Never Mind AI – Here’s the Other Big Deal Driver in IT & Business Services

Earlier this year, Gartner adjusted its estimate of total global IT spending in 2024, with the previous forecast of $5.06 trillion being bumped up to $5.26 trillion – in large part thanks to the motivating factor that’s omnipresent in the tech industry right now: generative AI.

While the current “AI moment” is certainly a major theme of the latest IT & Business Services M&A report from Hampleton Partners, our analysts have also underscored another factor which is propelling both IT spending and M&A deal activity within this space. That factor is cybersecurity, which according to a survey of global by TechTarget/Enterprise Strategy Group published this year is the highest-priority spending target of senior IT decision makers around the world.

There are a few key reasons why cybersecurity is of paramount importance right now. First and foremost, the mass digitalisation and cloud migration seen in practically every business sector – which was accelerated by the pandemic and the normalisation of hybrid/remote working – has vastly increased the potential attack surfaces which cybercriminals and hackers can take aim at.

The likelihood of such attacks has been exacerbated by the geopolitical uncertainties and conflicts of recent years, and the concurrent risk of government organisations, critical infrastructure and commercial enterprises being targeted in spillover cyberattacks. Moreover, the increasing sophistication of threats, such as AI-enabled social engineering attacks, has made it more challenging to protect digital infrastructure with traditional safeguards like firewalls and antivirus software.

Another major impetus for the implementation of cutting-edge cybersecurity protocols is the need to comply with ever-more-stringent regulatory pressures. A prime example of this is the European Cybersecurity Scheme on Common Criteria (EUCC), which earlier this year was adopted as the first scheme within the EU cybersecurity certification framework. It provides software and hardware suppliers with a comprehensive framework of rules and technical standards requirements relating to cybersecurity features like encryption, network security and user authentication.

With such considerations weighing on the minds of small business entrepreneurs and the CISOs of large-scale enterprises and organisations alike, it’s unsurprising that investors are zeroing in on the cybersecurity companies which are providing solutions fit for today’s purpose. Here are some that have been on our radar.

A French startup which empowers organisations to protect themselves against cyber attacks, Filigran has enjoyed a bumper year of fundraising, closing a $16 million Series A in February and a $35 million Series B in October.

This reflects the firm’s fast growth since its founding in 2022, with giant organisations like Airbus and the FBI making use of OpenCTI and OpenBAS – Filigran’s digital platforms which enable cybersecurity teams to track and analyse malware and threat actors, and stress test their infrastructure by playing out simulated attack scenarios. While the platforms are open-source, Filigran generates revenue by providing fully managed SaaS packages incorporating its products, including an Enterprise Edition with enhanced features.

The zero trust cybersecurity model, which adheres to the principle of “never trust, always verify” and requires on-going verification of users even within network perimeters, is being increasingly leveraged in an era of highly complex cyber threats. A prime example of an innovative zero trust startup is XONA Systems.

Based in Maryland, the company has developed a user access platform for industrial operations, which deploys multifactor authentication, user session analytics, automatic video recording and other security protocols so that authorised personnel can access systems in environments such as oil fields and manufacturing plants with as little friction as possible. The company raised $18 million back in June, which its CEO said would help position XONA for “hypergrowth over the next few years”.

Another Maryland-based startup going great guns is Huntress, which was founded by former hackers in the employee of the US government and achieved unicorn status in June after a $150 million funding round.

The developer of a platform which assesses network data around the clock to detect threats, identify suspicious activity and carry out human-led investigations, Huntress has stood out in this crowded field by tailoring its solutions to small and mid-market companies, which it describes as “underserved and under-protected”. In the memorable wording of its CEO, “Huntress is not cybersecurity 500, we’re cybersecurity for the Fortune 5,000,000.”

Even in our digitally savvy times, cybersecurity hygiene can be lacking in businesses large and small, with too many workers still prone to using weak passwords, clicking malware links and falling prey to phishing attacks. Canada-based startup Protexxa has developed an SaaS platform which can improve cyber hygiene by detecting exposed passwords, carrying out AI-based threat analytics and dark web scans, and automatically pinpoint and remove deep fake images and videos.

The platform also creates personalised reports for employees, highlighting areas where their cybersecurity vigilance is lacking, and providing guidance on how they can sharpen things up. The company closed a $7.2 million Series A in July.

Yet another example of a business reaping the benefits of intense investor interest in cybersecurity is Dazz, which achieved a $50 million funding haul in July. The California-based startup focuses specifically on remediation, which it has recognised as an underserved area within the cybersecurity space – largely because sifting through networks for flaws and vulnerabilities can be a hugely finickity and time-consuming process. (In the accurate words of Dazz’s own website, “Who loves remediating vulnerabilities? No one.”)

The Dazz platform unifies security reports, using AI to automatically prioritise problems and suggest best fixes for strengthening IT infrastructure and prevent security breaches. The platform can integrate with numerous existing cybersecurity tools to optimise how organisations protect themselves from today’s threats.

If you’re a senior decision maker looking to navigate the bullish cybersecurity M&A market, or any subsector within IT & Business Services, say hello to Hampleton Partners Managing Director Konstantin Kastius to get the ball rolling.