Identity & Access Management (IAM) Valuation Q1 2026

Executive Summary

As we settle into the first quarter of 2026, Identity and Access Management (IAM) has effectively cornered the market as the crown jewel of cybersecurity investment. The sector is coming off a massive sugar rush in 2025—a year that saw an unprecedented $96 billion to $102 billion in capital flood into mergers and acquisitions. That volume of dealmaking didn’t just move the needle; it fundamentally rewrote the valuation playbook. We are no longer in the post-pandemic hangover where investors vacillated between “growth at all costs” and “profitability at all costs.” Instead, a more nuanced, bifurcated reality has taken hold. In this market, if you have a platform story, an AI-native architecture, or an “identity-first” security strategy, you command a premium. If you are a legacy point solution or an on-prem incumbent, you are likely facing a valuation ceiling.

What we are seeing in Q1 2026 is a critical re-rating of identity security. It is graduating from a defensive operational line item to a foundational infrastructure layer for the AI economy. With Agentic AI, autonomous workloads, and non-human identities (NHIs) proliferating, the total addressable market (TAM) is expanding rapidly—Morgan Stanley analysts now project it to hit $377 billion by 2028.1 This isn’t just theoretical growth; it’s driving aggressive consolidation. You can see it in Palo Alto Networks’ transformative $25 billion play for CyberArk and Google’s massive $32 billion check for Wiz. These aren’t just big numbers; they are resets. They have established a new “platform premium” that every founder and investor now has to model against.23

Public market valuations are telling this story with brutal clarity. High-growth cybersecurity stocks rallied about 10% in 2025, leaving their low-growth peers in the dust (down 7%).4 The Rule of 40 is still the law of the land, though we are seeing a shift toward the growth-weighted “Rule of X” for the top tier. Look at CrowdStrike or the newly public SailPoint: they are trading at revenue multiples well above the historical median because they have cracked the code on efficient growth at scale.56 The private markets are finally thawing out, too. We are looking at a loaded IPO pipeline with heavyweights like Netskope, Saviynt, and Delinea gearing up to test the waters as the macroeconomic picture stabilizes.7

This report breaks down the IAM valuation landscape for Q1 2026. We have synthesized data from public market performance, the M&A super-cycle, private equity flows, and the regulatory pressures coming from the EU’s DORA and AI Act. It is designed to give cybersecurity founders and investors a clear look at what is actually driving value today. We will walk through the strategic imperatives shaping exits, how AI is upending identity governance, and where the sector goes from here as it cements its role as the control plane for a digital world.

Macroeconomic Context and Market Dynamics Q1 2026

The Global Economic Stabilization

Investors entering Q1 2026 are looking at a global economy that feels sturdy, if a little fragile around the edges. Global GDP growth is tracking toward 2.8% for the year, and the US economy is defying gravity, expected to grow at 2.6%—well ahead of the 2.0% consensus.8 This resilience comes down to moderating inflation and central banks finally taking their foot off the brake. The Federal Reserve and the ECB have shifted gears from aggressive inflation fighting to equilibrium management, trying to keep labor markets healthy without letting prices run hot again.910

For tech and cybersecurity, this is a broadly supportive environment, but capital is highly selective. Interest rates have stabilized, which has brought the weighted average cost of capital (WACC) down and reignited some risk appetite among institutional investors who spent 2023 and 2024 hiding in safe havens. Equity markets look poised to rally—the S&P 500 is projected to climb roughly 12% in 2026, riding on earnings growth and corporate tax tailwinds.810 The recovery isn’t evenly distributed, though. The US is still the main engine for innovation and growth, while Europe faces structural headwinds and a slower expansion. This divergence is creating a real gap in valuation premiums between North American and European assets.9 European founders are increasingly looking across the Atlantic, targeting US capital markets or strategic acquirers to unlock maximum value.

