Cybersecurity: Consolidation And Competition

In 2025, M&A overcame the continued uncertainties from 2024 caused by geopolitical tension and trade friction. The sector built on the strong finish to 2024, when cybersecurity logged the highest quarterly M&A volume in three years, with security operations, risk, infrastructure and identity the most active sub‑sectors.

In fact, we saw unprecedented dealmaking in cybersecurity, both in terms of the number of transactions and the total deal value. Over 400 cybersecurity M&A deals were announced globally in 2025, representing an increase of approximately 22% in volume from the previous year and almost 270% in total deal value.

Many of the key drivers of M&A activity in 2024 continued to underpin this activity in 2025. Escalating threats, AI adoption and evolving regulation kept cybersecurity at the forefront of global M&A in 2025, and all signs point to another active year in 2026.

Large technology and security companies drove the lion's share of dealmaking in 2025, with eight megadeals over US$1 billion, signalling large-scale consolidation in this sector. Nevertheless, private equity still remained highly active, with over 160 transactions, suggesting a renewed buyer confidence in this sub-sector.

Selected cybersecurity M&A highlights in 2025

2025 saw a number of high‑profile transactions that illustrate the strategic forces reshaping the cybersecurity sector. Deal activity was marked by large‑scale platform acquisitions, continued consolidation around identity, cloud and AI‑driven security capabilities, and increasing interest from both traditional cybersecurity vendors and enterprise software providers. Collectively, these transactions demonstrate how acquirers are using M&A to accelerate innovation, expand platform depth and position themselves for long‑term growth in an environment of escalating cyber risk and regulatory scrutiny.

Google's US$32 billion acquisition of Wiz

In March 2025, Google announced a landmark agreement to acquire cloud security startup Wiz for US$32 billion, eclipsing its acquisition of Mandiant for US$5.4 billion three years earlier. This is the largest ever purchase of a standalone cybersecurity company, and Google's biggest acquisition to date. Wiz, founded in 2020 and a leader in cloud and AI security, gives Google Cloud a major boost in cloud infrastructure capabilities, showcasing Google's serious commitment to challenging rivals like Microsoft in enterprise security.

Palo Alto Networks' US$25 billion acquisition of CyberArk

In July 2025, Palo Alto Networks announced a US$25 billion agreement to acquire CyberArk, a longtime identity security and privileged access management leader. This landmark push by Palo Alto into the identity security space suggests that identity and privileged access management is only set to increase in importance as cyber security increasingly becomes a core focus of organisations across the globe.

ServiceNow's US$9 billion acquisition of Armis and Veza

Workflow platform provider ServiceNow spent nearly US$9 billion on acquiring Armis, a leading IoT/OT security company, and Veza, an AI identity security platform, enabling it to offer integrated solutions for discovering connected devices and managing data permissions and identity risks.

Palo Alto Network's US$3.5 billion acquisition of Chronosphere

Alongside its blockbuster US$25 billion acquisition of CyberArk, Palo Alto Networks continued to invest in strengthening its security operations capabilities with the acquisition of Chronosphere, a cloud observability and monitoring specialist.

Proofpoint's acquisition of Hornetsecurity for US$1.8 billion

This reflects an ongoing consolidation within the cybersecurity space, but this time within the MSP and SME markets targeting markets beyond large enterprises.

Focus areas: Cloud, identity, AI and threat intelligence

Cloud security and infrastructure

Google's record‑breaking acquisition of Wiz underscored the strategic importance of platforms that secure cloud environments at scale, particularly as cloud and AI workloads become core to enterprise operations. Beyond Wiz, a number of transactions focused on strengthening cloud‑native security foundations, including threat detection, telemetry and response capabilities that operate across distributed environments.

Identity and zero trust acceleration

Identity emerged as a central theme in cybersecurity M&A during 2025, reflecting the accelerating adoption of zero‑trust security models in enterprise environments. As organisations continue to operate across distributed cloud platforms, remote workforces and increasingly automated systems, identity – not the network perimeter – has become the key defence against modern threats.

