ARTICLE
20 November 2025

U.S. Cybersecurity Sector Report - Q3 2025

RG
Ropes & Gray LLP

Contributor

Ropes & Gray LLP logo
Ropes & Gray is a preeminent global law firm with approximately 1,400 lawyers and legal professionals serving clients in major centers of business, finance, technology and government. The firm has offices in New York, Washington, D.C., Boston, Chicago, San Francisco, Silicon Valley, London, Hong Kong, Shanghai, Tokyo and Seoul.
Explore Firm Details
Deal count: Q3 2025 is up +14% from last quarter, a sign that the market is becoming more active, driven by managed & IT services that help organizations to outsource their cybersecurity needs...
United States Technology
Ropes & Gray LLP
Your Author LinkedIn Connections
Ropes & Gray LLP are most popular:
  • within Insurance, Media, Telecoms, IT and Entertainment topic(s)
  • in United Kingdom

1707796a.jpg

U.S. Cybersecurity M&A + PE Deal Activity

  • Deal count: Q3 2025 is up +14% from last quarter, a sign that the market is becoming more active, driven by managed & IT services that help organizations to outsource their cybersecurity needs, which has become increasingly important as the industry struggles with talent shortage.
  • Deal value: In Q3 2025, deal value is up significantly from last quarter with several deals in the $500 Mn - $1 Bn range, though there were no deals above $1 Bn.
  • Palo Alto Networks/CyberArk Announcement: Announced at the end of July, Palo Alto reached an agreement with CyberArk for a $25 Bn acquisition, the deal expected to close in 2026. This acquisition is the logical evolution of Palo Alto's platformization strategy, which drove14 acquisitions since 2019.

1707796b.jpg

1707796c.jpg

1707796d.jpg

U.S. Cybersecurity M&A + PE Deal Size

  • Through Q3 2025 there were no deals between $1 Bn to $5 Bn, this was a stark contrast to 2024 where that bucket made up 11% of the market. Nonethless, the focus on generative and agentic AI capabilities could drive larger deals in the future while smaller deals might occur more frequently as the cybersecurity industry continues its path to rapid consolidation through merger and acquisitions.

1707796e.jpg

1707796f.jpg

U.S. Cybersecurity VC Deal Activity

  • Deal count has been decreasing for the second consecutive quarter, but expected deal count for the full year 2025 is projected to be up 2% from 2024 driven by a strong Q1 2025.

1707796g.jpg

1707796h.jpg

U.S. Cybersecurity VC Deal Size

  • Since 2020, deal count below $5 Mn is down 41%, showing that investors are moving away from small deals.
  • Most VC deals concentrate in the network software arena, which covers products that control access, monitor activity, detect/respond to threats, and enforce policy across networks, cloud, endpoints, apps, and data.

1707796i.jpg

1707796j.jpg

1707796k.jpg

Public Company Financials

1707796m.jpg
1707796n.jpg

1707796l.jpg

U.S. Cybersecurity Trends

  • M&A Dealmaking: Consolidation and platformization remains the key theme driving M&A activity. Segments such as identity, cloud security, and data security are consolidating at faster speeds due to strong customer momentums and current large players like Palo Alto and Google having the capabilities to acquire smaller players. Many experts and brokers alike predict that this sort of consolidation will lead to a strong end to 2025 as well as into 2026.

"There's ongoing vendor consolidation. [There's definitely] preference to have to deal with fewer vendors, not more. [For example,] I think we're continuing to see more MDR providers leaning into the Microsoft ecosystem even more as their sources of telemetry and things along those lines just due to the sheer predominance of customers that already have a Microsoft 365 account or something along those lines that's enabled with those technologies." – VP of Strategy for Team Logic, August 28, 2025

  • Venture Capital: Q3 2025 was the slowest quarter for VC in the year but annually is on track to be the strongest funding year since 2022. Balance across developments stages with pre-seed/seed, early, and later stage categories each accounting for a third in terms of deal count suggests a healthy pipeline of both early innovation and scaling opportunities in the future.

"The concept of managed security operations will probably be one of the fastest growing markets into the Global 2000 companies over the next 12-24 months. A lot of that is being driven by some key criteria. One, the lack of talent in the industry. You look at North America, where you've got over 1.6 million cybersecurity jobs open, it is very difficult for organizations to be able to staff people, so I think that's one." – Former MSSP expert at Palo Alto, July 10, 2025

  • IPO: Jefferies notes the IPO window continued to reopen in Q3, with successful listings (e.g., Chime, Figma) and revived pipelines. PitchBook also characterizes 2025 as a "normalization of down rounds" with ongoing bifurcation—strong performers raising at higher valuations—conditions that typically pull crossover investors back toward high‑quality growth assets during Q3.

"Many customer environments today are fragmented. Some enterprises rely on 40 or 50 cybersecurity vendors, while others manage 100 or even 200 solutions...Many organizations are becoming more self-aware...consolidation is reducing fragmentation through mergers, acquisitions, and integrated platforms." – Adrian Hia, Managing Director, APAC, Kaspersky

  • Industry Growth: Cybersecurity continues to project positive high single digit to low double-digit growth year over year. The rise of social engineering attacks by deepfakes and bots suggest that the fundamentals of this industry remains strong in both the short term and long term. Though in the short-term macro headwinds may mute deal volume, the momentum behind the industry will persist.

