- within Technology topic(s)
- in United States
Despite persistent economic headwinds, the cybersecurity market has proven remarkably resilient and continues to draw significant investor interest. We're in a period of profound disruption and transformation, driven by escalating threats, rapid technological innovation, and a talent shortage.
A significant gap persists between the projected market size ($250b by 2028) and the escalating global cost of cybercrime ($10.3t by 2028). Cybercrime is estimated to have cost the U.K. retail sector more than £400m in damages in the first half of 2025 alone, as a result of high-profile breaches. This dynamic highlights the growing need for novel cybersecurity solutions and presents an opportunity for private equity (PE) firms.
In this article, we explore market forces and value creation strategies for the cybersecurity sector.
A resilient and attractive market
Following a record-breaking year for PE exits in 2021, deal activity slowed markedly in 2022 and 2023. High inflation, rising interest rates, and other headwinds dampened new-deal financing and extended average holding periods. The median holding period for PE-backed companies in the US rose to an all-time high of 5.6 years.
While 2024 merger and acquisitions (M&A) volumes remain below peak levels, activity has rebounded meaningfully (figure 1). Through June 2025, PE firms completed 137 cybersecurity transactions, an annualised pace on track to match the 405 deals in 2024.
Demand for cybersecurity assets, particularly differentiated technology, or exposure to regulated end markets, is driving up valuation multiples for cybersecurity SaaS businesses (nearing pre-2020 levels) and competition is intensifying. Multiples for cybersecurity service businesses has followed a similar trajectory, with lower revenue multiples, and investors are keen not to miss out on the potential returns available.
A new phase of M&A is emerging, marked by a shift in exit strategies and buyers. Strategic acquirers are increasingly active, prioritising cybersecurity as a core enabler of growth and resilience. Alphabet's proposed $32 billion acquisition of cloud security leader Wiz (a deal representing a 46x revenue multiple, over five times the median revenue multiple for SaaS cybersecurity businesses) would mark the largest purchase of a private, venture-backed cybersecurity company to date, signalling a bet by Google Cloud to further position itself as a leader in multi-cloud and hybrid security. Similarly, Mastercard's acquisition of threat intelligence firm Recorded Future highlights the growing need to integrate cybersecurity capabilities within financial services.
The combination of stabilising macroeconomic conditions, significant dry powder accumulated by PE sponsors, and surging demand for solutions for a rapidly evolving threat landscape is expected to accelerate cybersecurity dealmaking. The key question now focuses on which cybersecurity assets stand out as the most attractive to investors.
Balancing profitability and growth for success
Based on our analysis of approximately 90 cybersecurity companies, we identified a fundamental shift in the drivers of long-term enterprise value.
While global cybersecurity is experiencing double-digit growth across both products and services, our findings show that not all companies are translating this expansion into superior valuations. The market no longer rewards top-line growth alone; instead, profitability has become a prerequisite for achieving high multiples.
The most critical factor influencing enterprise valuation is a strategic balance between profitability and growth. Market leaders such as CrowdStrike and Zscaler exemplify this combination.
Capitalising on the disruptive forces shaping the cybersecurity market
The current cybersecurity landscape is shaped by several overarching trends that are redefining priorities. Eight dominant disruptors (figure 3) impact cybersecurity product development and service demand, reflecting a move toward proactive, automated, and integrated security solutions. The cybersecurity market's attractive valuations and sustained demand present a compelling opportunity for investors.
Our experience working with cybersecurity companies and PE firms has shown that these value creation levers are the most effective across product and service companies:
Cybersecurity product providers
1. Buy-and-build consolidation
Cybersecurity remains highly fragmented, particularly in Managed Detection and Response (MDR), where nearly 600 providers operate, including many subscale and unprofitable providers. Acquiring complementary capabilities enables companies to broaden their product suite, reduce complexity for customers, and deliver greater automation and insights. Combining Identity and Access Management (IAM) with endpoint detection tools enhances visibility and streamlines remediation. Well-executed consolidation accelerates growth via cross-sell opportunities and reduces customer churn. Positioning a company as a "one-stop shop" meets the demand from organisations to shift away from disjointed point solutions. For example, Thoma Bravo UK LLP has been assembling an identity platform by acquiring Ping Identity and ForgeRock and integrating the portfolios to drive product convergence, cross-sell, and R&D.
2. Go-to-market optimisation
Strong commercial execution is crucial, with an estimated 3,000 security vendors globally. Many product firms struggle to reach decision-makers or articulate their value clearly. We often observe cybersecurity firms with narrow offerings run by technical experts rather than business leaders. Investors can unlock value by professionalising the sales organisation, hiring cybersecurity-specific sales leaders, introducing sales enablement processes, and refining product messaging.
Expanding channel partnerships (e.g., co-selling through cloud marketplaces) also extends reach. These steps can significantly contribute to stronger topline growth and higher exit multiples. CrowdStrike has materially shortened sales cycles by leaning into hyperscaler marketplaces, including AWS co-sell, and Managed Security Service Providers-led (MSSPs) channels, while sharpening vertical messaging for public sector and healthcare to boost conversion and deal size.
