Available exclusively to cybersecurity founders, executives, and investors.
The fourth quarter of 2025 represents a turning point for cybersecurity. After nearly two years of compressed valuations and careful spending, we’re watching deal activity pick back up with real momentum. But this isn’t the same market we saw in 2020 and 2021. Premium prices now go to companies that can actually demonstrate both growth and profitability (the “Rule of 40”). The market also favors businesses successfully building AI into their core products, not just slapping it on as marketing.
Platform consolidation has become the defining story. Google got DOJ clearance to buy Wiz for $32 billion1. Veeam spent $1.725 billion on Securiti AI2. These massive deals show how hyperscalers and established players are buying their way into the AI security market instead of building capabilities from scratch. On the flip side, we’re also seeing distressed assets getting picked up cheap. LevelBlue’s acquisition of Cybereason tells a different story, one about what happens when you can’t reach profitability in a crowded market.3
Valuations have stabilized compared to the chaos of previous years. Still, they respond quickly to specific operational metrics. The broader public cybersecurity market trades at about 7.8x revenue right now4. High-growth areas like Cloud Security and Identity Access Management command much higher multiples, often hitting 13x to 15x in public markets. In strategic M&A deals, these numbers can climb past 20x. Private markets tell a different story than public ones, with strategic buyers paying big premiums for assets that plug critical gaps in their AI and data security strategies.
Looking toward 2026, consolidation will continue. Netskope’s successful IPO in September 2025 opened the door for others.6 Companies like Cato Networks and Claroty are preparing to go public. But the bar is high. Investors want to see clean financials and real AI innovation, not just promises. This report breaks down these trends with the detailed valuation data cybersecurity founders and investors need right now.
Target Company | Acquirer | Deal Value | Estimated ARR | Revenue Multiple | Company Age | Category |
Wiz | $32.0B | ~$1.0B | ~32x | 5 years | Cloud Security (CNAPP) | |
CyberArk | Palo Alto Networks | $25.0B | ~$1.34B | ~18.6x | 26 years | Identity & PAM |
Jamf | Francisco Partners | $2.2B | ~$730M | ~3x | 23 years | Device Management |
Securiti AI | Veeam | $1.7B | ~$150M | ~11x | 6 years | Data Security |
Q4 2025 marked a shift from lots of small deals to fewer but much larger transactions. Deal volume stayed relatively steady compared to Q3, but the total value shot up thanks to a handful of transformational megadeals. Buyers (both strategic and financial) have stopped waiting around. Interest rates are dropping, and they’re putting money to work before valuations climb higher.
Q3 2025 saw 111 transactions, up from 98 in the same period of 20248. That momentum carried forward. October alone set a new record for deal value in 2025, driven by falling interest rates and narrower gaps between what buyers want to pay and what sellers expect9. Strategic buyers dominated, actively buying companies to capture market share in hot areas like Data Security Posture Management (DSPM) and Extended Detection and Response (XDR).
The big story? Platform beats best-of-breed. Large companies are using their cash reserves to buy innovation instead of developing it internally. Generative AI adoption has compressed product development timelines so much that building from scratch feels too slow. The pressure to secure AI workloads is pushing acquirers to pay premium prices for “AI-ready” security capabilities, even as they stay selective about which companies to target.
Here are the marquee deals that defined the quarter. These transactions set benchmarks for what companies are worth in their respective categories.
Table 1: Major Cybersecurity M&A Transactions – Q4 2025
Target Company | Acquirer | Deal Value | Subsector | Strategic Rationale |
Wiz | Google (Alphabet) | $32.0 Billion | Cloud Security (CNAPP) | Integration of agentless cloud security into Google Cloud to compete with AWS and Azure security; DOJ cleared in Nov 20251 |
Securiti AI | Veeam Software | $1.725 Billion | Data Security (DSPM) | Unifying data resilience (backup) with data governance and security; targeting the safe adoption of Enterprise AI.2 |
ThreatConnect | Dataminr | $290 Million | Threat Intel / SOAR | Combining real-time event detection with cyber threat intelligence and automated response capabilities.10 |
Cybereason | LevelBlue (AT&T Spinoff) | Undisclosed (Distressed) | Endpoint Security (EDR) | Market consolidation of a distressed asset; enhancing managed services with proprietary XDR tech; valuation heavily compressed from $2.8B peak.3 |
Verosint | Imprivata | Undisclosed | Identity (ITDR) | Strengthening access management with AI-powered risk signaling and identity threat detection.11 |
Aim Security | Cato Networks | Undisclosed | AI Security | Expansion of SASE platform to secure enterprise adoption of AI agents and LLMs.12 |
The DOJ clearing Google’s $32 billion purchase of Wiz in November 2025 was huge1. This isn’t just about buying revenue. Google is making a strategic move to dominate the cloud infrastructure wars. By bringing Wiz in-house, Google Cloud Platform fixes one of its biggest problems: the friction of integrating third-party security tools.
