Noetic Cyber. Rapid announced on July 1st that it has signed an agreement to acquire Noetic Cyber. The acquisition will add CAASM (cyber asset attack surface management) capabilities to RPD’s security solutions and will help increase visibility across an organization’s cloud and on premise security posture. We think the acquisition of Noetic Cyber makes sense as ASM has become a relatively standard feature in the market. See our note for greater detail.
  • CLBT acquisition of Cyber Technology Services. Cellebrite announced on July 17th that it has signed a definitive agreement to acquire Cyber Technology Services (CyTech) as well as officially establish Cellebrite Federal Solutions to better serve the US Federal sector. The acquisition will add CyTech’s professional services business in cybersecurity, forensics and incident response to the company’s new unit, Cellebrite Federal Solutions, expanding the company’s partnerships with US Federal customers and accelerating the company’s ability to participate in certain types of business, such as classified government business. See our note for greater detail.

Figure 18: Security Software M&A

July 2024

Target Acquirer / Lead Target Sector Buyer Type Enterprise Value ($M) Date
Protect AI SydeLabs GenAI Security Strategic 7/31/2024
Code42 Mimecast Data Security Strategic 7/24/2024
Aspectra AG Convotis GmbH Application Security Strategic 7/18/2024
OnSolve GardaWorld Event Management Strategic 7/17/2024
Emagined Security Neovera SOC security Strategic 7/17/2024
Cyber Technology Services Cellebrite Security Services Strategic 7/17/2024
Polarity ThreatConnect Security Risk Assessment & Management Strategic 7/9/2024
Wallet Guard Consensys Web3 Security Strategic 7/3/2024
Secure Enterprise Engineering SIXGEN Managed Security Services Strategic 7/2/2024
Noetic Cyber Rapid7 CAASM Strategic 7/1/2024

Source: Company reports.J.P. Morgan.

Recent Partnership Activity

Notable Events Coming Up

Figure 19: Upcoming Notable Events

Event Upcoming Dates Location
Black Hat USA 8/3-8/8/24 Las Vegas, NV
DefCon 8/8-8/11/24 Las Vegas, NV
Salt Lake City Cybersecurity Conference 8/15/24 Virtual and Salt Lake City, Utah
JPM Summer Series: Security Software Webinar 8/20/24 Virtual
DFIR Summit & Training 2024 8/22-8/29/24 Virtual and Salt Lake City, Utah
DAFITC 2024 8/26-8/28/24 Montgomery, AL
Philadelphia Cybersecurity Conference 8/29/24 Philadelphia, Pennsylvania
GoSec 24 9/11-9/12/24 Montreal, Canada
CrowdStrike Fal.Con 9/16-9/19/24 Las Vegas, NV
JPM US All Stars Conference 9/17-9/18/24 London, UK
Mandiant WISE 9/18-9/19/24 Denver, CO
Gartner Security & Risk Management Summit 9/23-9/25/24 London, UK
Gartner CIO & IT Executive Conference 9/23-9/25/24 Sao Paulo, Brasil
IDC Security Forum 9/26/24 Kobenhavn, Denmark
JPM Software Forum 10/8-10/9/24 Napa, CA
Okta Oktane 10/16/24 Las Vegas, NV
SINET 10/16/24 New York, NY
JPM Equity Opportunities Forum 11/13-11/14/24 Miami Beach, FL
Fortinet Analyst Day 11/18/24 New York, NY
SentinelOne Onecon (TBD) November TBD
AWS re:Invent 12/2-12/6/24 Las Vegas, NV
Black Hat Europe 12/9-12/12/24 London, UK

Source: J.P. Morgan.

Latest 8ks: Cybersecurity Incidents

In December 2023, the SEC’s rule, requiring disclosure of material cybersecurity incidents through the filing of Form 8-K, became effective. Below are the incidents and 8ks filed over the past month, and whether the company believes it may have a material impact on the company.

