Cloud Security (CSPM/CWPP) Valuation

Executive Summary: A Market Divided

The first quarter of 2026 represents a major turning point for the Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) markets. We have left behind the days of scattered point solutions and the growth at all costs mindset that defined the early 2020s. A split landscape has taken its place. Two main forces now drive this sector. One is the aggressive consolidation of integrated Code to Cloud platforms. The other is the premium value investors now place on Agentic AI capabilities.

Valuations in Q1 2026 are strict. Global cybersecurity spending is on track to hit $522 billion this year 1, but capital is not spreading out evenly. Google Cloud’s $32 billion purchase of Wiz cleared regulatory hurdles in late 2025 and set a new ceiling for the sector.2 This deal proved the value of the Cloud-Native Application Protection Platform (CNAPP) model. It also sent a clear signal that the market for standalone CSPM tools is effectively closed. On the other side, Fortinet bought Lacework for roughly $200 million to $230 million. Lacework was once valued at $8.3 billion. Its exit serves as a warning about the dangers of wasting capital and relying on single-feature models.4

Revenue multiples have separated in this new market. Security platforms that feature AI Native and Agentic capabilities are getting multiples higher than 25x revenue. These high prices come from the promise that AI can fix problems on its own and reduce the need for human staff in the Security Operations Center (SOC).6 Traditional SaaS security models have settled in the 6x to 10x range. These valuations are now tied tightly to the Rule of 40 (or increasingly the Rule of 60) and efficient unit economics.7

This report offers an expert analysis of market valuations, competitive changes, and the economic factors driving the cloud security sector in Q1 2026. It looks at the shift from simple visibility to active, agentic response. It also details how regulations like DORA and the EU AI Act act as essential triggers for the next generation of security budgets.

Market Size & Growth Trajectory (2026–2030)

CSPM and CWPP markets have merged into the broader CNAPP category, but each segment still has its own growth drivers and valuation metrics. The speed of cloud adoption is now tied to the AI Infrastructure Supercycle. This connection has pushed growth forecasts higher, especially for runtime protection and AI-specific security.

Global Market Valuation Forecasts and Segment Analysis

Regulatory pressure and AI-driven threats are keeping growth rates in the double digits across the cloud security spectrum. However, momentum differs between configuration management (CSPM) and runtime protection (CWPP).

• Cloud Security Posture Management (CSPM): Analysts estimate the CSPM market at $5.25 billion in 2025 and expect it to reach $10.63 billion by 2030.8 A 15.2% CAGR is healthy, but it lags behind the innovation seen elsewhere in cloud security. CSPM has become a basic requirement. Detecting misconfigurations, like open S3 buckets, is now a standard feature of broader platforms rather than a unique selling point. Growth here comes from services (growing at 15.8% CAGR) because enterprises struggle to fix the alerts these tools create.8
• Cloud Workload Protection Platforms (CWPP): CWPP is the high-growth engine. Estimates place it at $7.84 billion in 2025, and it is projected to triple to $22.45 billion by 2030 with a CAGR of 23.41%.9 The gap between CWPP and CSPM growth shows a shift in buyer priority toward defending active workloads. Enterprises are deploying containers, serverless functions, and AI inference models, so static checks are not enough. The market needs runtime protection that blocks active attacks like ransomware or cryptojacking in real time.
• Agentic AI in Cybersecurity: This new segment is projected to grow from $1.83 billion in 2025 to $7.84 billion by 2030.10 This 33.83% CAGR is the fastest in the sector. The main driver is the autonomous SOC, which uses AI agents to investigate and fix threats without human help. Investors see this as the solution to the staffing shortage in security.

The AI Infrastructure Supercycle as a Valuation Multiplier

Cloud security budgets in Q1 2026 track directly with AI infrastructure spending. Gartner forecasts global IT spending will hit $6.08 trillion in 2026, with Data Center Systems growing 19.0% specifically to support AI projects.11

This AI trend impacts cloud security valuations in three ways:

1. Workload Density: Using high-performance computing clusters, like NVIDIA H100/Blackwell, increases the density and value of cloud workloads. Securing these resources needs specialized CWPP solutions that monitor GPU usage and AI model integrity without slowing things down.
2. Shadow AI Sprawl: Organizations now manage thousands of autonomous AI agents and non-human identities. Agentic AI is a top trend for 2026, and 50% of enterprises will likely use AI security platforms by 2028.12 This opens a new Total Addressable Market (TAM) for tools securing the AI Supply Chain.
3. Consumption Economics: As cloud bills rise from AI compute, security costs rise too. Vendors that price based on a percentage of cloud spend or per workload see automatic revenue growth from their customers’ AI adoption.