For founders, this deal sets an extremely high bar for cloud security valuations. It proves the market values agentless architecture and multi-cloud visibility at a premium. “Switzerland” security players (those that can protect workloads across AWS, Azure, and GCP without favoring any) are incredibly valuable to hyperscalers who don’t want customers locked into a competitor’s security ecosystem. The valuation multiple, estimated at over 30x forward revenue, reflects how rare assets with Wiz’s scale ($500M+ ARR) and growth rate really are.
Veeam’s $1.725 billion acquisition of Securiti AI highlights something important happening right now: the merger of Data Resilience and Data Security Posture Management2. As companies deploy Generative AI, they need to know where sensitive data lives (DSPM) and ensure they can recover it if something goes wrong (Resilience). These aren’t separate problems anymore.
Veeam paid a strategic premium for Securiti’s “Data Command Center.” Now they’re positioning themselves not just as a backup vendor, but as a complete data guardian for the AI era. The deal specifically calls out the need to “accelerate safe AI at scale,” addressing the fact that 80-90% of AI projects fail because of data governance problems2. This tells us startups working at the intersection of data privacy, governance, and security are prime acquisition targets for legacy infrastructure companies trying to stay relevant.
The Cybereason acquisition tells a very different story. Once valued at over $2.8 billion with SoftBank backing, Cybereason ran into serious problems. The Endpoint Detection and Response (EDR) market got saturated, and CrowdStrike and SentinelOne dominated.
The acquisition (labeled a consolidation of a distressed asset after valuation had crashed to around $850 million earlier in the year) shows the market has no patience for companies burning cash without clear market leadership3 . LevelBlue, an MSSP that AT&T spun out, saw an opportunity to buy technology cheaply to improve margins. They’re shifting from pure services to a tech-enabled service model. The lesson? Being a “strong number four” in a commoditized market won’t get you a unicorn exit. If you can’t reach the “Rule of 40,” consolidation is coming.
Dataminr’s $290 million acquisition of ThreatConnect shows vertical integration at work10 . They’re combining “left of boom” (predictive) and “right of boom” (response) capabilities. Dataminr brings AI-powered real-time event detection. ThreatConnect brings a Threat Intelligence Platform (TIP) and SOAR capabilities. Together, they’re trying to build predictive security posture.
This deal highlights a trend: data-rich companies are buying workflow engines to make their data useful. Pure-play Threat Intel companies or standalone SOAR platforms increasingly look like features of a larger platform rather than standalone public companies.
Valuation multiples in Q4 2025 show investors are discriminating heavily based on growth efficiency and subsector. The era of “rising tide lifts all boats” is over. We’re seeing a tiered structure where AI-native and Cloud-native companies occupy the top tier, while legacy infrastructure and service-heavy models trade at significant discounts.
The market has found a new normal. The median public revenue multiple sits at roughly 7.8x4. But this average hides massive differences between the “haves” (Cloud/AI Security) and “have-nots” (Legacy Hardware/Services).
Here are the median Enterprise Value (EV) to Next Twelve Months (NTM) Revenue multiples for public cybersecurity companies as of November 2025.