Figure 20: Latest Disclosed Cybersecurity Incidents

8-Ks filed July 2024

Company Filed Time of Incident Expected Impact
Affirm 7/01/2024 Jun-24 Non-material
HealthEquity 7/04/2024 1H24 Non-material
Sonic Automotive 7/05/2024 Jun-24 Material impact on 2Q24 earnings
AT&T 7/12/2024 Apr-24 Non-material
AutoNation 7/15/2024 Jun-24 EPS for 2Q24 earnings: -$1.5/share
Repligen 7/15/2024 Jul-24 Non-material
Bassett Furniture Industries 7/15/2024 Jul-24 TBD
Cadre 7/19/2024 Jul-24 TBD
Crimson Wine 7/25/2024 Jun-24 Material impact - offset by cybersecurity insurance

Source: SEC.gov

Head Count Activity

Over the past few years, public and private company layoffs have increased as a gross total and as a percentage of the total workforce ( Figure 21), which we view as evidence of increased focus on operational efficiency as macro headwinds have tempered growth expectations.

7/1/24-7/30/24: Aqua Security and EverC both laid off 10% of their workforce. CyberProof had a RIF of 7%.

Figure 21: Public and Private Security Labor Reductions by Company

As of 7/30/24

Source: Layoffs.fyi

Select Recent Industry News

07/31/24: Microsoft says massive Azure outage was caused by DDoS attack (Bleeping Computer)

Implementation of defenses against DDoS attacks amplified the massive Microsoft Azure and Microsoft 365 outage on 30th July 2024.

07/31/24: Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million (CNBC)

Delta canceled more than 5,000 flights in the wake of the outage, and Delta CEO Ed Bastian said the massive IT outage earlier this month that stranded thousands of customers will cost it $500 million.

07/30/24: CrowdStrike down after report Delta Air to seek compensation over IT outage (Reuters)

Delta  will reportedly seek compensation from CRWD over the recent global IT outage.

07/29/24: Columbus says it thwarted overseas ransomware attack that caused tech shutdown (The Columbus Dispatch)

The city of Columbus said that it thwarted an overseas ransomware attack that led the city to shut down much of its technology during the past 10 days.

07/29/24: HealthEquity says data breach impacts 4.3 million people (Bleeping Computer)

The Health Savings Account provider reported that the PII of 4.3mm people was compromised in a data breach on 9th March 2024.

07/29/24: Proofpoint settings exploited to send millions of phishing emails daily (Bleeping Computer)

Threat actors exploited weakness in Proofpoint and dispatched an average of 3mm spoofed emails daily to customers of Fortune 100 companies.

07/28/24: Cyberattacks Present Shipping Industry’s Biggest Threat Since WWII (PYMNTS)

The shipping industry saw 64 cyberattacks last year compared to just three in 2013. More than 80% of the incidents were state-sponsored efforts from Russia, China, North Korea or Iran.

07/27/24: Ukraine Hacks ATMs Across Russia in Ongoing Massive Cyberattack (Kyiv Post)

Ministry of Defense of Ukraine launched a cyberattack on the 23rd July against Russia’s banking sector disrupting ATM services.

07/26/24: Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services (Krebs on Security)

A vulnerability in authentication process enabled threat actors to gain access to thousands of Email Verified (EV) Google Workspace accounts since late June 2024. The issue has been resolved and the attackers did not do any harm to Google services.

07/26/24: France launches large-scale operation to fight cyber spying ahead of Olympics (The Record)

French authorities launched “disinfection operation” to remove an espionage malware, PlugX, infecting at least 3000 devices in France.

07/25/24: Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware (TechCrunch)

Spytech, a spyware maker, has compromised at least 10,000 devices since 2013 across Windows PCs, Android devices, Macs and Chromebooks.

07/25/24: Google Boosts Chrome Protections Against Malicious Files (Security Week)

Google announced improved and automatic protection for its browser customers against malicious files.

07/25/24: Network of 3,000 GitHub Accounts Used for Malware Distribution (Security Week)

Stargazers Ghost Network, a network of over 3,000 GitHub accounts, has been operating a distribution-as-a-service (DaaS) distributing information-stealing software since July 2023. It allegedly earned over $100,000 since the inception.