3. Meaningful AI integration
AI and machine learning are baseline expectations for modern cybersecurity tools. AI-driven cybersecurity is projected to grow from $31 billion in 2025 to $135 billion by 2030, reflecting increased buyer demand. The most effective implementations leverage proprietary data, are regularly validated, and produce tangible performance gains, differentiating the product in a crowded market. Thoma Bravo-owned Sophos has embedded deep-learning models across its MDR service and endpoint detection to improve detection quality and automate AI response playbooks to triage alerts, summarise investigations, and cut time-to-contain.
Whether to acquire a specialist to exit into a larger platform, or to buy and build the platform yourself, hinges on mandate, capital, integration capacity, and the spread between platform and bolt-on valuations. For a lower-risk route, acquire a differentiated specialist in a regulated or technically defensible niche, professionalise go-to-market, lift EBITDA, and target a sale to a scaled platform. For investors seeking higher returns, acquire a platform and run a disciplined buy-and-build to standardise the stack, centralise product and customer success, capture cross-sell, and aim towards recurring revenue to earn scale premiums.
Cybersecurity service firms
Service-oriented cybersecurity firms, such as MSSPs, consultancies, and advisory practices, face the challenge of scaling in a skills shortage. With a projected 3.5 million unfilled cybersecurity jobs by 2025, creating value depends on maximising operational leverage and expanding high-demand offerings. Strategies to increase value include:
1. Augmented intelligence to scale delivery
Service providers can scale expertise by automating lower-value tasks like Tier-1 SOC alert triage, vulnerability scanning, and compliance checks through AI and augmented intelligence. AI tools increase capacity and allow senior analysts to focus on complex, high-margin work like threat-hunting and breach response. Many firms report 30-40% throughput gains from automation alone. This model improves delivery efficiency and cost structure without increasing headcount, supporting better margins and enabling the firm to serve more clients. Permira-backed Kroll uses its Responder MDR platform to automate Tier-1 triage and orchestrate containment via pre-built runbooks (EDR isolation, account lockouts, ticketing), freeing senior analysts for complex investigations.
2. Expanding into compliance and identity services
Regulatory frameworks like the EU's NIS2 and the DORA regulation in financial services are increasing demand for Governance, Risk, and Compliance (GRC) and IAM services. Firms offering these services alongside core technical capabilities (e.g., monitoring or SOC operations) can position themselves as comprehensive, long-term partners.
Building or acquiring GRC and IAM practices enables providers to guide clients through compliance mandates, risk audits, and IAM governance, which become embedded in their security operations. These offerings also create upsell potential and deepen client stickiness. As an example, DNV combined Nixu (strong in IAM and GRC) with Applied Risk (OT security) to offer integrated compliance and identity services across IT/OT firms, positioning the firm as a long-term partner for regulatory uplift and ongoing operations.
3. Transitioning to managed services and recurring revenue
The shift from project-based work to subscription-like, recurring revenue models (e.g., MDR, outsourced security monitoring) is one of the most powerful value drivers. These predictable models offer steady cash flow, reduce volatility, and typically command higher exit multiples. By 2025, 50% of enterprises are expected to adopt MDR services, illustrating the broader trend toward outsourced cybersecurity-as-a-service. Managed services also allow firms to invest in scalable infrastructure, such as shared analytics platforms, creating long-term cost advantages. Contracts with monthly or annual billing improve visibility, customer retention, and lifetime value. As an example, SecureWorks pivoted from consulting to Taegis XDR/MDR subscriptions, shifting its revenue mix towards recurring contracts and using a shared analytics stack to scale efficiently.
A blueprint for action
Through targeted value creation strategies, PE firms can strengthen their cybersecurity portfolio companies commercially, operationally, and reputationally. Whether through platform consolidation, AI-led automation, or recurring revenue transformation, the key is to align operational initiatives with investor outcomes. In a market where buyers scrutinise cyber posture as never before, early preparation and strong fundamentals are essential to command premium valuations and deliver successful exits.
Case study: We recently unlocked adjusted EBITDA margin expansion from 2% to an average of 25% through a commercial growth assessment and operating model redesign of a cybersecurity asset.
A leading private equity investor sought to assess the value creation potential of a Nordic cybersecurity company. Faced with fragmented sales and marketing operations and high indirect costs, our team conducted a rapid, data-driven outside-in due diligence. We benchmarked cost baselines, mapped the organisation, and identified that 70% of sales and marketing spend was indirect, with revenue per FTE lagging industry peers.
By designing a simplified future-state operating model and rationalising external spend, we identified annual savings of 15% in sales and marketing. Our analysis enabled the client to quantify a total value creation opportunity of around 25% in EBITDA uplift and prioritise transformation levers for post-deal execution. The client proceeded with confidence, equipped with actionable insights to drive margin expansion and sustainable growth.
Combining advanced analytics, benchmarking, and deep sector expertise, we help investors unlock hidden value and accelerate transformation in complex, high-growth markets.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