Table 2: Public Company Valuation Multiples by Subsector (November 2025)
Subsector | Median EV / NTM Revenue | Key Public Comps | Valuation Trend vs. Q1 2025 |
Cloud Security | 13.9 x | CrowdStrike, Zscaler, Cloudflare | Rising: High demand for AI-integrated cloud defense drives expansion; CrowdStrike trading >20x4 . |
Identity (IAM) | 10.5 x | CyberArk, Okta, SentinelOne | Stable/High: Identity remains the primary perimeter; CyberArk’s platform strategy commands a premium4 . |
Security Ops (SecOps) | 7.2x | Palo Alto Networks, Splunk | Stable: Consolidation into platforms supports steady multiples; Palo Alto remains a bellwether. |
Network Security | 5.8x | Fortinet, Check Point | Moderate: Hardware drag affects multiples, though SASE transitions help support valuation. |
General Cyber Index | 7.8x | ETF Baskets (CIBR, HACK) | Recovering: Up from lows of ~6x in 2024, signaling sector recovery4 . |
Data synthesized from FinRO, PitchBook, and Public Filings
Here’s something interesting happening in 2025: a persistent gap between private and public market valuations. Public markets have corrected to a median of around 7.8x revenue. But private market transactions, particularly M&A exits, are happening at much higher multiples.
Private M&A Multiples: High-growth private targets in hot sectors like Cloud Security are seeing M&A exit multiples average 16.3 x, with outliers reaching as high as 22.7x.4
VC Funding Valuations: Series A and B rounds for AI-security startups command aggressive valuations. These are often disconnected from immediate revenue, betting instead on the “AI Supercycle.” Late-stage (Series C+) valuations have compressed to align more closely with public comps, though. Many “unicorns” from 2021 need to grow into their valuations before attempting an IPO.
Strategic acquirers pay for synergy and speed to market. Acquiring a functional, AI-native DSPM platform like Securiti AI lets a legacy vendor like Veeam instantly upsell to thousands of existing customers. That justifies a premium that public market investors, judging on standalone financials, wouldn’t support. Also, high-quality, scale assets (>$100M ARR) are scarce. That creates bidding wars among cash-rich giants (Google, Microsoft, Cisco, Palo Alto).
To understand Q4, we need to look at the broader arc of 2025.
Table 3: Quarterly Valuation Trends (Q1-Q4 2025)
Quarter | Deal Volume Sentiment | Valuation Trend | Key Driver |
Q1 2025 | Low | Compression | Interest rate uncertainty; “Wait and See” approach from buyers; low deal volume.13 |
Q2 2025 | Moderate | Stabilization | Focus on operational efficiency; companies cutting burn; slight uptick in PE activity.13 |
Q3 2025 | High | Inflection | Deal activity accelerates (111 deals); Netskope IPO breaks the ice; Strategic buyers return.6 |
Q4 2025 | Very High | Expansion | Mega-deals cleared (Google/Wiz); Rate cuts confirmed; AI budgets finalized for 2026.1 |
Factors Driving Q4 Changes:
Regulatory Clarity: The DOJ not challenging the Wiz acquisition sent a signal to other large tech buyers (Microsoft, Amazon, Cisco) that M&A is viable, reducing fears of regulatory gridlock.1
AI Budget Allocation: By Q4, enterprise budgets for 2026 were getting finalized. It became clear “AI Security” would be a distinct and massive line item. Acquirers moved quickly to buy capabilities before this spending wave hit.
Interest Rate Outlook: The Federal Reserve announced rate cuts in September and October 2025 (down to 3.75%-4.00%)9. Lower cost of capital for leveraged buyouts brought Private Equity buyers back into the market for take-private deals.
For founders trying to maximize valuation in Q4 2025 and beyond, revenue growth alone doesn’t cut it anymore. Acquirers and investors are looking at specific “quality” metrics that indicate long-term durability and platform potential.
The “Rule of 40” (where Revenue Growth % + Free Cash Flow Margin % ≥ 40) remains the gold standard. But for premium valuation (top decile), investors now want to see a “Rule of 50.”
Benchmark: High-performing SaaS companies hit this balance. CrowdStrike and Palo Alto Networks consistently demonstrate metrics exceeding the Rule of 40, which justifies their double-digit revenue multiples.17
Implication: A company growing at 50% with -20% margins (Rule of 30) will trade at a discount compared to a company growing at 30% with 10% margins (Rule of 40). The market penalizes “empty calories” revenue growth that doesn’t show operating leverage.
Retention has replaced pure customer acquisition as the health indicator that matters most. In a platform-centric world, keeping and growing your customer base is everything.
Net Revenue Retention (NRR): Best-in-class companies show NRR > 120%. This proves the ability to “land and expand,” which is critical in the platformization era.