07/25/24: North Korean Charged in Cyberattacks on US Hospitals, NASA and Military Bases (Security Week)

According to the FBI, North Korea state-backed ransomware attacked 17 entities across US healthcare providers, NASA, US military bases and international entities, leading to a breach of information related to fighter aircraft, missile defense systems, satellite communications and radar systems.

07/25/24: Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products (Security Week)

Nvidia released patches for vulnerabilities in its Jetson products, designed for robotics and embedded edge AI applications, and Mellanox OS and its successor Onyx, system for data centers.

07/25/24: Secure Boot is completely broken on 200+ models from 5 big device makers (ARS Technica)

Secure Boot, the tool to prevent infection of BIOS, was compromised on more than 200 models sold by Acer, Dell, Intel, and others.

07/24/24: Activists accuse proposed UN Cybercrime Treaty of empowering surveillance, repression (The Record)

The latest U.N. Cybercrime Treaty received criticism from human rights and privacy advocates. The Treaty is said to be a threat to free speech and privacy, and a tool to empower authoritarian regimes.

07/24/24: Cellebrite Sent The FBI Unreleased Software To Crack The Trump Shooter’s Phone (TechDirt)

Cellebrite’s Federal team assisted the FBI to decrypt the mobile of Trump’s shooter.

07/24/24: Fortune 500 firms to see $5.4 bln in CrowdStrike losses, says insurer Parametrix (Reuters)

Recent IT outage will lead to financial losses of $5.4bn for Fortune 500 companies, excluding Microsoft, and insurance claims to range from $540mm to $1.08bn, said insurer Parametrix.

07/24/24: Meta takes down 63K romance scammer accounts (Axios)

Meta removed 63,000 Nigeria based accounts involved in an financial sextortion scam targeting U.S. adults.

07/24/24: Phone lines down in multiple courts across California after ransomware attack (AP News)

The Superior Court of Los Angeles suffered a ransomware attack on 19th July 2024 resulting in a loss of phone lines for 36 courthouses in the County.

07/23/24: How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter (Wired)

Russia-based hackers infused malware switched off heat and hot water to hundreds of buildings in Ukraine in January 2023.

07/22/24: BBVA opens global cybersecurity centre in Mexico (Finextra)

BBVA, a spanish financial services company, announced a cybersecurity center in Mexico in alliance with Telefonica Tech to bolster its security posture.

07/22/24: FCC, Tracfone Wireless reach $16M cyber and privacy settlement (Cyber Scoop)

The FCC directed Tracfone, the prepaid phone provider, to secure their APIs after the compromise of customers’ sensitive information in a breach between January 2021 and 2023. The company will pay the FCC $16mm in penalty.

07/22/24: Quantum Leap: Advanced Computing Is a Vulnerable Cyber Target (Dark Reading)

Vulnerabilities to quantum computing systems are similar to those of current classic computing systems, according to the latest research by Transilvania Quantum, creator of open source quantum computing platform Uranium, and Bitdefender.

07/22/24: Safety Equipment Giant Cadre Holdings Hit by Cyberattack (Security Week)

Cadre ,a safety and survivability equipment company, was hit by a cyberattack on 15 July 2024.

07/22/24: Threat Hunting Market Worth $6.9B by 2029 (Dark Reading)

Threat hunting market is expected to grow from $3.4bn to $6.9bn by 2029.

07/22/24: U-M cyberattack compromised Michigan Medicine patient data of 56,000 people (Detroit Free Press)

Personal and medical information of more than 56,000 people was compromised in a break in May at Michigan Medicine, the academic medical center of the University of Michigan.

07/20/24: SBA Announces $3M in Grants to Improve Cybersecurity for Small Businesses (Small Business Trends)

The US Small Business Administration announced $3mm in grants in the latest round of its Cybersecurity for Small Businesses Pilot Program.