The Cybersecurity Decoupling

Even with the broader economic stabilization, cybersecurity has started to decouple from general software indices. While general IT spending is growing modestly, cybersecurity budgets are projected to run hot, increasing at a CAGR of 12% to 15% through 2028—outpacing general IT spend by nearly 50%.1112 The demand is structural. The threat landscape has escalated, characterized by threat actors weaponizing AI for things like deepfakes and automated phishing, driving the projected cost of cybercrime to a staggering $10.5 trillion annually.11

In Q1 2026, investors aren’t treating cybersecurity as discretionary spend. It’s viewed as essential defense infrastructure, closer to a utility than software. You can see this resilience in sector indices like the Houlihan Lokey Cybersecurity Index and the HACK ETF, which have held up well against broader market volatility.413 But don’t mistake this for the “rising tide lifts all boats” market of 2021. Capital is discerning. It’s a flight to quality, concentrating in category leaders that can prove efficient growth, high retention, and a clear path to platform dominance.

The AI Infrastructure Boom

You cannot talk about IAM valuations in Q1 2026 without talking about the AI infrastructure build-out. Hyperscalers and large enterprises are pouring billions into AI capex, creating a massive secondary demand wave for security. They need to protect AI models, data pipelines, and autonomous agents.1214 Identity has emerged as the control plane for this new AI stack.

As organizations deploy Large Language Models (LLMs) and agentic workflows, the volume of machine identities is exploding. These non-human entities need provisioning, authentication, and privileged access management just like people, but at a scale and speed that humans can’t manage manually. IAM vendors that have articulated a clear “Identity for AI” strategy—specifically around securing non-human identities and AI agents—are commanding premiums comparable to pure-play AI infrastructure companies. The market has realized that without robust identity governance, AI adoption carries unacceptable enterprise risk.415

Public Market Valuations: The Rule of 40 and Beyond

Comparative Valuation Analysis

Snapshot January 2026: The valuation gap in public markets has widened into a chasm. While median multiples for broader software have stabilized, the cybersecurity sector—and IAM specifically—is a tale of two cities. On one side, you have legacy providers; on the other, cloud-native platform leaders.

Data from Icon Corporate Finance and other trackers shows top-performing cybersecurity companies trading at a median of 11.9x EV/Revenue. The bottom half? They are languishing at 2.9x EV/Revenue.16 This multiple spread illustrates just how ruthless the market has become: it pays for high-growth, high-margin platforms and aggressively discounts slower-growth, single-product vendors.

Data Sources:.5616171819 Note: CyberArk multiple reflects acquisition premium.

CrowdStrike (CRWD) is the poster child for the platform premium, trading at ~24.7x revenue. By aggressively expanding into identity threat detection (ITDR) and cloud security (CNAPP) while maintaining robust free cash flow margins, they have justified their outlier status. The market doesn’t see them as just an endpoint company anymore; they are a consolidated security data fabric eating the TAM of adjacent markets, including IAM.5

SailPoint (SAIL), back in the public markets as of early 2025, is trading at a healthy 10.2x multiple. This validates their successful transition to a SaaS-first model under Thoma Bravo. With ARR clearing $1 billion and growing at 28%, SailPoint proves that the Identity Governance and Administration (IGA) market has legs and that investors will pay up for “Category Kings” that successfully navigate the cloud transition.62021

Okta (OKTA) is trading at 5.1x, reflecting the growing pains of market saturation in core Access Management. While still a leader, their 12% growth rate drags down the multiple compared to peers like CrowdStrike. The market is pricing Okta as a value play rather than a growth rocket. Investors are in “show me” mode, waiting for proof that expansion into IGA and PAM can re-accelerate growth back to the 20% range. It’s a cautionary tale for founders about the risks of deceleration.1722

SentinelOne (S) trades at 4.7x revenue despite posting 28% growth. This illustrates the market’s penalty for lower profitability and the perception of being the “second mover” in XDR. However, their heavy investment in AI and autonomous security operations positions them as an interesting value play or a prime acquisition target for a larger strategic looking to bolster its AI credentials.1923

The “Rule of 40” as the Gold Standard

The Rule of 40 (Revenue Growth % + Free Cash Flow/EBITDA Margin % ≥ 40) is still the definitive yardstick for IAM valuations in Q1 2026. It’s the quickest way for investors to sanity-check the quality of a SaaS business. Sophisticated investors, however, are increasingly leaning on the Rule of X or Weighted Rule of 40 to separate the good from the great. This variation often weights growth more heavily (e.g., 2x Growth + Profitability) for earlier-stage companies, acknowledging that high growth compounds value faster than current profitability.2425