Gross Revenue Retention (GRR): A GRR below 90% is a major red flag. It indicates a “leaky bucket” that no amount of new sales can fix. Average retention for cybersecurity sits around 71%, but top performers are significantly higher.
Valuations are heavily influenced by how deeply AI is integrated. The market has gotten good at telling the difference between marketing fluff and real architectural integration.
AI-Washed: Companies that just added a “chatbot” interface to existing tools are seeing little valuation uplift.
AI-Native: Platforms where AI agents proactively hunt threats, auto-remediate vulnerabilities, or manage identity entitlements (Agentic AI) command significant premiums. The market views these technologies as deflationary for customers (reducing headcount needed in SOCs), making them highly sticky.
Gross margins act as a proxy for software purity. Service-heavy revenue streams drag down valuations.
Benchmark: Top-performing SaaS businesses typically achieve gross margins exceeding 80%.
Impact: Companies with margins below 70% are often valued as tech-enabled services (1x-3x revenue) rather than pure software companies (8x-15x revenue).
Table 4: Key Valuation Drivers – Correlation Analysis
Metric | Correlation to Valuation Premium | Insight |
Revenue Growth | High (Positive) | Still the #1 driver, but must be efficient growth; >30% is the floor for premium. |
Rule of 40 Score | Very High (Positive) | The strongest predictor of premium multiples in 2025; balances growth and FCF. |
Net Revenue Retention | High (Positive) | NRR > 120% signals platform stickiness and upsell power. |
Gross Margins | Moderate (Positive) | Margins < 70% are heavily penalized; > 80% is expected for SaaS. |
Burn Rate | High (Negative) | High burn without corresponding hyper-growth is severely penalized; runway <12 months is fatal for valuation. |
The cybersecurity market isn’t one thing. Valuation multiples vary wildly depending on the specific problem a company solves and how relevant that problem is to current threats.
Status: Premium
Multiple: 13x – 22x Revenue
Why: This is the fastest-growing attack surface. The Google/Wiz deal and Veeam/Securiti deal confirm this is where strategic capital is flowing. The convergence of these fields into data-aware cloud security is driving scarcity value. Cloud Security companies are seeing average M&A multiples of 22.7x, the highest in the sector4.
Status: High
Multiple: 10x – 15x Revenue
Why: Identity is the “new perimeter.” With the rise of non-human identities (service accounts, bots, AI agents), the volume of identities to secure is exploding. Deals like Imprivata/Verosint highlight the shift toward Identity Threat Detection and Response (ITDR) rather than just administration. Strategic acquirers like Palo Alto Networks (acquiring CyberArk) are paying premiums to own the identity layer11.
Status: Moderate
Multiple: 1x – 3x Revenue (lower for pure service, higher for tech-enabled)
Why: Service revenues are lower margin (30-50% gross margin) compared to software (80%+). However, tech-enabled MDR providers that use AI to automate the SOC (like LevelBlue) can command better multiples than traditional “bodies in seats” MSSPs. The LevelBlue/Cybereason deal illustrates the consolidation happening to achieve economies of scale3.
Status: Discounted
Multiple: 4x – 6x Revenue
Why: High market penetration/saturation. Growth is slow (single digits). These players are viewed as “cash cows” rather than growth engines, suitable for PE roll-ups rather than strategic premiums. The hardware component of traditional firewalls also drags down margins and valuation multiples compared to pure software players.
After a long drought, the cybersecurity IPO market showed real signs of life in late 2025. This “thaw” is expected to become a steady stream of listings in 2026.
In September 2025, Netskope successfully listed on the NASDAQ (Ticker: NTSK). They priced at $19 per share and raised over $900 million6. This was a critical test case. The successful pricing and subsequent trading performance provided a “green light” to other late-stage companies. It proved public market investors are willing to support high-growth cyber assets if the valuation is rational (approximately $9.6 billion market cap).
Following Netskope’s lead, several mature unicorns are actively preparing for 2026 listings.
Cato Networks: Having raised a Series G at a $4.8 billion valuation in 2025, Cato is a prime candidate. The company has hired bankers and is targeting a 2025/2026 window. They’re positioning their SASE platform as a high-growth public asset. The company has signaled it’s in no rush, using secondary sales to provide employee liquidity while waiting for optimal market conditions.12
Claroty: The OT/IoT security leader is engaging underwriters for a potential valuation of $3.5 billion7. The distinct nature of OT security (Cyber-Physical Systems) offers public investors diversification from standard IT security, making it an attractive portfolio addition.
