Research report
· Cybersecurity · M&A Activity · Q1 2026
Cybersecurity M&A Activity: Q1 2026
- Sector
- Cybersecurity
- Focus
- M&A Activity
- Published
- January 15, 2026
Slide deck
Full deck. Desktop readers can page through the embedded viewer below. Mobile readers can open the direct PDF link.
Open slide deck PDF Download the deliverables
Other Windsor Drake research
- AI Infrastructure Valuations: Q2 2026 AI infrastructure valuations in Q2 2026 are defined by a sharp split: capital-light data, inference and retrieval software command 15-25x revenue on consumption-led growth, while capital-intensive neoclouds re-rate to 6-10x on forward revenue. A $725B hyperscaler capex supercycle, reopened IPOs such as Cerebras and CoreWeave, and IBM's $11B acquisition of Confluent underscore record demand and strategic consolidation across the AI compute and data substrate.
- Logistics & Supply Chain SaaS Valuations: Q2 2026 Windsor Drake's Q2 2026 read on logistics and supply chain SaaS valuations: a sector median NTM EV/Revenue of 6.8x, down from 7.7x in January, with high-growth names at 8.1x and low-growth peers compressed to 4.4x. Deep subsector dives across transportation management, visibility and orchestration, warehouse management, procurement, last-mile, and trade and customs, anchored by WiseTech's $2.1B e2open close and IFS' March 2026 acquisition of Softeon.
- Identity & Access Management Valuations: Q2 2026 Public IAM multiples have re-anchored near 6.0x NTM revenue in Q2 2026, with Palo Alto Networks' $25B acquisition of CyberArk (closed February 2026) and SailPoint's $12.8B February 2025 relisting framing the strategic and public benchmarks. Non-human and AI agent identity platforms now lead the sector at 15x to 30x revenue, while privileged access (14x to 18x), identity governance (9x to 14x) and workforce IAM (4x to 8x) reflect a sharp subsegment bifurcation. Gartner forecasts $24.3B of global IAM spend in 2026 at roughly 15% growth, and the report sets out how founders should position for a strategic-buyer-led identity consolidation cycle.
- Cross-border Payments & FX Valuations: Q2 2026 Windsor Drake's Q2 2026 deep-dive into cross-border payments and FX valuations finds a market rewired around software-shaped infrastructure and on-chain settlement, with a 6.5x EV/Revenue benchmark masking a wide split between stablecoin and B2B FX leaders at 10-15x and consumer remittance and legacy MTOs near 1-3x. Mastercard's $1.8B BVNK acquisition and Stripe's $159B tender frame the capability premium, while public comparables (Wise, Remitly) anchor a 2x revenue floor for non-software cross-border. The report sets out subsegment ranges, valuation drivers and a six-point founder playbook for the current cycle.
- Vertical SaaS Valuations: Q2 2026 Vertical SaaS held a defensive premium through the Q1 2026 software repricing, with a working median EV/Revenue near 5.8x against 4.1x for horizontal peers. Workflow depth, proprietary industry data and embedded-finance monetisation underwrite a 25 to 30% premium, and platforms with embedded payments trade 7.0x to 9.5x revenue. With $3.7T of global PE dry powder and vertical SaaS now 55% of all SaaS M&A, the backdrop favours prepared sellers across healthcare IT, construction, legal, restaurants and field services.
- Network Security & Firewall Software Valuations: Q2 2026 Network security and firewall software valuations in Q2 2026 turn on platform consolidation and an agentic AI access wave: Palo Alto's $25B CyberArk close and Google's $32B Wiz acquisition anchor the top of the table, while the broad public cohort settles near 11x EV/Revenue. Edge-cloud and SASE leaders trade at 14x to 28x revenue, mature NGFW incumbents anchor on roughly 14x EBITDA, and pure-play NDR vendors face XDR encroachment. Zscaler's reported Rule of 40 score of 78 sets the live cohort benchmark; the Rule of 50 has become the new top-decile bar.