Companies that clear the Rule of 40 consistently trade at multiples above 10x revenue. This cohort is viewed as “efficient growers” that can compound capital internally. Drop below a score of 30, and multiples compress into the 2x-4x range. This is the “valley of death” for companies growing moderately (15-20%) while burning cash. In Q1 2026, the market has zero tolerance for inefficient growth.26 The mandate has shifted from “growth at all costs” to “efficient growth.” For IAM companies, this means keeping Customer Acquisition Costs (CAC) stable and Net Revenue Retention (NRR) high (ideally >120%) by cross-selling modules like IGA, PAM, and ITDR.27

Net Revenue Retention (NRR) Implications

NRR has overtaken gross growth as the vital sign for SaaS health. In IAM, high NRR proves a platform is expanding its footprint—moving from securing employees to securing machine identities, contractors, and customers. SailPoint reports strong NRR (114%) driven by its SaaS transition and non-human identity governance expansion. That metric is a primary driver of their double-digit revenue multiple.21 CrowdStrike maintains exceptionally high NRR through module adoption (64% of customers use 5+ modules), proving the platform thesis works. This “land and expand” engine is what supports their valuation premium.28

For founders, the lesson is clear: structure your product roadmap for expansion revenue. Single-product IAM companies struggle to keep NRR above 110% as they scale, which leads to valuation compression. The path to a premium valuation lies in building or acquiring adjacent capabilities (like an IGA vendor adding PAM features) to capture more wallet share from the customers you already have.

Strategic M&A: The Consolidation Wave of 2025/2026

The $100 Billion Year

2025 was a massive year for cybersecurity M&A, with total transaction volume hitting between $96 billion and $102 billion across 400+ deals.429 Strategic acquirers took the wheel back from private equity, accounting for 92% of deal value.4 The theme for Q1 2026 remains “Platform Consolidation.” Giant incumbents are buying up best-of-breed innovation to lock in their dominance for the AI era. This capital super cycle has put a floor under valuations for high-quality assets; scarcity is driving up premiums.

Transformational Deal Analysis

In July 2025, Palo Alto Networks (PANW) announced the acquisition of CyberArk for ~$25 billion ($45.00 cash + 2.2005 shares per CyberArk share).230 This valued CyberArk at a ~26% premium over its unaffected share price, implying a revenue multiple of roughly 15x-18x. This is the definitive signal that Identity is the New Perimeter. By absorbing the market leader in Privileged Access Management (PAM), Palo Alto Networks closes the loop between network, cloud, and identity security. It positions them to offer a unified “Code-to-Cloud-to-Identity” platform that directly challenges Microsoft and CrowdStrike.3132 It also takes the largest independent PAM player off the board, creating scarcity. Competitors like Delinea and BeyondTrust now have to position themselves as the remaining “pure-play” alternatives or prime acquisition targets for the likes of Cisco or Google.

Google (Alphabet) acquired cloud security unicorn Wiz for roughly $32 billion in 2025.33334 This deal represents one of the highest revenue multiples for a scaled asset in history, estimated between 45x and 65x ARR (based on ~$500M-$700M ARR estimates).3335 Google Cloud has historically trailed AWS and Azure. Buying Wiz gives Google the premier Cloud Native Application Protection Platform (CNAPP), instantly boosting its security credibility and providing a wedge into multi-cloud environments. The extreme multiple paid here highlights the scarcity value of Cloud-Native and AI-Ready platforms. It sets a ceiling for valuation expectations for other pre-IPO cloud security firms like Netskope and Cato Networks, suggesting that strategic value to a hyperscaler can justify multiples far beyond what public markets will pay.

Thoma Bravo continues to reshape the IAM landscape via aggressive roll-ups. After acquiring ForgeRock for $2.3 billion and Ping Identity for $2.8 billion, they officially merged the two entities to create a massive identity platform to rival Okta and Microsoft.363738 By combining Ping’s federation and workforce strengths with ForgeRock’s CIAM and scalability, Thoma Bravo is engineering a “Rule of 40” giant in private markets. This consolidation reduces fragmentation and likely sets the stage for a massive relisting or strategic sale in late 2026 or 2027. It’s proof that Private Equity isn’t just a graveyard for slow growth; it’s an active engine for platform creation.