Snyk: While Snyk was valued at $8.5 billion in 2021, its path has been rockier due to the valuation reset. Reports suggest it’s refining its financials to show profitability before attempting a listing, likely in 2026. The company hasn’t filed publicly yet but remains on the “shortlist” for 2026 IPO candidates.
SPAC activity remains muted and is largely considered a “dead” avenue for high-quality cybersecurity assets. Regulatory scrutiny and poor historical performance of SPAC-merged cyber companies (many trading below $2) have made this an unattractive route. Traditional IPOs are the preferred path for prestige, stability, and institutional backing.
Private market valuations are highly stratified by growth rate and Annual Recurring Revenue (ARR) scale. The median revenue multiple for private cybersecurity companies in 2025 stands at 15.2x, significantly higher than the public median of 7.8x4. This reflects the “growth premium” investors are willing to pay for earlier-stage companies with massive addressable markets.
Table 5: Private SaaS Valuation Benchmarks by Growth Rate
Growth Rate (ARR) | Median EV / ARR Multiple | 25th Percentile | 75th Percentile | Investor Sentiment |
< 10% | 3.2x | 2.1x | 4.5 x | Distressed / Cash Cow targets for PE. |
10% – 30% | 6.1x | 4.5x | 7.8x | “The Middle.” Hardest place to be. Too slow for VC. |
30% – 50% | 9.8x | 7.5x | 12.0x | Healthy growth. Attractive if burn is low. |
> 50% | 15.2x | 12.5 x | 18.4x | Premium territory. Scarcity value applies. |
Source: Synthesized from SaaS Capital Index & PitchBook Data.
Seed/Series A: Still strong. Investors are betting on the next generation of AI security. Seed deal sizes are increasing as large funds move earlier to capture equity30.
Series B/C: The “Crunch Zone.” Companies that raised at inflated 2021 valuations are facing flat or down rounds unless they’ve grown into their valuation. We’re seeing many “structured” rounds (things like guaranteed returns and liquidation preferences) to maintain face-value valuation while giving investors downside protection. The median Series B valuation is around $168M, while Series C jumps to around $225M, showing steady progression for healthy companies.
The broader economic environment in Q4 2025 is acting as a tailwind for valuations, completely different from the headwinds of 2023-2024.
Interest Rates: The Federal Reserve’s rate cuts in September and October 2025 (lowering the benchmark rate to 3.75%-4.00%) have been a primary catalyst. Lower rates reduce the cost of debt. This enables Private Equity firms (Thoma Bravo, Vista, etc.) to use more leverage for acquisitions. It puts a “floor” under valuations because PE firms can aggressively bid for cash-flowing assets, forcing strategic buyers to stay competitive.
Recession Fears: Despite rate cuts, J.P. Morgan research indicates a 40% probability of a recession by year-end 2025. Cybersecurity is generally viewed as “recession-resilient” (companies can’t turn off security). But it’s not “recession-proof” (companies can delay upgrades or consolidate vendors to save money). This dynamic drives the “Platformization” trend. Vendors that can offer “more for less” (consolidating 3 tools into 1) will win in a recessionary environment, while single-point solutions face churn.
Geopolitics and Trade: Trade tensions (tariffs) and active cyber warfare fronts (China, Russia) keep cybersecurity spending a board-level priority. The “Geopatriation” trend33 means governments and critical infrastructure providers are favoring domestic security vendors. This influences M&A cross-border approvals and creates a “sovereignty premium” for vendors with clean supply chains and domestic operations.
We’re moving beyond “Co-pilots” (which assist humans) to “Agents” (which act for humans). In Q4 2025, Dataminr’s acquisition of ThreatConnect was explicitly positioned to “deploy Agentic AI” 20. Valuation premiums are shifting to companies that can prove their AI agents can safely and autonomously remediate threats, drastically reducing OpEx for customers. Investors are looking for “Autonomous SOC” capabilities that go beyond simple alert summarization.
The debate is settling in favor of platforms. Palo Alto Networks’ strategy of “platformization” (aggregating network, cloud, and SOC) is winning wallet share. M&A in Q4 reflected this: Cisco, Palo Alto, and Check Point are all buying niche leaders (like CyberArk and smaller AI startups) to plug gaps in their platforms. Founders of point solutions must now prove they can become a platform or position themselves as a critical “feature” to be acquired.