Regional and Vertical Market Dynamics

North America is still the largest market with about 35% share, but Asia-Pacific is growing the fastest. It is projected to expand at 16% CAGR through 2030.8 Rapid digitalization in India and Southeast Asia drives this, along with new regulations that copy the EU’s GDPR and DORA.

The Banking, Financial Services, and Insurance (BFSI) sector still contributes the most revenue at nearly 30%.8 However, Healthcare and Life Sciences will likely grow the fastest (15.4% CAGR) as they face the challenge of securing patient data in the cloud while using AI for drug discovery.8

Competitive Landscape: The Great Bifurcation

The Q1 2026 landscape shows a divide between Platform Consolidators and Distressed Point Solutions. The middle market has emptied out. Vendors either grow enough to become platforms or get bought at low prices.

The “Big Three” Cloud Security Platforms

The market is gathering around massive vendors that offer a unified Code to Cloud CNAPP platform. These players use their size to force vendor consolidation. They offer bundles that standalone startups struggle to match.

1. Palo Alto Networks (Prisma Cloud)

• Market Position: The dominant incumbent. Palo Alto has executed its platform strategy well. They convince executives to combine separate tools into the Prisma Cloud ecosystem.
• Financial Performance (Q1 Fiscal 2026): Palo Alto reported Next-Generation Security (NGS) Annual Recurring Revenue (ARR) of $5.9 billion, a 29% increase year-over-year.13 Total revenue grew 16% to $2.5 billion.
• Strategic Levers: The company uses its huge install base to sell AI security (Prisma Cloud AI Security) and SASE. Their large platform deals are speeding up. The number of customers spending over $5 million annually grew 54% YoY.14
• Valuation Implications: Palo Alto trades at a premium because it proved a legacy hardware vendor can shift to high-growth software revenue. Their Next-Gen ARR is valued much higher than their traditional firewall revenue.

2. CrowdStrike (Falcon Cloud Security)

• Market Position: The efficiency leader. CrowdStrike pivoted from being just an endpoint (EDR) vendor to a dominant cloud security player by using its single agent architecture.
• Financial Performance (Q3 Fiscal 2026): CrowdStrike reported total ARR of $4.92 billion, growing 23% YoY.15 Their cloud security modules are among the fastest-growing parts of their business.
• Strategic Levers: The Falcon agent is already on millions of servers and laptops. Turning on Cloud Security is often just a license key flip rather than a new project. This gives them a near-zero Customer Acquisition Cost (CAC) for selling cloud protection to existing customers.
• Valuation Implications: Trading at ~25.7x EV/Revenue 16, CrowdStrike has the highest multiples among public peers. This premium comes from their high Rule of 40 score (often over 60 when combining growth and margin) and high gross margins (78-81%).15

3. Wiz (Google Cloud)

• Market Position: The disruptor turned cornerstone. Following its $32 billion acquisition by Google, Wiz now acts as the central pillar of Google Cloud’s security portfolio.
• Strategic Levers: Before the deal, Wiz reached over $500M in ARR with growth exceeding 50%. Its agentless scanning technology cut Time to Value (TTV) to minutes. Under Google, Wiz will likely integrate with Gemini AI to offer autonomous fixes. This puts huge pressure on AWS and Microsoft to improve their native security offerings.
• Valuation Implications: The $32 billion price implies a revenue multiple of roughly 60x (assuming ~$500M ARR at the time). This historic premium reflects Google’s strategic need to own the cloud security layer and the lack of other assets with Wiz’s growth profile.

The “Lacework Lesson” – A Valuation Warning

Fortinet bought Lacework for an estimated $200M–$230M in August 2024. This is a ~98% drop from its peak valuation of $8.3 billion in 2021.4 This serves as the main case study for 2026.

