Venture capital investments in cybersecurity firms keeps shrinking with less capital raised and fewer deals compared to the year prior, according to Crunchbase data released Thursday.

Cybersecurity startups raised almost $1.9 billion during the third quarter, marking a 30% drop from the $2.7 billion raised in the year-ago period. The 153 deals in the quarter also reflected a 17% year-over-year decline.

A lack of big, late-stage deals is partly at fault for the collective squeeze on VC funding in the sector. Crunchbase tracked five deals of at least $75 million during Q3, but noted there were almost a dozen rounds of the same size a year ago.

The top three cybersecurity funding rounds in Q3 were allocated to Cato Networks, Nile and OneTrust – accounting for about 30% of all venture capital raised during the quarter.

The latest lookback on VC activity in cybersecurity reflects a pragmatic period in an industry oversaturated with vendors and overlapping tools.

Absent a quick and significant turnaround in dealmaking, the cybersecurity startup scene is on pace to reach its lowest point of venture capital funding on a yearly basis since 2019, when it attracted $8.8 billion in funding, according to Crunchbase.

This year has been filled with market turmoil, with layoffs hitting multiple cybersecurity companies, including Dragos, Secureworks, Sophos, Okta, Rapid7 and Malwarebytes. Yet, global spending on cybersecurity continues to grow.

Spending on security and risk management is projected to reach $215 billion next year, a 14% year-over-year increase from 2023, according to Gartner.

The share of technology budgets allocated to cybersecurity is also growing. Organizations said they devoted a median of 8% of their technology budgets to cybersecurity in 2023, up from 5% in 2019, according to a Moody’s survey.