With stricter global data laws, “sovereignty” is a key driver. Veeam’s acquisition of Securiti AI plays directly into this, providing governance across borders. Companies that solve the “data residency” compliance headache are seeing increased valuation interest from European and Asian buyers.
As we look to 2026, the cybersecurity valuation landscape appears poised for a “Rational Bull Market.”
M&A Volume to Increase: With private equity sitting on record “dry powder” and strategic buyers needing to secure AI dominance, deal volume is projected to rise. We expect 2026 to exceed 2025 deal volume by around 10%.13
The “AI Security” Bubble? Caution is advised. While AI security is hot, investors will soon begin demanding revenue proof. Companies claiming “AI” without distinct IP will see valuations collapse. The winners will be those securing the AI pipeline itself (protecting LLMs, data lakes, and inference models) and those using AI to fundamentally disrupt the cost structure of security operations.
Quantum Readiness: An emerging wildcard. Gartner predicts quantum security spending will rise significantly, exceeding 5% of IT security budgets by 202634. Companies with “Post-Quantum Cryptography” (PQC) solutions may become the next target for speculative high-valuation M&A as the 2030 deadline for quantum-safe migration looms.
Focus on Efficiency: Aim for Rule of 40 immediately. It’s the ticket to the premium valuation club.
Platformize or Partner: Standalone point solutions are losing leverage. Build integrations or broaden your suite to become “sticky.”
Prepare for Due Diligence: Acquirers are digging deep into “AI Governance.” Make sure your own AI use is compliant and secure.
Position for the Strategic: Identify which gap you fill for a “Platform” buyer (Google, Palo Alto, Cisco) and tailor your product roadmap to make that integration seamless.
Table 6: Buyer Type Analysis – Strategic vs. Financial (2025 Estimate)
Buyer Type | Deal Share (Vol) | Deal Share (Value) | Valuation Approach | Key Players |
Strategic | ~60% | ~80% | Pays for Synergy, Tech, & Market Share (Higher Multiples) | Google, Cisco, Palo Alto, Veeam |
Private Equity | ~40% | ~20% | Pays for Cash Flow, Efficiency, & Arbitrage (Lower Multiples) | Thoma Bravo, Vista, Liberty Strategic |
Note: Strategic buyers dominated deal value in Q4 due to mega-deals like Wiz and CyberArk.
Table 7: Geographic Breakdown of M&A Activity (Q3-Q4 2025)
Region | Deal Volume Share | Trend | Key Drivers |
North America | ~65% | Stable/High | Home to major acquirers and targets; regulatory clarity driving megadeals. |
Europe | ~20% | Declining | Economic headwinds and stricter regulation slowing deal velocity35. |
Israel | ~10% | Rebounding | Innovation hub for Cloud/AI security; source of major targets like Wiz, Cato, Cyera. |
APAC | ~5% | Low | Geopolitical tension reducing cross-border activity; localized consolidation. |
Source: Synthesized from BCG and PwC M&A Trends
Table 8: Revenue Growth vs. Valuation Multiple Correlation
Revenue Growth Range | Average Valuation Multiple | Implied Premium |
0% – 10% | 3.5 x | Base |
10% – 20% | 6.2x | +77% |
20% – 30% | 8.5x | +142% |
30% – 50% | 12.0x | +242% |
> 50% | 16.x | +371% |
Source: Derived from SaaS Capital and FinRO Data
Table 9: 2026 IPO Pipeline Watchlist
Company | Est. Valuation | Sector | Status |
Cato Networks | $4.0B – $5.0B | SASE | Pre-IPO; Bankers Hired; Targeting 2026.25 |
Claroty | $3.5B | OT/IoT | Interviewing Underwriters; Niche Leader.7 |
Snyk | $7.0B – $8.0B | DevSecOps | Refining financials; highly anticipated.27 |
Arctic Wolf | $4.0B+ | MDR | Late-stage; waiting for window. |
Bitdefender | $2.0B+ | Endpoint | Assessing market conditions. |
Source: TechCrunch, Reuters, Public Statements.
Sell-side M&A advisory for founders.
©2026 Windsor Drake