From what we've tracked at Dataprise, I'd say overall pipeline and inquiry volume has probably grown roughly 15%-25% quarter over quarter. The biggest jumps are, like I said before, MDR, pen testing, compliance-focused solutions, which individually are driving much of that growth." – Sales Director, Dataprise

Strategic Legal Counsel for the Cybersecurity Industry

Headwinds

  • Cybersecurity M&A deals likely to increase due to industry wide consolidation.
  • Rising threat intensity will keep cybersecurity a priority across public and private sectors globally.
  • AI-driven risk and identity security are the spending hot spots.
  • Regulatory frameworks and rate cuts is likely to improve transaction and exit environment.

The Rising Cost of Cybercrime will Drive Near and Long-Term Growth: Critical Start reports the total cost of cybercrime attacks may reach $8 trillion, equivalent to $25,000 per person just in the U.S.

GenAI Overlap with Cybersecurity Expected to Grow: SentinelOne reports that the global generative AI cybersecurity market is projected to reach $40.1 billion by 2030, growing at a 33.4% CAGR from $7.1 billion in 2024, driven by increasingly complex cyber threats and expanding attack surfaces. Furthermore, AI lowers the threshold for skill advancement among moderately proficient attackers, eliminating the need for affiliation with threat actor collectives thus resulting in an increase of solo or small-group hacking activities.

SASE, SecOps, and Cloud: CFRA expects demand strength tied to the firewall refresh cycle and newer offerings (SASE, SecOps, Cloud) to materialize toward the end of 2025 and H1 2026; they flag identity maturation and platform momentum among key vendors.

Uptick in Enterprise Use of AI/ML: Zscaler data from the first half of 2025 shows that enterprise use of AI/ML tools has increased over 3,000% this year compared to last year. This means organizations are being exposed to new levels of security vulnerabilities at unprecedented speeds.

Military and Defense Sector Investment: The White House budget for civilian cybersecurity is $13 billion in 2025, an increase of 10.2% over $11.8 Bn allocated in 2024. The U.S. military will receive about $30 billion in cybersecurity funding in fiscal 2025, included in the budget is $3.0 billion in total funding for Cybersecurity and Infrastructure Security Agency (CISA) to improve national critical infrastructure cybersecurity response.

Upcoming Rate Cuts: The Fed cut 25 bps in September and any sources project another two cuts in 2025, which could mean lower financing costs, lift valuations, and boost PE transactions and IPO activity that will become macroeconomic tailwinds for cybersecurity.

Digital Sovereignty: Many countries are introducing new regulatory frameworks in response to evolving cybersecurity threat landscapes. For example, in the EU policies such as the Network and Information Systems Directive (NIS2), the Digital Operational resilience Act (DORA), and the EU Data act will fuel funding, adaptation, and innovation in cybersecurity. China has also been actively promulgating regulations for data sovereignty, strengthening personal data protection through the implementations of compliance audits and working on special mechanisms to facilitate cross-border data transfer.

Key Developments in Cybersecurity Law

December 10, 2024

The Cyber Resilience Act (CRA), an EU regulation for "products with digital elements" (hardware, software, services) requiring cybersecurity-by-design, mandatory security updates and incident-reporting obligations, went into effect at the end of 2024, with major obligations beginning by December 2027.

January 17, 2025

The Digital Operational Resilience Act (DORA), a sweeping EU regulation for the financial sector, went into effect, establishing uniform ICT-risk management, third-party ICT provider oversight, incident-reporting and resilience-testing requirements for banks, insurers, investment firms and key ICT service providers.

February 20, 2025

The SEC announced the creation of the Cyber & Emerging Technologies Unit (CETU), a dedicated unit focused on cyber-related misconduct and emerging technologies. This is just part of the SEC's continued focus on cybersecurity enforcement, as announced in its 2025 examination priorities, which were released in late 2024.

May 19, 2025

The bipartisan TAKE IT DOWN Act passed. The new U.S. law , which targets online non-consensual intimate imagery and "deepfakes" posted by covered online platforms, empowers individuals to notify a platform if content is published without their consent and requires platforms to remove the content within 48 hours.

June 6, 2025

President Trump signed Executive Order 14306, which amended cybersecurity EOs issued by previous presidents. Key changes made by the EO included focusing sanctions authority on foreign cyber threats, removing certain software-attestation requirements for government contracts, and narrowing digital identity mandates.

October 1, 2025

The Cybersecurity Information Sharing Act (CISA) of 2015, was allowed to expire at the end of September 2025, a casualty of the political battle over government funding. CISA's legal protections are vital to enabling private-sector organizations to share threat data, both within the industry and with the government. The current Continuing Resolution (CR) bill may give it at least a brief return to life and allow congress to reconsider renewal once the government is back to normal operations.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Ropes & Gray LLP
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More