Analysis of Failure:

1. Capital Inefficiency: Lacework raised $1.3 billion at a high valuation but revenue did not scale enough. They burned cash on sales expansion before solidifying their fit in the broader CNAPP market.
2. Technological Narrowness: Lacework was strong in threat detection but lacked the breadth of CSPM and remediation that Wiz and Palo Alto offered. They were a feature in a market that wanted a platform.
3. Market Timing: They tried to scale during a drop in SaaS spending without the platform leverage to keep customers who were consolidating vendors.

Takeaway for Founders: Valuation is not value. High burn rates to chase growth without healthy unit economics (LTV/CAC) is a fatal strategy in 2026. The market punishes growth at all costs and rewards efficient growth.

The Challengers & IPO Pipeline

Below the giants, a group of Pre-IPO companies is fighting for market share. They are trying to justify their private valuations before entering the public markets.

• Sysdig: Positioned as the Runtime alternative to Wiz. Sysdig raised at a $2.5 billion valuation in 2021 and focused on deep runtime visibility using eBPF technology. With the market moving back toward runtime protection to stop active AI attacks, Sysdig is a strong IPO candidate for late 2026 if they have managed their burn rate.3
• Cato Networks: Valued at over $4.8 billion after a $359 million raise in 2025. While primarily a SASE vendor, the convergence of network and cloud security makes them a direct competitor to Palo Alto Networks. Their strong financials make them a likely IPO candidate.17
• Orca Security: Valued at $1.8 billion.18 Orca pioneered SideScanning (agentless visibility) but faced intense competition from Wiz. The company navigated patent litigation and executive turnover, which makes its path to a standalone IPO harder than its peers. It remains a potential target for a legacy vendor like Cisco or IBM looking to improve their CNAPP capabilities.
• Snyk: A developer-first security unicorn valued at $7.4 billion (down from $8.5 billion). Snyk targets a 2026 IPO and banks on the DevSecOps movement. However, they face headwinds as platforms like GitHub (Microsoft) and GitLab integrate more native security features.

Founder Value Drivers: What Commands a Premium in 2026?

Founders must show capabilities that go beyond basic visibility to get premium valuations (15x+ ARR) in Q1 2026. The time of dashboards is over. The time of autonomous action has begun.

Autonomous Remediation (The “Agentic” Standard)

Investors pay premiums for platforms that fix problems, not just report them. AI-assisted auto-remediation engines are a key growth driver.8

• The Shift: Traditional CSPM alerts a human analyst to an open port. An Agentic Security Platform detects the open port, checks threat intel, logs into the cloud console, closes the port, and files a Jira ticket detailing the action without human help.
• Valuation Impact: Companies that show this capability for Tier 1 and Tier 2 incidents are valued as productivity software rather than just insurance software. They command 25x+ multiples.6

“Shift-Left” to “Shield-Right” Integration

Pure-play CSPM is a feature, not a company. Value lies in connecting the entire lifecycle:

1. Code (IaC): Scanning Terraform/Helm charts for errors before deployment.
2. Runtime (CWPP): Protecting running containers and AI models from active attacks.
3. Response (CDR): Cloud Detection and Response.
   Founders must show a unified graph connecting these areas. Knowing that a vulnerability in runtime came from a specific developer commit in code allows for root cause resolution.

Non-Human Identity Security (NHIM)

Organizations manage thousands of machine identities (service accounts, API keys, bots) for every human employee due to the rise of AI agents. Attackers target these non-human credentials because they often have too much access and too little monitoring.

• Feature Requirement: Tools specializing in CIEM (Cloud Infrastructure Entitlement Management) are no longer optional. They must be part of the CSPM platform.
• Founder Opportunity: Startups focusing on the governance of AI agents (for example, preventing an AI agent from accessing sensitive PII it wasn’t trained on) see rapid valuation growth.

Data Gravity and the Security Graph

Wiz won historically because of its Security Graph (the ability to link different risks).

• Differentiation in 2026: It is no longer just a graph of static configuration risks. It is a graph of runtime behaviors and AI data flows. Can the platform show which AI model accesses which data lake? Can it map the blast radius of a compromised AI agent? This Data Gravity creates a significant moat.