07/19/24: Lawmakers propose healthcare cybersecurity bill to tackle growing threats (Quartz)

The Healthcare Cybersecurity Act, a bipartisan bill introduced in the US, requires the CISA and Department of Health and Human Services (HHS) to work together to improve the industry’s security posture,

07/19/24: Russia, China Sell Cyber Weapons to Hamas, Cybersecurity Expert Claims (News Week)

Hamas allegedly acquired sophisticated criminal malware from Russia, China, or Iran to conduct state-sponsored espionage on Israeli Defense Forces and other government agencies.

07/19/24: US sanctions alleged Russian hackers who claimed attacks on US water facilities (CNN)

The US sanctioned two members of a Russia based hacker CARR for attacks against US water facilities in January 2024.

07/18/24: Most SEC charges dismissed in SolarWinds hack case (Axios)

Charges related to inaccurate and misleading statements by SolarWinds in its IPO registration were dismissed by the US district court.

07/18/24: UK national blood stocks in 'very fragile' state following ransomware attack (The Record)

Ransomware attack on Synnovis, a pathology services provider, caused significant risk to the supply of blood affecting clinical care. The attack also led to postponement of 1,400 surgeries and 6,000 appointments.

07/18/24: WazirX halts withdrawals after losing $230 million, nearly half its reserves (TechCrunch)

WazirX, an Indian crypto exchange, lost $230mm, almost half of its reserves, in a cyberattack.

07/17/24: Change Healthcare's Breach Costs Could Reach $2.5 Billion (GovInfo Security)

UnitedHealth, parent company of Change Healthcare, noted that costs related to ransomware attack on its subsidiary are likely to hit $2.45bn. The costs already totaled $1.98bn as of 30 June 2024.

07/17/24: Interpol Arrests 300 People in a Global Crackdown on West African Crime Groups Across 5 Continents (Security Week)

Interpol, during operation Jackal III, arrested 300 people, seized $3mm and blocked 720 bank accounts related to online financial fraud by the West African organized crime groups.

07/17/24: Iran's MuddyWater phishes Israeli orgs with custom BugSleep backdoor (The Register)

Iran’s state-backed cyber espionage crew, MuddyWater, has conducted multiple phishing attacks on Israeli organizations.

07/17/24: MNGI Digestive Health Data Breach Impacts 765,000 Individuals (Security Week)

The healthcare provider reported a data breach on 20 August 2023, compromising PII of over 765,000 individuals.

07/17/24: Over 400,000 Life360 user phone numbers leaked via unsecured API (Bleeping Computer)

Life360, a location services provider, suffered a data breach that compromised personal information of over 400,000 customers, due to an unsecured API endpoint.

07/17/24: Ransomware Attack Disrupts Bassett Furniture Manufacturing Facilities (Security Week)

The furniture manufacturer and retailer suffered a ransomware attack on 10 July 2024. The company believes no personal information of consumers was compromised.

07/17/24: Ransomware attacks are hitting energy, oil and gas sectors especially hard, report finds (Cyber Scoop)

Sophos, a british software company, noted in a report that more than half of energy, oil and gas, and utilities are taking longer to recover from ransomware attacks in 2023, up from 19% in 2022.

07/17/24: Rite Aid Says Hack Impacts 2.2M People as Ransomware Gang Threatens to Leak Data (Security Week)

Rite Aid suffered a data breach in June, compromising information of 2.2 million of its customers.

07/17/24: Senators seek answers from AT&T in massive hacking of US customer call data (Reuters)

Senators asked AT&T to answer questions relating to the data breach suffered in April 2024 that compromised the PII of 109mm accounts.

07/16/24: Kaspersky to shut down US operations, lay off employees after US government ban (TechCrunch)

Kaspersky, the Russian cybersecurity giant, announced the gradual shutdown of its US operations after a ban on sale of the company’s software by the Commerce Department, effective 20 July 2024.

07/16/24: Microsoft Purview Data Governance will be generally available September 1, 2024 (Microsoft Blog)

Microsoft announced general availability from 1 September 2024 of its AI-powered data management and access solution. The solution will have Copilot capabilities, tight integration with Fabric, and a broader partner network.

