SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 - SecurityWeek
SecurityWeekArchived May 27, 2026✓ Full text saved
SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 SecurityWeek
Full text archived locally
✦ AI Summary· Claude Sonnet
As the cybersecurity market continues to mature, SecurityWeek’s annual M&A report provides an essential roadmap for understanding how corporate consolidation is reshaping the digital defense sector.
SecurityWeek’s M&A tracker cataloged 426 deals in 2025, including 334 involving pure-play companies.
The 2025 figure of 426 represents a 5% increase over 2024, signaling that the sector is once again on an upward trajectory after two years of consecutive decline.
Global cybersecurity M&A annual volume trends (2021–2025)
While the total number of deals is lower than the 2022 peak (455), the value and complexity of the deals appear to be higher. In addition, the market continues to move away from the ‘buying everything’ trend observed in 2021/2022 to a more strategic, international consolidation.
Regional dynamics and global footprint
The 2025 data shows that the market has become significantly more globalized.
Global map of cybersecurity M&A activity in 2025
At 288 participations for 426 deals, the US remains involved in roughly 67% of all global cybersecurity M&A. This is a slight recovery from the 63% low in 2023, but still well below the 80% dominance seen in 2021.
The UK saw a decline from 70 deals (2021) to 48 (2023). However, it rebounded to 67 in 2024 and maintained that momentum with 64 deals in 2025. The UK has solidified its position as the clear #2 global hub for cybersecurity M&A.
Distribution of cybersecurity M&A by country in 2025
After being overtaken in the rankings in 2024, Israel has reclaimed the 3rd position with 34 deals in 2025.
Ireland and Sweden saw fewer than 10 deals in 2024 after a strong 2023. In 2025, they bounced back to 12 and 11 deals respectively.
Capital allocation and valuation trends
Financial details were disclosed for 74 deals for a total disclosed value of $92.5 billion. This includes 63 deals involving pure-play cybersecurity companies, with a total disclosed value of $84 billion.
The total disclosed deal value has surged by approximately 82% year-over-year, which can largely be attributed to Google’s planned acquisition of cloud security giant Wiz for $32 billion.
The industry has sustained its appetite for billion-dollar acquisitions, with 11 deals exceeding the $1 billion mark.
In addition to Google-Wiz, seven deals involving pure-play cybersecurity firms surpassed $1 billion, including Palo Alto Networks acquiring CyberArk ($25B) and Chronosphere ($3.3B), ServiceNow’s acquisition of Armis ($7.7B) and Veza ($1B), Francisco Partners buying Jamf ($2.2B), Veeam Software acquiring Securiti AI ($1.7B), and Proofpoint acquiring Hornetsecurity ($1.8B).
This suggests that large-scale platform consolidation is now a permanent fixture of the landscape.
Cybersecurity M&A deal financial values in 2025
The $100M-$999M range was the primary engine of growth in 2025. This indicates that acquirers are focusing on mature, established cybersecurity companies rather than early-stage startups.
This also suggests that the industry is currently in a phase of strategic scaling, where medium-sized specialized leaders are being swallowed by larger platforms to create all-in-one security suites.
There has been a noticeable decline in the number of disclosed deals under $100M (down to 26 in 2025 from 32 in 2024). This implies that ‘tuck-in’ acquisitions of very small startups are either becoming less frequent or are less likely to have their financial terms disclosed compared to larger, more impactful deals.
Sector deep-dive and domain expertise
SecurityWeek data shows that 125 deals involved managed security solutions providers (MSSPs) in 2025, including 60 pure cybersecurity providers. This includes product distributors and companies that offer other products and services in addition to cybersecurity.
While activity involving MSSPs has increased from 119 deals in 2024, it remains significantly lower than the 150+ seen in 2022 and 2023.
After a sharp drop in 2024, the 2025 figure suggests the market has found its new normal. It is no longer in a freefall, but it hasn’t returned to the frantic buying spree of 2022-2023. The strategic value remains high as managed services continue to be the primary way small-to-medium enterprises consume security.
While it’s important to keep track of MSSP deals, we are tracking them separately in an effort to get a better view of the other categories.
Several core security sub-sectors experienced significant upward momentum in 2025, as acquirers seem to prioritize data sovereignty, identity integrity, and regulatory compliance.