The Strategic Imperative for 2026

For IAM founders, the M&A message is simple: Platform beats Point Solution. Acquirers aren’t shopping for features anymore; they want capabilities that expand their platform’s gravity. Startups need to show how their technology—whether it’s ITDR, DSPM, or machine identity management—integrates into a broader ecosystem or has the potential to anchor a platform itself.39

Private Market Dynamics and IPO Pipeline

The Reopening of the IPO Window

After a long drought, the IPO window looks set to reopen significantly in 2026. SailPoint’s successful return to public markets in February 2025 was the bellwether, proving that public investors are ready to support IAM companies with strong fundamentals.4041

Netskope, with ARR exceeding $500 million and a valuation firmly in decacorn territory, is a prime candidate for a H2 2025/2026 IPO. Their focus on SASE and SSE fits perfectly with the platform consolidation trend.7 Saviynt, fresh off raising $700 million at a $3 billion valuation in December 2025 from KKR, is aggressively scaling its converged IGA/PAM platform. That “growth equity” round suggests a pre-IPO ramping phase, positioning them as the next major IGA player to go public.1542 Delinea is also reportedly eyeing an IPO. With ARR over $400 million and TPG backing, the merger of Thycotic and Centrify has created a PAM giant with the scale for public markets, filling the void left by CyberArk.743

Semperis, specializing in Active Directory security and recovery, has crossed $100 million in ARR and raised $125 million in growth financing. They are positioning themselves as a “cyber resilience” play—distinct from traditional prevention tools—and have hired executives with IPO experience, signaling ambition.4445 1Password, holding a $6.8 billion valuation in secondary markets, is transitioning from a consumer/SMB password manager to an enterprise identity platform. With a strong brand and massive user base, they are eyeing a 2026 listing to capitalize on that enterprise expansion.46

Private Valuation Metrics

In private markets, valuations have stabilized but remain bifurcated. Early-stage (Seed/Series A) activity is high, especially for AI-security startups. Investors are betting on “Identity for AI” and “Non-Human Identity Management,” keeping valuations steady or rising. At the growth stage, investors demand efficient growth; the “growth at all costs” model is dead. Companies must show a clear path to Rule of 40 compliance. Late-stage valuations are tight. Down rounds or flat rounds are common for companies that raised at 2021 peaks unless they have grown into those valuations (like Wiz or Saviynt). High-performing private IAM companies are trading at 10x-15x ARR in primary rounds, while secondary market transactions often see discounts of 20-40% depending on liquidity preferences.26

Drivers of Valuation: AI, Regulatory Compliance, and Platformization

The AI Multiplier: Agentic Identity

AI is the single biggest catalyst for IAM valuation expansion in Q1 2026. “Agentic AI”—autonomous agents acting on behalf of users—has created a massive new identity class requiring governance. The number of machine identities is growing exponentially, far outpacing human identities. Managing the lifecycle, access, and governance of these entities is a greenfield opportunity. Companies with purpose-built solutions for “Identity Security for AI” (like Saviynt’s recent platform extensions) are seeing valuation premiums because they address a top CISO concern: losing control of autonomous agents. Investors pay a premium for “future-proofing” against AI risk.15 Crucially, investors distinguish between companies securing AI workloads (high premium, new TAM) and those simply using GenAI for efficiency (table stakes). The former drives revenue growth; the latter just drives margin.4

The Regulatory Floor: DORA, NIS2, and SEC

Regulation has shifted from a compliance burden to a revenue driver—and a valuation floor—for IAM vendors. DORA (Digital Operational Resilience Act), fully enforceable as of January 2025 with supervisory reviews starting Jan 2026, mandates strict operational resilience for the EU financial sector. It forces institutions to demonstrate control over ICT risks, including identity. This compels heavy investment in identity continuity and resilience, reducing churn for vendors like Semperis and Strata Identity.4748 The NIS2 Directive expands cybersecurity requirements across critical infrastructure in Europe, driving demand for PAM and IGA in sectors like manufacturing and energy, broadening the TAM beyond traditional verticals.49 In the US, SEC rules regarding material cyber incidents and risk management are forcing boards to scrutinize identity posture, driving top-down budget authorization for IAM modernization.50

