Changes in Tech and Regulatory Landscape
3–24–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, March 24, 2025, and we’re seeing some changes in both the tech and security landscape that are worth digging into this week.
$32B Is More Than $23B
There are two big trends that we’re tracking this week. The first is that it seems the concerns about the new administration’s approach to anti-trust have settled out and the M&A wave is coming roaring back, led by Google acquiring cloud security company Wiz for $32B.
Remember that Google had offered $23B for Wiz just last year, and were rebuffed. Reuters notes that “the real closer for Wiz and Google executives was the change at the White House that brought with it the prospect of a friendlier antitrust review under Trump” - but I’m sure the 10% - or $3.2B - breakup fee if the deal doesn’t go through didn’t hurt.
They aren’t the only big deal we saw, either. There’s plenty of others to choose from, whether it’s Ampere Computing being acquired by SoftBank for $6.5B, Moveworks getting snapped up by ServiceNow for $2.9B, NextInsurance going to Munich Re for $2.6B, Weights and Biases headed to Coreweave for $1.7B (who have since filed for IPO), or NinjaTrader being acquired by Kraken for $1.5B.
That’s a lot of movement, and while the dollars are big, so, too, will be the tech implications.
At the same time, beyond the more relaxed antitrust vibes driving these deals, the Trump administration also announced an Executive Order entitled “Achieving Efficiency Through State and Local Preparedness” - the basics of which are “aimed at giving states power "to make smart infrastructure choices" that address risks from cyberattacks and other physical disasters.”
“The order states it is the policy of the U.S. government that ‘state and local governments and individuals play a more active and significant role in national resilience and preparedness.’”
Unfortunately, budgets (and skillsets, and tools) on the State and Local side of the house are already strained. Friend of the show Mike Hamilton at Lumify Cyber notes “‘State budgets are already in trouble with the reduction in federal support, and difficult choices are being made,’ said Hamilton.
“Hamilton said the reduction in real-time threat information sharing, particularly within environments insulated from regulatory oversight, would be a "huge loss." States including Washington are already exploring ways to unite the public and private sectors to create state-run threat information centers.”
"Without the federal government's ecosystem of infrastructure protection - government coordinating councils, sector coordinating councils, ISACs - we're essentially on our own," he added.
But for those ISACs - Information Sharing and Analysis Centers - budgets have already been cut, a couple weeks back, when CISA dropped funding for both the Multi-State ISAC (known as MS-ISAC) and the Election Security ISAC.
So there’s just less and less to fall back on, and the landscape for defenders - instead of getting more united, is becoming more fragmented through these actions.
It’s interesting, then, to see the Wall Street Journal run an article this week entitled both “The Feds Need to Step Up on Cybersecurity” and “It’s Time for the Government to Get More Involved in Cybersecurity,” depending on when you click.
It’s interesting in that it essentially argues for more regulation from the Feds, something the Journal isn’t typically known for. In particular, it calls for:
More agency coordination (including expanded powers for both the FCC and FTC);
Breach Reporting Requirements (including establishing a new Cyber Statistics Bureau);
Mandatory Cybersecurity Standards (including establishing both liability protections and empowering regulators);
Product Liability Laws for Software (in the mode of Europe); and
Creating a Cyber Peace Corps.
What’s most interesting about this is many of these things are exactly what Jen Easterly and her team at CISA were working towards in the last administration. Clearly cyber priorities have changed, and perhaps the cynical view is that it’s easy for the Journal to call for these steps now, since there’s no hope of any of them ever happening under the current administration.
What does this mean for you and me?
It’s up to us. Make friends, build a network, learn your infrastructure, and get better at the basics. Funding, and Federal leadership, are receding, and we’re now at the front lines.
Fundraising
From a fundraising perspective, we saw more that $12B in newly committed capital, including:
Morgan Stanley Infrastructure Partners raised $4.1b for its fourth fund;
ICG raised €3b for its second European midmarket fund; and
Marathon Asset Management raised $2.7b for an opportunistic credit fund.
Given the transaction prices at the top of the show, that dry powder doesn’t sound like it’ll go very far, but we’re tracking about $170B raised so far in Q1 of 2025, so the aggregate remains strong.
Several tech IPOs may also provide liquidity and an ability to eventually restart the cycle for some of those founders and technical teams.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://cloudedjudgement.substack.com/p/clouded-judgement-32125-m-and-a-roars
https://www.whitehouse.gov/presidential-actions/2025/03/test/
https://therecord.media/cisa-cuts-10-million-isac-funding
https://www.wsj.com/tech/cybersecurity/america-cybersecurity-policy-need-reforms-56ada544