Investment Trends: The “Quality Flight”

Venture capital in Q1 2026 has bounced back from the lows of 2023 and 2024, but the strategy has changed. High-conviction bets on category leaders and efficient growth have replaced scattershot investing.

Funding Patterns: The Mega-Round vs. The Drought

Capital concentrates in late-stage winners who take most of the growth equity.

• Mega-Rounds: Companies like Cato Networks ($359M raise), Abnormal Security ($250M raise), and Cyera ($540M raise) secure massive rounds to solidify their positions before IPOs. These rounds are often pre-IPO financings designed to clean up cap tables and provide liquidity to early employees.
• The Series B/C Squeeze: Mid-stage companies that have not achieved platform status or showed efficient unit economics find it hard to raise funds. Many are forced into consolidation (M&A) at flat or down rounds.

Private Equity Aggregation

Private Equity (PE) firms like Thoma Bravo and Vista Equity Partners remain active, but their playbook has changed. They buy technology assets to build platforms rather than just buying distressed assets for cash flow.

• Strategy: Roll-up strategies are common. A PE firm buys a strong anchor asset (like SailPoint or Darktrace) and acquires smaller point solutions (like a CSPM startup or a DLP tool) to bolt onto the platform.19
• Valuation Floor: This PE activity sets a valuation floor for startups. Even if a startup fails to IPO, if it has good technology and a solid customer base, it can likely exit to a PE-backed platform for 4x to 6x revenue.

The IPO Window Reopening

After a long drought, the IPO pipeline for 2026 looks robust.

• Candidates: Snyk (targeting 2026), Cato Networks, Sysdig, and Abnormal Security are preparing S-1 filings.
• New Metrics: Public market investors in 2026 demand profitability (or at least positive Free Cash Flow) alongside growth. The growth at all costs story does not work in S-1 roadshows anymore. Companies must show a clear path to GAAP profitability within 4 to 6 quarters of listing.

Technology Differentiation: Agentic AI & Runtime Supremacy

Differentiation in 2026 is no longer about the debate between Agentless vs. Agent-based architectures. The market has accepted that a hybrid approach is necessary. The new competition is Agentic AI and Runtime Supremacy.

The Agentic Shift

Gartner lists Agentic AI (systems that plan and execute complex goals on their own) as a top strategic trend for 2026.12 In cloud security, this translates to Cyber AI Agents.

• Mechanism: Unlike GenAI Wrappers (chatbots that summarize alerts), Agentic AI takes action. For example, a Remediation Agent can find a vulnerable container image, trace it back to the build pipeline, identify the developer who committed the code, open a pull request with the patched library, and verify the fix on its own.
• Market Impact: Startups like Lakera (AI application security) and Protect AI (MLOps security) get attention because they secure the AI pipeline itself.20 Gartner predicts that 50% of enterprises will use specialized AI security platforms by 2028.12

Runtime is King (Again)

While CSPM (configuration) drove the last cycle, CWPP (runtime) is the growth engine for 2026.

• The Driver: Attackers move faster. The breakout time (time from compromise to lateral movement) is now measured in minutes. Static analysis (CSPM) cannot stop a live attack.
• Technology: Solutions offering eBPF-based deep observability (like Sysdig) are valued higher. They provide truth about what is actually running and communicating in the kernel without the stability risks of traditional kernel modules. eBPF allows for high-performance security that can run in production environments with minimal overhead, which is a requirement for AI workloads.

Customer Acquisition Economics: The New Efficiency Benchmarks

Valuations in 2026 link heavily to Go-To-Market (GTM) efficiency. Investors look closely at the unit economics of growth.

CAC Payback Period Benchmarks

The CAC Payback Period (the time required to recover the cost of acquiring a customer) is the main metric for efficiency.

Source: Consolidated insights from research data.

• Valuation Correlation: Companies with payback periods under 12 months (SMB) or 18 months (Enterprise) trade at the upper end of revenue multiples (15x+). Those exceeding 24 months are seen as capital-inefficient and often trade at less than 5x revenues.
• Sales Cycle Impact: Enterprise security sales cycles have lengthened due to increased CFO oversight. Successful vendors offset this by increasing their Annual Contract Value (ACV) through platform bundling (CSPM + CWPP + CDR in one deal).