Platformization and Vendor Consolidation

“Platformization” is the dominant procurement trend. CISOs are actively consolidating vendors to reduce complexity and cost. Companies that offer a “suite” (Microsoft Entra, Palo Alto, CrowdStrike) capture more wallet share and have higher Lifetime Value (LTV). Point solutions face “feature risk”—being viewed as a feature of a larger platform rather than a standalone product. This compresses multiples for single-product companies unless they are best-in-class with high switching costs.3951

Sub-Sector Valuation Analysis

Identity Governance & Administration (IGA)

This sector is in a high-growth modernization cycle. Valuations are trending high (8x-12x Revenue). The shift from legacy on-prem IGA (Oracle, SailPoint IIQ) to SaaS IGA remains a massive replacement cycle. Convergence with machine identity governance is revitalizing the sector and preventing commoditization. Key players: SailPoint, Saviynt, Omada.

Privileged Access Management (PAM)

PAM is strategic and consolidating. Valuations are premium (10x-15x Revenue). PAM holds the “keys to the kingdom.” The CyberArk acquisition proved the strategic value of this asset class. Expansion into “Cloud PAM” and “Just-in-Time” access for developers keeps demand high. The removal of CyberArk as an independent creates a “scarcity premium” for the remaining leaders. Key players: Delinea, BeyondTrust.

Customer IAM (CIAM)

CIAM is high growth with valuations around 10x-14x Revenue. Digital transformation continues to drive this. Fraud prevention, biometrics, and passwordless authentication are becoming inseparable from CIAM, increasing the value of platforms that can handle identity proofing plus authentication. The Thoma Bravo merger of Ping and ForgeRock creates a dominant private player here. Key players: Okta (Auth0), Ping Identity (ForgeRock), Transmit Security.

Decentralized Identity & Passwordless

This is emerging and hyper-growth. Valuations are speculative but high potential. The EU Digital Identity Wallet (EUDI) mandate in 2026 is a massive catalyst. The market is projected to grow at a staggering ~81% CAGR.52 The passwordless authentication market is growing at ~16-18% CAGR.53 While revenue bases are smaller, the growth rates justify high venture multiples. Key players: Microsoft (Entra Verified ID), Avast (Gen Digital), 1Password, specialized startups.

Regional Valuation Divergence

Geography plays a significant role in valuations for Q1 2026. North America commands the highest premiums (avg 4.8x – 10x revenue for SaaS) thanks to deep capital markets, mature cloud adoption, and the presence of major acquirers.2654 Europe trades at a discount (~3.9x revenue), but “sovereign cloud” requirements and regulations like DORA/NIS2 are creating pockets of premium value for European champions who can guarantee data residency. The UK market often trades closer to US multiples than continental Europe.26 Israel remains a powerhouse for deep-tech cyber innovation (Wiz, CyberArk, Armis, Cato). Valuations here are effectively pegged to US NASDAQ multiples because the exit pathways are predominantly US-based. The innovation premium for Israeli cyber startups remains intact despite geopolitical volatility.5556

Conclusions and Strategic Recommendations

For Founders and CEOs

In 2026, efficient growth is the only metric that matters. Optimize for the Rule of 40. If you can’t show a path to profitability combined with growth, your valuation ceiling is capped. Focus on unit economics and CAC payback. Position for the Platform Era: if you are a point solution, broaden your platform (organic or M&A) or position yourself as a critical “module” for a larger aggregator. The middle ground is disappearing. Finally, own the “Non-Human” narrative. The next billion identities are bots, APIs, and AI agents. Articulate your strategy for securing this explosion of NHIs to capture the “AI premium.”

For Investors

Look for “Second Derivatives” of AI. Beyond the hype of GenAI startups, invest in the infrastructure that secures AI. IAM companies governing AI access are the “pick-and-shovel” plays of this cycle with clearer paths to revenue. Value resilience. Regulatory drivers like DORA are creating “sticky” revenue for companies focused on operational resilience (e.g., Semperis). These assets offer defensive characteristics and a valuation floor. Look for arbitrage opportunities. The valuation gap between “AI-native” platforms (trading at 15x+) and “legacy” providers (trading at <5x) is extreme. Opportunities exist in acquiring legacy players with large install bases and modernizing their stacks—executing the Thoma Bravo playbook on a smaller scale.