07/16/24: NATO to Establish New Cyber Center in Belgium (Security Week)

NATO announced the NATO Integrated Cyber Defense Center (NICC) to inform NATO military commanders on possible threats and vulnerabilities in cyberspace, including privately-owned civilian critical infrastructure.

07/15/24: AT&T Breach Linked to American Hacker, Telecom Giant Paid $370k Ransom: Reports (Security Week)

AT&T paid $370,000 in ransom to a member of the hacker group, ShinyHunters, in May 2024 through 5.7 bitcoins.

07/15/24: Internal Disney Communications Leaked Online After Hack (WSJ)

Data from Disney’s internal Slack, dating back to at least 2019, has been leaked online. The data includes discussions about ad campaigns, software development and leadership programs.

07/15/24: Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security)

Dozen of domain names registered with Squarespace suffered a breach between 9 July and 12 July 2024.

07/12/24: EU’s AI Act gets published in bloc’s Official Journal, starting clock on legal deadlines (TechCrunch)

The EU AI Act, the European Union’s flagship regulation for AI, has officially been published, with the new law coming into force by mid 2026. The framework puts different obligations on AI developers that will have to now weigh both potential use cases and perceived risks.

07/12/24: Unprecedented: Cloud Giants, Feds Team on Unified Security Intelligence (Dark Reading)

The Cloud Safe Task Force (CSTF) partnered with the top five US cloud companies to create National Cyber Feed Initiative. The initiative aims to continuously monitor the security posture of government’s cloud infrastructure.

07/11/24: Companies Sharply Criticize Draft U.S. Cyber Reporting Rules (WSJ)

Industry lobby groups in the US expressed concerns over the latest rules from CISA regarding cyber incidents, citing that they are confusing, burdensome and often duplicate existing rules.

07/11/24: How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom (CNN Business)

CDK Global, a provider of software to car dealers in the US, paid almost $25mm through 387 bitcoins on 21 June 2024 to settle the cyberattack suffered in mid-June 2024.

07/11/24: Microsoft's Partnership With Middle East AI Firm Under Scrutiny (Dark Reading)

Microsoft’s collaboration with Group42, an UAE-based AI company, has come under scrutiny over its ties with China. The US looks to safeguard its AI technology from misuse by China and Russia.

07/10/24: SaaS Security in Europe: A Report Card (Infosecurity Magazine)

More than 70% of security professionals in Europe see SaaS security as a moderate to high priority with 57% of enterprises establishing dedicated SaaS security teams and 26% of European enterprises increasing their SaaS security budget.

07/09/24: Australia's cybersecurity agency says China-backed hackers behind online crimes (NBC News)

Australia’s Cyber Security Centre accused a China’s Ministry of State Security-backed group of cyber attacks on Australian networks in 2022.

07/09/24: Exclusive Networks Confirms Receipt of a Non-Binding Indication of Interest From a Consortium of Investors Led by CD&R and Permira (Press Release)

Exclusive Networks, a specialist cybersecurity distributor, received a non-binding offer from  Clayton Dublier & Rice (CD&R), in consortium with Permira, for a consideration of €24.25/share implying €2.2bn equity valuation.

07/09/24: Financial Services Key Target as Cyberattacks Surge: Report (Financial Advisor IQ)

Almost a quarter of cyberattacks were targeted at financial services firm during the first quarter CY24, according to a report from BlackBerry.

07/09/24: Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella (Help Net Security)

The letter notes Microsoft’s inadequate response at times of cyberattacks and need to bring in right leadership to fix the growing security risks at the company.

07/09/24: US Justice Department says it disrupted Russian social media influence operation (Reuters)

The US Justice Department seized two domain names and nearly 1000 social media accounts involved in an AI-enhanced Russian disinformation operation.

07/09/24: Why Microsoft has asked employees in China to stop Android phones and only use iPhones at office (Times of India)

Microsoft set to restrict corporate access from Android-powered devices in China as a part of its Secure Future Initiative to standardize employee cybersecurity practices.