Distribution of cybersecurity M&A by sector in 2025
With 82 deals, GRC (governance, risk, and compliance) reached a five-year peak in 2025. While it has always been a top category (averaging 65 deals from 2021-2024), the jump to 82 suggests that companies are prioritizing regulatory requirements over purely technical defenses.
Data protection recorded aggressive growth, surging from 44 deals in 2024 to 63 deals in 2025. This reflects an industry shift toward data-centric security.
While still a smaller category, AI security is showing a clear upward trajectory. It recorded 8 deals in 2024 and has increased to 13 deals in 2025, mirroring the broader tech industry’s focus on securing LLMs and AI pipelines.
After a significant slump in 2024 (dropping to 28 deals), identity has bounced back to 43 deals in 2025, returning to its historical levels from 2022 and 2023.
While several sectors saw record growth, four categories experienced a cooling in M&A activity, reflecting a pivot away from reactive tools toward long-term governance and data resilience.
One of them is incident response, which has seen a notable decline, dropping from a peak of 38 deals in 2024 to 25 deals in 2025.
Private equity-led acquisitions have also cooled significantly. They spiked to 37 in 2023 but dropped to 18 in 2025, returning to the levels seen in 2021 and 2022.
After a strong 2024 (16 deals), interest in companies specializing in industrial/OT cybersecurity appears to have leveled off, dropping back to 9 deals, the same number recorded in 2023.
Application security saw a steady rise in M&A deals through 2024 (reaching 31), but dipped slightly to 26 in 2025.
Two types of companies stand out for remaining steady throughout the years. Network security remains the most consistent category in the dataset. It has hovered almost exactly at the same level for four years, with roughly 40 deals announced every year between 2022 and 2025.
The government contractors segment is also remarkably stable, consistently recording between 36 and 38 deals annually (except for a slight outlier of 43 in 2021). It sits at 36 deals for 2025.
The 2025 data indicates a market shift away from reactive tools (incident response) and toward resilience and compliance infrastructure (GRC and data protection). While 2024 was a year of diversifying into specialized niches, 2025 appears to be a year of consolidation around the core pillars of governance and data privacy.
Monthly summaries of 2025 cybersecurity M&A deals: January, February, March, April, May, June, July, August, September, October, November, December.
Methodology: The data was collected through news distribution services, Google searches and pitches from PR companies. The data includes companies that issued press releases announcing or mentioning acquisitions, as well as deals that have been privately reported to SecurityWeek. All deals that had a cybersecurity component have been taken into account for this study. Mergers and acquisitions that did not have an English-language announcement may not be included. The data could also include some deals that may have not been completed after they were announced.
The GRC category includes governance, compliance, risk management, audit, assessment, vulnerability management, penetration testing, attack surface management, offensive security, and cyber insurance. Network security includes endpoint security, MDR, XDR, NDR, and SASE. Identity includes IAM, PAM, secure access, authentication, and authorization. Incident response includes SOAR, SIEM, SOC, and forensics. ‘Other (specialized)’ includes hardware, quantum, media and events, healthcare, brand protection, financial, online safety, SAP, recruiting, real estate, and automotive. Data protection includes encryption/cryptography, VPN, privacy, backup and blockchain. MSSP includes cybersecurity solution distributors and companies that do not develop their own products or solutions. The AI category only includes companies specializing in securing AI.
WRITTEN BY
Eduard Kovacs
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
Oncology Institute Discloses Data Breach
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Canadian Man Arrested for Operating Kimwolf Botnet
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
Latest News
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
The Credential Crisis: How Stolen Credentials Defeat Modern Security
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
GlassWorm Botnet Disrupted
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
Trending
Virtual Event: Threat Detection And Incident Response Summit
On-Demand
Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.
Register
Webinar: Third-Party Risk In Practice
June 4, 2026
Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice.
Register
People on the Move
Joe Chen has become Chief Technology Officer at Trellix.
Usercentrics has named Pawan Hegde as COO and Elena Ignatova as CPTO.
SecureAuth has named Mark van Oppen as Chief Revenue Officer.
More People On The Move
Expert Insights
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode. (Joshua Goldfarb)
Cyber Resilience Is The New Business Continuity Plan
The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose. (Steve Durbin)
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael)
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au)
The Mythos Moment: Enterprises Must Fight Agents With Agents
Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor)
Flipboard
Reddit
Whatsapp
Email