Summary Outlook

Q1 2026 marks the start of a new epoch in IAM. The sector has graduated from IT administration to critical enterprise risk management. With over $100 billion in deal capital circulating and a renewed public market appetite, valuations are robust for those who can navigate the dual demands of innovation (AI) and discipline (profitability). The winners of 2026 will be the companies that successfully secure the identity fabric of the automated, agentic future.

Appendix: Valuation Methodology & Data Sources

This report leverages financial data, analyst consensus estimates, and transaction details from major investment banks (Goldman Sachs, Morgan Stanley, Houlihan Lokey), market research firms (Gartner, Forrester, IDC), and specialized financial databases (PitchBook, S&P Capital IQ, Momentum Cyber) as of January 2026.

Disclaimer: Valuation multiples and financial projections are estimates based on available public data and historical trends. Actual market conditions may vary.

Works cited

1. Major Bank Ratings | Morgan Stanley: Cybersecurity Still Offers …, accessed January 11, 2026, https://news.futunn.com/en/post/66175576/major-bank-ratings-morgan-stanley-cybersecurity-still-offers-potential-investment
2. Palo Alto’s $25 Bn Acquisition of CyberArk – M&A Watch, accessed January 11, 2026, https://mnawatch.com/financial-reports/palo-altos-25-bn-acquisition-of-cyberark
3. The Implications of the Wiz/Google Deal | Tomasz Tunguz, accessed January 11, 2026, https://tomtunguz.com/wiz-acquisition/
4. Cybersecurity Almanac – Momentum Cyber 2025 Year-End Report, accessed January 11, 2026, https://momentumcyber.com/wp-content/uploads/2026/01/Cybersecurity-Almanac-Momentum-Cyber-2025-Year-End-Report-1-1.pdf
5. CrowdStrike – Public Comps and Valuation Multiples, accessed January 11, 2026, https://multiples.vc/public-comps/crowdstrike-valuation-multiples
6. SailPoint – Public Comps and Valuation Multiples, accessed January 11, 2026, https://multiples.vc/public-comps/sailpoint-valuation-multiples
7. So There Won’t Be A Wiz IPO — What Does That Mean For Cyber …, accessed January 11, 2026, https://www.forrester.com/blogs/so-there-wont-be-a-wiz-ipo-what-does-that-mean-for-cyber-ipos-in-2025/
8. 2026 Outlooks – Goldman Sachs, accessed January 11, 2026, https://www.goldmansachs.com/insights/outlooks/2026-outlooks
9. Comerica Q4 2025 Investment Outlook, accessed January 11, 2026, https://www.comerica.com/insights/investment-insights/market-outlook/comerica-q4-2025-investment-outlook.html
10. Investment Outlook 2026: U.S. Stock Market to Guide Growth, accessed January 11, 2026, https://www.morganstanley.com/insights/articles/stock-market-investment-outlook-2026
11. Cybersecurity Market Report 2025-2026 – Cybercrime Magazine, accessed January 11, 2026, https://cybersecurityventures.com/wp-content/uploads/2023/11/CybersecuritySpending2031.pdf
12. On the Markets – Morgan Stanley Financial Advisors, accessed January 11, 2026, https://advisor.morganstanley.com/broadland-wealth-management/documents/field/b/br/broadland-wealth-management/October_2025_On_The_Markets_-_Waiting_for_the_Fall.pdf
13. Cybersecurity Market Update q4 2024 | PDF – Scribd, accessed January 11, 2026, https://www.scribd.com/document/850900895/cybersecurity-market-update-q4-2024
14. Investment Outlook for Public Markets in 2026, accessed January 11, 2026, https://am.gs.com/en-us/advisors/insights/article/investment-outlook/public-markets-2026
15. Saviynt Raises $700M to Establish Identity Security as the …, accessed January 11, 2026, https://saviynt.com/press-release/saviynt-raises-700m-in-kkr-led-round-to-establish-identity-security-as-the-foundation-for-the-ai-era