Net Revenue Retention (NRR)

Top-tier cloud security companies (CrowdStrike, Wiz, Palo Alto) consistently boast NRR rates of 120%–140%.

• Mechanism: The land and expand model drives this. A customer might start with basic CSPM visibility. Over time, they add Runtime Protection (CWPP), then Container Security, then AI-SPM.
• LTV Impact: High NRR boosts Customer Lifetime Value (LTV). If a company retains customers and grows their spend by 20% annually, it can afford a higher initial CAC while maintaining healthy long-term unit economics.

Regulatory & Compliance Drivers: The 2026 Budget Catalyst

Regulation has shifted from a standard compliance activity to a C-level liability issue. This shift unlocks fresh budget cycles that are safe from macroeconomic downturns.

DORA (Digital Operational Resilience Act)

• Status: Full enforcement began on January 17, 2025.21
• Scope: Applies to financial entities in the EU and their critical ICT providers.
• Impact: Organizations must prove operational resilience (the ability to withstand and recover from cyber incidents). This creates a mandatory budget for CWPP (to prevent downtime) and Third-Party Risk Management tools. Non-compliance carries penalties of up to 2% of global turnover, making this a priority for boards.

SEC Cybersecurity Disclosure Rules

• Requirement: Public companies in the US must report material cybersecurity incidents within 4 business days of determination.
• Impact: This puts massive pressure on CISOs to maintain real-time visibility. You cannot report within 4 days if you do not know what happened. This drives spending on high-fidelity Cloud Detection and Response (CDR) platforms that can quickly determine the scope and materiality of an incident. It devalues noisy alerting tools that create confusion.

EU AI Act

• Status: Rules for high-risk AI systems become fully applicable by August 2, 2026.22
• Impact: Companies deploying AI must perform conformity assessments, ensure data governance, and maintain human oversight. This creates a new market for AI-SPM (AI Security Posture Management) tools that automate compliance with these regulations. Security vendors race to add AI Governance modules to their platforms to capture this budget.

Emerging Threats & Market Catalysts

The threat landscape in Q1 2026 is dominated by AI-augmented adversaries. Defenders are forced to adopt AI-driven countermeasures.

• AI-Powered Attacks: Cybercriminals use AI to automate vulnerability discovery, generate sophisticated phishing campaigns, and write exploit code. This industrialization of hacking means human analysts can no longer keep up. The only defense is AI fighting AI, which drives demand for Agentic Security platforms.24
• Identity-Based Attacks: Identity is the new perimeter. Attackers bypass firewalls by compromising credentials (both human and machine). This drives the convergence of Identity Security and Cloud Security. Capabilities like ITDR (Identity Threat Detection and Response) are now essential components of a CWPP offering.
• Quantum Preparedness: While still new, Quantum Security is appearing in budgets. Spending is forecast to exceed 5% of security budgets.25 Forward-looking organizations ask vendors about their post-quantum cryptography roadmaps, influencing long-term vendor selection.

Valuation Multiples Analysis (Q1 2026)

Understanding valuation multiples is crucial for founders negotiating term sheets and for investors assessing deal flow. The market has established clear tiers based on growth, efficiency, and AI leverage.

Public Market Benchmarks (The Ceiling)

• CrowdStrike (CRWD): Trading at ~25.7x EV/Revenue.16 CrowdStrike is the Gold Standard for valuation. It is rewarded for its scale ($4.9B ARR), growth (23%), and profitability (Rule of 60).
• Palo Alto Networks (PANW): Trading heavily on its NGS ARR growth. The market applies a software multiple to its NGS revenue and a hardware multiple to its legacy revenue.
• Zscaler (ZS): Supports a premium valuation due to its strong Rule of 40 score, though it faces competitive pressure from Palo Alto’s SASE offering.26

Private Market Multiples (The Reality)

• AI-Native / Agentic SaaS: 20x – 30x ARR. Companies like Abnormal Security ($5.1B val on ~$200M ARR) and pre-acquisition Wiz exemplify this tier. Investors pay for the AI Moat (proprietary data and network effects) that arguably makes these businesses defensive against commoditization.6
• High-Growth Cyber Platforms: 12x – 18x ARR. Companies growing 30-50% with strong retention but less AI hype.
• Mature / Standard Growth SaaS: 6x – 10x ARR. Companies growing 20-30% with decent metrics. This is the new normal for good software businesses.
• Distressed Assets: <4x ARR. Companies with high burn, declining growth, or those seen as features rather than platforms (like Lacework at exit).