07/08/24: Artificial Intelligence Boom Lifts Paychecks for CIOs (WSJ)

The boom in AI has led to an increase in compensation for CIOs and CTOs, which are now up by more than 20% since 2019. Additionally, more than half of US-based CIOs now report directly to CEOs.

07/08/24: Mandiant Highlights Russian and Chinese Cyber Threats to NATO on Eve of 75th Anniversary Summit (Security Week)

Google’s Mandiant highlighted intelligence, disinformation, and disruptive cyberattacks from Russian and Chinese state-backed actors during the 75th NATO Anniversary Summit.

07/08/24: Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation (Security Week)

Determination and enforcement of the US cybersecurity regulations are now subject to independent judgement of the courts after the Supreme Court overruled the Chevron Doctrine.

07/06/24: Russian-Linked Cybercampaigns put a Bull’s-Eye on France. Their Focus? The Olympics and Elections (Security Week)

Russia has intensified cyberattack efforts towards France centered around French legislative elections and the Paris Olympics 2024.

07/05/24: EU Opens Applications for Cybersecurity and Digital Skills Funding (Infosecurity Magazine)

The European Union opened applications for the latest funding round of its Digital Europe Programme (DEP). The funds will be used for deployment of state-of-the-art cybersecurity technologies and tools, and delivery of higher degree education in key digital technology areas.

07/04/24: California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition (Security Week)

California voted to advance legislation requiring AI developers to test their systems and add safety measures to prevent malicious uses.

07/04/24: Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers (Security Week)

Twilio suffered a data breach from an unauthenticated endpoint, leading to 33mm phone numbers being compromised.

07/04/24: US lending support to help fend off cyber, disinformation attacks on Paris Olympics (Politico)

CISA and other branches of the US administration are working with France to provide cybersecurity support for critical infrastructure during the Summer Olympics 2024.

07/03/24: First round of French election: party attacks and a modest traffic dip (Cloudflare Blog)

Three French political parties experienced multiple DDoS attacks in the first round of legislative elections in France.

07/02/24: Affirm fears customer info pilfered during ransomware raid at Evolve Bank (The Register)

Buy-now-pay-later firm Affirm believes that personal information of Affirm Card holders has been compromised in a recent cyber attack on Evolve Bank & Trust, the banking-as-a-service provider.

07/01/24: Cyber insurance rates fall as businesses improve security, report says (Reuters)

Improvement in security posture and rising appetite of insurers has led to double-digit price reductions in cyber insurance in 2023-24.


 

Private Company News

07/29/24: Cato Networks Surpasses $200 Million, Doubles ARR in Under Two Years (Press Release)

Cato Networks, the creator of SASE, has surpassed $200mm in annual recurring revenue (ARR) in 2Q24, doubling its ARR in under two years. It was named a leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE.

07/25/24: Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads (Security Week)

Chainguard, a software supply chain security startup, has raised $140mm in a Series C round of funding led by Redpoint Ventures, Lightspeed Venture Partners, and IVP. The funds will be used for market expansion including the US public market and product development.

07/24/24: Dazz Secures $50 Million to Accelerate AI-Powered Cloud Security Remediation (TechCrunch)

Dazz, a leader in unified security remediation, has raised $50mm in its latest funding round co-led by Greylock Ventures with participation from Cyberstarts, Insight Partners and Index Ventures.

07/24/24: Vanta Raises $150 Million Series C Funding to Fuel Enterprise Expansion and AI Innovation (Business Wire)

Vanta, the leading trust management platform, has raised $150mm in a Series C funding round led by Sequoia Capital, Growth Equity at Goldman Sachs Alternatives, J.P. Morgan, and existing investors. The funds will be used for global market penetration, product innovation, and to increase upmarket momentum.

07/22/24: Enveil Wins Army Linchpin Contract to Deliver Secure AI (Press Release)

Enveil, focused on Privacy Enhancing Technology (PET) and securing Data in Use, is one of the two companies selected by the US Army to provide Secure AI capabilities for the army’s initiative Project Linchpin.

07/22/24: Linx emerges from stealth with $33M to lock down the new security perimeter: Identity (TechCrunch)

Linx, a Identity management focused startup, has raised $33mm co-led by Index Ventures and Cyberstarts.