16. Cybersecurity Sector Update – ICON Corporate Finance, accessed January 11, 2026, https://www.iconcorpfin.com/wp-content/uploads/2025/09/ICON_Cybersecurity_Sector-Update_Aug-2025.pdf
17. Okta – Public Comps and Valuation Multiples, accessed January 11, 2026, https://multiples.vc/public-comps/okta-valuation-multiples
18. EV / Revenue For Okta Inc (OKTA) – Finbox, accessed January 11, 2026, https://finbox.com/NASDAQGS:OKTA/explorer/ev_to_revenue_ltm/
19. SentinelOne – Public Comps and Valuation Multiples, accessed January 11, 2026, https://multiples.vc/public-comps/sentinelone-valuation-multiples
20. SailPoint Announces Fiscal Third Quarter 2026 Results • Grew ARR …, accessed January 11, 2026, https://investor.sailpoint.com/static-files/1b19b17f-7ebb-42d1-a8f2-b9711dbcd0b2
21. SailPoint Q3 2026 slides: ARR surpasses $1 billion as SaaS growth …, accessed January 11, 2026, https://www.investing.com/news/company-news/sailpoint-q3-2026-slides-arr-surpasses-1-billion-as-saas-growth-accelerates-93CH-4398943
22. Okta announces third-quarter fiscal year 2026 financial results, accessed January 11, 2026, https://www.okta.com/de-de/newsroom/press-releases/okta-announces-third-quarter-fiscal-year-2026-financial-results/
23. What’s Up With SentinelOne? An Ultra-Deep Value Opportunity, accessed January 11, 2026, https://www.marketbeat.com/originals/whats-up-with-sentinelone-an-ultra-deep-value-opportunity/
24. The Rule of 40: Understanding a Key Metric for SaaS Success, accessed January 11, 2026, https://softwareequity.com/blog/rule-of-40/
25. Growth, Profitability, and the “Rule of 40” for Private SaaS Companies, accessed January 11, 2026, https://www.saas-capital.com/blog-posts/growth-profitability-and-the-rule-of-40-for-private-saas-companies/
26. Fintech M&A Valuation Multiples Report: Q4 2025 – Windsor Drake, accessed January 11, 2026, https://windsordrake.com/fintech-valuation-multiples/
27. Rule of 40 Lessons from the Top Performers in Software | BCG, accessed January 11, 2026, https://www.bcg.com/publications/2025/rule-of-40-lessons-from-top-performers-software
28. CrowdStrike Reports Fourth Quarter and Fiscal Year 2025 Financial …, accessed January 11, 2026, https://ir.crowdstrike.com/news-releases/news-release-details/crowdstrike-reports-fourth-quarter-and-fiscal-year-2025/
29. Record cybersecurity deal activity in 2025 sets aggressive tone for …, accessed January 11, 2026, https://siliconangle.com/2026/01/07/record-cybersecurity-deal-activity-2025-sets-aggressive-tone-2026-says-momentum-cyber/
30. Palo Alto Networks to acquire CyberArk in $25 billion deal …, accessed January 11, 2026, https://industrialcyber.co/news/palo-alto-networks-to-acquire-cyberark-in-25-billion-deal-expanding-into-identity-security/
31. Palo Alto Networks Enters The Identity Security Market With $25B …, accessed January 11, 2026, https://www.forrester.com/blogs/palo-alto-networks-enters-the-identity-security-market-with-25b-purchase-of-cyberark/
32. Investment analysis of Palo Alto Networks | Freedom24, accessed January 11, 2026, https://freedom24.com/ideas/details/18631
33. Can Wiz Help Google Win the Cloud? A Deep Dive into the $32B …, accessed January 11, 2026, https://blog.publiccomps.com/can-wiz-help-google-win-the-cloud-a-deep-dive-into-the-32b-acquisition/
34. Google Bets $32 Billion on Cybersecurity Start-up Wiz in Historic …, accessed January 11, 2026, https://www.sgfer.org/wp-content/uploads/2025/04/SGFER-Google_Wiz_-JeromeEstreicher_vF.pdf
35. W is for Wiz: Alphabet’s Audacious Acquisition | Strategy of Security, accessed January 11, 2026, https://strategyofsecurity.com/w-is-for-wiz-alphabets-audacious-acquisition