The “Agentic AI” Premium

Data indicates a massive separation. AI SaaS companies see median revenue multiples of 25.8x, compared to 2.5x–7.0x for traditional SaaS.6 This AI Premium is the most significant valuation dynamic in 2026. However, it comes with risks. Investors are wary of LLM wrappers (thin layers over GPT-5) and look for deep, proprietary agentic workflows that create lasting value.

Go-to-Market Strategy Impact on Valuation

How a company sells is as important as what it sells. Valuation correlates increasingly with the scalability and efficiency of the GTM engine.

• Product-Led Growth (PLG) vs. Sales-Led: PLG models (like Wiz’s early friction-free scanning) command premiums because they lower initial CAC and demonstrate product-market fit without heavy sales engineering. However, scaling to enterprise ($1M+ ACV) requires a hybrid model with a sophisticated enterprise sales motion.
• Marketplace Leverage: The ability to monetize through cloud marketplaces (AWS Marketplace, Azure Marketplace, Google Cloud Marketplace) is a key valuation driver. It lowers procurement friction, shortens sales cycles, and grants access to customers’ committed cloud spend (EDP/MACC). Vendors like CrowdStrike and Palo Alto generate significant revenue through these channels.
• Channel & MSSP Ecosystem: For CWPP vendors, the ability to sell through Managed Security Service Providers (MSSPs) is critical for reaching the mid-market. A strong channel program reduces direct sales costs and improves CAC payback, leading to higher valuation multiples.

Conclusion & Strategic Outlook

Q1 2026 marks the maturity phase of the first generation of cloud security. The simple capital of basic CSPM is gone. The market now rewards integrated CNAPP platforms, Agentic AI capabilities, and runtime protection that can withstand the rigors of the AI era.

For Founders, the path to a premium valuation (>15x ARR) requires a narrative that goes beyond visibility. It must promise autonomous remediation and AI resilience. You must build for efficiency, ensure CAC payback is under 18 months, and pivot hard to Agentic AI workflows that reduce human toil.

For Investors, the signal is clear. Avoid point solutions with high burn. Double down on platforms that own the Code to Cloud lifecycle and possess the proprietary data gravity to win the AI arms race. The AI Premium is real, but it is reserved for companies that fundamentally change the economics of defense.

Final Thought: The $32 billion Wiz deal was not an anomaly. It was a re-pricing of the sector based on the strategic imperative of cloud security in an AI-driven world. The market is massive, but the winner’s circle is becoming increasingly exclusive.