07/17/24: Kandji Raises $100 Million in Funding to Advance Apple in the Enterprise (Press Release)

Kandji, focused on endpoint security of Apple devices, has raised $100mm in capital from General Catalyst. The funds will be used for product innovation and engineering, and investments in sales & marketing.

07/17/24: Neovera acquires Emagined Security to strengthen cybersecurity services (Silicon Angle)

Neovera, a managed IT services provider, acquired Emagined Security Inc., a cybersecurity company focused on Managed Detection and Response, for an undisclosed sum.

07/17/24: Pindrop Security Raises $100 Million to Expand Deepfake Detection Technology (Security Week)

Pindrop Security, a voice fraud detection specialist, has raised $100mm in debt financing from Hercules Capital. The funds will be used for product development and innovation to counter the expanding threat of AI-generated voice deepfakes.

07/15/24: IoT Security Firm Exein Raises $16.3 Million (Security Week)

Exein, an IoT-embedded cybersecurity firm, has raised $16.3mm in Series B funding led by 33N. The company will use the funds to expand across Europe, the US, and Asia and double its employee base.

07/10/24: Cytactic Raises $16 Million Seed Funding Round Led by Evolution Equity Partners (Business Wire)

Cytactic, a cyber crisis response management and recovery platform, has raised $16mm in its seed round, led by Evolution Equity Partners. The funds will be used to help the platform continue to scale, as well as expand the company’s partnerships.

07/02/24: Odaseva Raises $54M Series C Round to Expand Product Offerings and Continue Category Leadership(Dark Reading)

Odaseva, the Salesforce data security platform, raised $54mm in its Series C round, led by Silver Laker Waterman. With this latest investment, Odaseva has raised $93.23mm to date. This latest stage of funding will help accelerate product development and investment into deepening its global reach, as well as continue to hire top talent at the executive level.

Recent Webinars

07/17/24: REPLAY | Securing AI: Cybersecurity Insight Call with HiddenLayer

Recent Research

07/30/24: Varonis: Beat and Raise With Another Strong Quarter of Transition Progress

07/29/24: CrowdStrike: Delivering a Master Class on Incident Response; Remain Overweight, Adjusting Price Target to $330, Removing from AFL

07/26/24: Security Software Earnings Preview: 2Q24 Previews: TENB and VRNS

07/25/24: International Business Machines: Software & Infrastructure Driven Beat Offset by Consulting Headwinds

07/24/24: Check Point Software: Better Billings Growth Offset by Elevated Opex, New CEO Appointed

07/24/24: Security Software: Read-Through From Exclusive Networks’ 2Q24 Results

07/24/24: Security Software: Read-Through From Exclusive Networks’ 2Q24 Results

07/24/24: Check Point Software: 2Q24 First Take

07/22/24: Security Software Meeting Takeaways: Insights into Securing AI with HiddenLayer

07/21/24: International Business Machines: Preview: Expecting Healthy Software Growth Offset by Consulting and Infrastructure Headwinds

07/19/24: CrowdStrike: Outage Disruptive But A Long-Term Buying Opportunity

07/19/24: CrowdStrike: Outage Disruptive But A Long-Term Buying Opportunity

07/18/24: Check Point Software: Earnings Preview: Waiting For Meaningful Fundamental Improvement

07/17/24: Cellebrite: Leaning into US Federal Business

07/16/24: Security Software: Market Share Data Highlights Endpoint Strength for CRWD, S, and PANW

07/14/24: Security Software: WSJ Reports Google in Talks to Acquire Wiz

07/10/24: Rapid7: Preliminary 2Q24 ARR & Management Changes Announced

07/07/24: Security Software: MSFT SSE Now Generally Available

07/03/24: Software Landscape Biweekly Benchmarking

07/02/24: CS Disco: Challenging Setup for a Turnaround with Multiple Headwinds Ahead, Downgrade to Underweight

07/02/24: Rapid7: Expanding Into ASM with Noetic Cyber Acquisition