36. Thoma Bravo Completes Acquisition of ForgeRock, accessed January 11, 2026, https://www.thomabravo.com/press-releases/thoma-bravo-completes-acquisition-of-forgerock-combines-forgerock-into-ping-identity
37. Thoma Bravo Completes $2.3 Billion ForgeRock Acquisition, accessed January 11, 2026, https://www.channelfutures.com/mergers-acquisitions/thoma-bravo-completes-2-3-billion-forgerock-acquisition
38. Thoma Bravo Merges ForgeRock with Ping Identity – SecurityWeek, accessed January 11, 2026, https://www.securityweek.com/thoma-bravo-merges-forgerock-with-ping-identity/
39. Cybersecurity Valuation Report Q4 2025 – Windsor Drake, accessed January 11, 2026, https://windsordrake.com/cybersecurity-valuation-report/
40. SailPoint IPO Signals Bright Spot for Cybersecurity – SecurityWeek, accessed January 11, 2026, https://www.securityweek.com/sailpoint-ipo-signals-bright-spot-for-cybersecurity/
41. SailPoint’s IPO and the Future of Identity Security: A Market in …, accessed January 11, 2026, https://www.linx.security/blog/sailpoint-s-ipo-and-the-future-of-identity-security-a-market-in-transformation
42. Identity Security Firm Saviynt Raises $700 Million at $3 Billion …, accessed January 11, 2026, https://www.securityweek.com/identity-security-firm-saviynt-raises-700-million-at-3-billion-valuation/
43. Delinea Surpasses $400M in ARR and Expands Global Momentum, accessed January 11, 2026, https://delinea.com/news/delinea-surpasses-400m-in-arr-and-expands-global-momentum
44. Cyber unicorn Semperis surpasses $100 million ARR amid growing …, accessed January 11, 2026, https://www.calcalistech.com/ctechnews/article/rk9osco00je
45. Semperis Eyes IPO With $125 Million in Growth Financing, accessed January 11, 2026, https://www.securityweek.com/semperis-eyes-ipo-with-125-million-in-growth-financing/
46. 1Password holds $100 million secondary sale, inks deal to deepen …, accessed January 11, 2026, https://betakit.com/1password-holds-100-million-secondary-sale-inks-deal-to-deepen-ai-focus/
47. 2026 Identity & IAM compliance regulations and requirements, accessed January 11, 2026, https://www.strata.io/blog/governance-standards/guide-compliance-regulations-identity/
48. What to Expect: January 2026 DORA Review and Supervision, accessed January 11, 2026, https://www.quodorbis.com/what-to-expect-january-2026-dora-review-and-supervision/
49. Europe Cybersecurity Market Size, Share, Analysis, Trends, accessed January 11, 2026, https://www.mordorintelligence.com/industry-reports/europe-cybersecurity-market
50. Regulatory Developments 2026, a Cross-Jurisdictional Outlook, accessed January 11, 2026, https://a-teaminsight.com/blog/regulatory-developments-2026-a-cross-jurisdictional-outlook/?brand=rti
51. Cybersecurity platformers dominate 2025, but Morgan Stanley says …, accessed January 11, 2026, https://seekingalpha.com/news/4532925-cybersecurity-platformers-dominate-2025-but-morgan-stanley-says-others-have-opportunity-in
52. Decentralized Identity Market Size to Reach USD 103.3 Bn by 2034, accessed January 11, 2026, https://dimensionmarketresearch.com/report/decentralized-identity-market/
53. Passwordless Authentication Market Size, Share, and Growth Analysis, accessed January 11, 2026, https://www.skyquestt.com/report/passwordless-authentication-market
54. Passwordless Authentication Market Size, Share Report 2030, accessed January 11, 2026, https://www.grandviewresearch.com/industry-analysis/passwordless-authentication-market-report
55. Armis raises $435 million at $6.1 billion valuation ahead of planned …, accessed January 11, 2026, https://www.calcalistech.com/ctechnews/article/hytnfiu1be
56. Israeli cyber giant Armis raises $435M at $6.1B valuation, accessed January 11, 2026, https://www.jpost.com/consumerism/article-873351