Cybersecurity M&A Roundup: 42 Deals Announced in February 2026 - SecurityWeek

Forty-two cybersecurity-related merger and acquisition (M&A) deals were announced in February 2026. For a detailed view of the more than 420 acquisitions announced in 2025, check out SecurityWeek’s annual M&A report. Here are some of the most important cybersecurity M&A deals announced in February 2026:     Arctic Wolf acquires Sevco Security SOC provider Arctic Wolf acquired US cybersecurity company Sevco Security, with no financial details disclosed. The acquisition aims to enhance Arctic Wolf’s attack surface management capabilities and provide customers with more comprehensive visibility and risk reduction in managed security operations. Booz Allen to acquire Defy Security Technology consulting giant Booz Allen Hamilton acquired cybersecurity services and consulting firm Defy Security. The acquisition aims to expand Booz Allen’s cybersecurity capabilities, as well as support its growing business in the UK and the European Union. Check Point acquiring Cyata, Cyclops Security, and Rotate Check Point announced three strategic acquisitions to accelerate its push into AI-driven security and exposure management: Cyata, Cyclops, and Rotate. Cyata will help Check Point enhance its end-to-end AI security platform, while Cyclops helps the company strengthen exposure management with AI-driven asset discovery. Rotate brings talent and capabilities to accelerate workspace momentum. Endor Labs acquires Autonomous Plane Software security company Endor Labs acquired application security firm Autonomous Plane. The acquisition aims to enhance Endor Labs’ reachability capabilities across applications and container images. Experian acquires AtData Experian has acquired identity and data intelligence solutions provider AtData. The acquisition aims to strengthen Experian’s capabilities in identity verification and fraud detection, with a focus on email. Palo Alto Networks to acquire Koi Palo Alto Networks has entered into a definitive agreement to acquire endpoint security company Koi. Financial details have not been officially disclosed, but the deal is reportedly valued at $400 million. Palo Alto Networks said it’s buying Koi for its agentic endpoint security technology, aiming to enhance its Prisma AIRS AI security platform and Cortex XDR endpoint security solution. Proofpoint acquires Acuvity Proofpoint acquired AI security and governance company Acuvity. The integration of Acuvity’s technology will allow Proofpoint to provide real-time visibility and granular controls over how employees and systems interact with AI applications. This deal aims to prevent the accidental exposure of sensitive data while ensuring compliance. Quantum eMotion to acquire SKV Technology Quantum eMotion (QeM) is acquiring SKV Technology (SecureKey), a developer of specialized cryptographic software and hardware. The deal integrates SecureKey solutions into QeM’s portfolio to deliver quantum-resistant security, rapid PQC migration, and policy-driven P2P communication.  Sophos acquires Arco Cyber Sophos has acquired UK-based Arco Cyber, a cybersecurity assurance company that helps organizations improve their security posture. Sophos said the acquisition enables it to deliver AI-powered cybersecurity governance capabilities, through its CISO Advantage offering, to organizations that lack dedicated security leadership.  Varonis acquires AllTrue Data security company Varonis Systems has acquired AllTrue.ai for its AI trust, risk, and security management (TRiSM) solutions. The deal has been valued at $150 million. By integrating AllTrue.ai’s capabilities into its own platform, Varonis will enable customers to monitor and control AI behavior, reduce risks, and maintain and demonstrate compliance. Zscaler acquires SquareX Zscaler announced that it has acquired browser security firm SquareX for an undisclosed sum. With the technology provided by SquareX, Zscaler will extend security to unmanaged devices, enabling organizations to secure users within their preferred browser without the need for a full agent or the limitations of a separate, third-party browser.  Other cybersecurity M&A deals announced in February 2026: AEA acquires majority stake in Magna5 Arc acquires Skye Cloud Arctiq acquires Verinext Astreya acquires Reliant Information Services Aura acquires Qoria By Light Professional IT Services acquires Dignitas Technologies Ctrl:cyber acquires ElevenM CyberCatch acquires Atriarch Ekco acquires Datalogix Everpure (formerly Pure Storage) acquires 1touch  Future Standard acquires majority stake in Velonex Technologies Guardsquare acquires Verimatrix XTD HaystackID Acquires eDiscovery AI IT Solutions acquires Tech Superpowers Keycard acquires Anchor.dev Littlefish Group acquires Stripe OLT Logicalis US acquires Maple Woods Enterprises Markon acquires Millennium Myriad360 acquires Advizex Nexus IT acquires DamonTeK Quantum Leap acquires Veros Technologies QuickStart acquires IronCircle RevSpring acquires TrustCommerce Scale Computing acquires Adaptiv Networks Semperis acquires MightyID TransUnion to acquire mobile division of RealNetworks TruthScan acquires Imagedetector.com Valiant Solutions acquires Abile Group Woven Solutions acquires Valence Related: Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance Related: Cybersecurity M&A Roundup: 34 Deals Announced in January 2026 WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users Apple Intelligence AI Guardrails Bypassed in New Attack Adobe Reader Zero-Day Exploited for Months: Researcher $3.6 Million Stolen in Bitcoin Depot Hack Data Leakage Vulnerability Patched in OpenSSL Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption  US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Severe StrongBox Vulnerability Patched in Android Latest News Adobe Patches Reader Zero-Day Exploited for Months In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack Juniper Networks Patches Dozens of Junos OS Vulnerabilities Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday Orthanc DICOM Vulnerabilities Lead to Crashes, RCE Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 MITRE Releases Fight Fraud Framework Critical Marimo Flaw Exploited Hours After Public Disclosure Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move The United States Department of War appointed David Vaughn as Technical Advisor for Data Infrastructure. Black Duck has named Dom Glavach as Chief Information Security Officer. Finite State has named Ann Miller as Vice President of Marketing. More People On The Move Expert Insights The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email