Report generated by Expert Market Research Analyst | Q1 2026

Works cited

1. Cybersecurity Market Report 2025-2026 – Cybercrime Magazine, accessed December 31, 2025, https://cybersecurityventures.com/wp-content/uploads/2023/11/CybersecuritySpending2031.pdf
2. This tech startup once rejected ₹2 lakh crore offer from Google, it is …, accessed December 31, 2025, https://www.hindustantimes.com/technology/this-tech-startup-once-rejected-rs-2-lakh-crore-offer-from-google-it-is-now-being-sold-at-101762397227749.html
3. Google clears $32B Wiz acquisition hurdle | AI Tool Report, accessed December 31, 2025, https://www.theaireport.ai/newsletter/google-clears-32b-wiz-acquisition-hurdle
4. From $8.3B to $200M: Why Lacework Is Examining a Sale to Wiz, accessed December 31, 2025, https://www.bankinfosecurity.com/blogs/from-83b-to-200m-lacework-examining-sale-to-wiz-p-3615
5. Fortinet Completes Acquisition Of Former Cloud Security Unicorn …, accessed December 31, 2025, https://www.crn.com/news/security/2024/fortinet-completes-acquisition-of-former-cloud-security-unicorn-lacework
6. AI SaaS valuation multiples are insane – 25.8x revenue vs 2.5x-7x …, accessed December 31, 2025, https://www.reddit.com/r/SaaS/comments/1np6b4p/ai_saas_valuation_multiples_are_insane_258x/
7. Understanding AI SaaS Valuation 2025: A Comprehensive Analysis, accessed December 31, 2025, https://bookmancapital.io/what-is-ai-saas-valuation-comprehensive-analysis/
8. Cloud Security Posture Management Market Size & Growth 2030, accessed December 31, 2025, https://www.mordorintelligence.com/industry-reports/cloud-security-posture-management-market
9. Cloud Workload Protection Market Size & Trends 2025 – 2030, accessed December 31, 2025, https://www.mordorintelligence.com/industry-reports/cloud-workload-protection-market
10. Cybersecurity Agentic AI Market Size, Share & 2030 Growth Trends …, accessed December 31, 2025, https://www.mordorintelligence.com/industry-reports/cybersecurity-agentic-artificial-intelligence-market
11. Gartner predicts strong growth in worldwide IT spending by 2026, accessed December 31, 2025, https://datacentre.solutions/news/71070/gartner-predicts-strong-growth-in-worldwide-it-spending-by-2026
12. Gartner identifies the top strategic technology trends for 2026, accessed December 31, 2025, https://www.technologydecisions.com.au/content/it-management/article/gartner-identifies-the-top-strategic-technology-trends-for-2026-637307292
13. Q1’26 Earnings Presentation vF, accessed December 31, 2025, https://investors.paloaltonetworks.com/static-files/7adeb1fd-e842-49b9-8a37-527abdc15659
14. Palo Alto Networks Q1 2026 slides: Revenue beats expectations …, accessed December 31, 2025, https://au.investing.com/news/company-news/palo-alto-networks-q1-2026-slides-revenue-beats-expectations-strategic-acquisitions-expand-tam-93CH-4135980
15. CrowdStrike Reports Third Quarter Fiscal Year 2026 Financial Results, accessed December 31, 2025, https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-reports-third-quarter-fiscal-year-2026-financial/
16. EV / Revenue For CrowdStrike Holdings Inc (CRWD) – Finbox, accessed December 31, 2025, https://finbox.com/XLIM:CRWD/explorer/ev_to_revenue_ltm/
17. Cato Networks raises $359 million at $4.8 billion valuation, keeps …, accessed December 31, 2025, https://www.calcalistech.com/ctechnews/article/pmald8ywg
18. Orca Security – 2025 Company Profile, Team, Funding & Competitors, accessed December 31, 2025, https://tracxn.com/d/companies/orca-security/__j7zo3TQfd9nhmyy1RvcINGW_OT93k0MEBuxDvTdzwGo
19. Who Will Buy The SaaS Companies?, accessed December 31, 2025, https://www.saastr.com/who-will-buy-the-saas-companies/
20. Investors flock to agentic AI as startups pitch fixes for cybersecurity …, accessed December 31, 2025, https://dhinsights.org/news/investors-flock-to-agentic-ai-as-startups-pitch-fixes-for-cybersecurity-gaps
21. DORA in 2026: Financial Institutions and Cyber Resilience – Hexnode, accessed December 31, 2025, https://www.hexnode.com/blogs/preparing-for-dora-in-2026/
22. AI Act | Shaping Europe’s digital future – European Union, accessed December 31, 2025, https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai
23. Implementation Timeline | EU Artificial Intelligence Act, accessed December 31, 2025, https://artificialintelligenceact.eu/implementation-timeline/
24. Cybersecurity Market Update | Q1 2025 – Houlihan Lokey, accessed December 31, 2025, https://www2.hl.com/pdf/2025/cybersecurity-market-update-q1-2025.pdf
25. Forrester’s 2026 Technology And Security Predictions, accessed December 31, 2025, https://www.forrester.com/press-newsroom/forrester-tech-security-2026-predictions/
26. Cybersecurity Stocks: AI is Fueling Best-Ever Earnings, accessed December 31, 2025, https://leverageshares.com/us/insights/cybersecurity-stocks-ai-is-fueling-best-ever-earnings/