The acquisition of CyberArk by Palo Alto Networks exemplifies this shift, embedding identity and privileged access management more deeply into a broader security platform. Beyond large‑scale transactions, 2025 also saw a series of more targeted acquisitions aimed at strengthening specific layers of the identity stack. For example, Ping Identity's acquisition of Keyless expanded authentication capabilities designed to counter AI‑driven impersonation and credential abuse. Meanwhile, Twilio's acquisition of Stytch reflected growing demand for API‑native identity infrastructure, particularly in applications that interact with both human users and AI agents.

AI-powered security and automation

One of the defining themes of 2025 was the infusion of AI into cybersecurity products. Several transactions focused on embedding AI‑native automation into established security platforms. For example, Checkmarx's acquisition of Tromzo reflects growing demand for AI‑driven remediation workflows that can prioritise vulnerabilities and automate response actions across modern application environments. These types of capabilities are increasingly viewed as essential to making security programmes scalable, particularly in large and complex digital estates.

Alongside the use of AI to improve security operations, 2025 also saw increased M&A activity aimed at securing AI systems themselves. As organisations deploy generative and autonomous AI more widely, new risk categories, including model misuse, data poisoning, code injection and prompt manipulation, have emerged. Red Hat's acquisition of UK‑based AI security specialist Chatterbox Labs illustrates how infrastructure and platform providers are moving to address these issues by acquiring specialist expertise, rather than developing it in‑house.

More broadly, established cybersecurity vendors such as CrowdStrike, SentinelOne, Zscaler and F5 continued to consolidate AI‑focused capabilities through targeted acquisitions. Taken together, these transactions demonstrate how AI in 2025 shifted from being a differentiating feature to a core enabling layer within enterprise security platforms, driving both consolidation and strategic repositioning across the sector.

Risk and compliance

Another active segment was governance, risk and compliance technology (GRC), driven by mounting pressures worldwide. 2025 saw at least 63 acquisitions in the GRC category, as organisations looked to strengthen data protection, audit and regulatory compliance. With new cyber, data protection and operational‑resilience regimes moving from implementation to enforcement, compliance increasingly became a continuous operational requirement, rather than a periodic reporting exercise.

Heightened privacy and cybersecurity standards, including obligations relating to third‑party risk, incident reporting and data governance, have elevated cyber and compliance issues to the board and executive risk agenda. In response, organisations have sought more integrated and automated approaches to managing risk, prompting sustained acquisition activity in areas such as data privacy management, regulatory monitoring and third‑party risk assessment.

This trend was also seen on the services side, where global consultancies acquired specialist risk and compliance boutiques and managed security providers. These transactions reflect client demand for end‑to‑end solutions that combine advisory services with technology and managed execution, particularly in heavily regulated sectors. Taken together, these developments show that GRC is evolving from a standalone function into a core component of enterprise risk management, with M&A playing a central role in building the required scale, capability and integration.

A defining year for cybersecurity M&A

Looking ahead to 2026, cybersecurity M&A is expected to remain active, driven by increased cybersecurity demands rather than transient cyclical conditions. As security requirements are becoming even more deeply embedded into core business systems, particularly cloud‑based and AI‑enabled platforms, larger players are likely to continue using acquisitions to accelerate capability development and maintain relevance in an increasingly complex risk environment.

We expect areas such as data security, identity governance, critical infrastructure protection and compliance‑driven technology to remain focal points for deal activity. Demand in these segments is increasingly shaped by client expectations for demonstrable resilience and operational assurance, rather than standalone security products, favouring integrated platforms and supported services.

In particular, as AI is further woven into products and key systems and connected to sensitive data, larger security players will likely keep acquiring innovative startups to keep ahead. Regulatory pressures and client expectations for cyber resilience will also likely sustain demand for solutions, driving acquisitions in compliance, data security and critical infrastructure protection.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.