Facebook Twitter Instagram Youtube
Contact Us
Facebook Twitter Instagram Youtube

Investment Trends and 2025 Predictions

Investment Trends and 2025 Predictions Investment Trends and 2025 Predictions

Hello, CyberBuilders 🖖

Happy New Year!

I am kicking off the year with an exciting new series that I hope will interest all Cyber Builders: “Cybersecurity by the Numbers.” Throughout January, we’ll explore the financial side of cybersecurity, covering funding rounds, mergers and acquisitions (M&A), and the key trends shaping the industry.

If you’re an entrepreneur or investor, this is a must-read. For CISOs and security practitioners, it’s an opportunity to understand the business landscape—what’s driving decisions, shaping markets, and influencing the companies you interact with. The next time you meet with an entrepreneur, you will know a little more about his thinking.

This series is part of a new monthly initiative, and I’ve shared the full agenda for January, February, and March on my LinkedIn account. I encourage you to check it out to see where we’re headed. Please have a look and repost it 🙂

This first post will focus on the latest venture capital rounds, recent M&A activity, and financial trends.

  • Global VC funding in cybersecurity remains strong, averaging $15B annually.

  • Early-stage funding dominates Europe but highlights challenges in scaling.

  • Expect more M&A in 2025, driven by AI, cash reserves, and pro-tech policies.

Recent reports, including data from PitchBook and CARTA, suggest a stabilizing investment landscape as of Q3 2024. While the industry experienced a funding peak over the last few years, current investment volumes across sectors—cybersecurity, software, and startups—have returned to levels reminiscent of 2018-2019.

intro1

Let’s discuss it from first principles. Venture capital funds operate within structured boundaries—their investment volumes are tied to the funds raised from limited partners (LPs) and the capacity of their teams to process deals. Most firms follow consistent rhythms: reviewing cases monthly, evaluating them through investment committees, and proceeding with select opportunities. Consequently, while the market may fluctuate, VC investment volumes naturally trend toward a steady baseline.

I note also that the amount of capital invested in my home country, France, decreased last year in 2024 (source here)

In 2024, French startups secured approximately €6.9 billion across 658 funding rounds, marking a 17% decline from the €8.3 billion raised in 2023. This downturn follows a significant 36% drop between 2022 and 2023, indicating a continued contraction in investment volumes.

This trend suggests a return to pre-pandemic investment levels, aligning with the global trends.

Some industry experts perceive this as a market correction, fostering a more sustainable investment environment. Others would say it’s a pity that the growth of EU-based companies is not rapid enough to justify large-scale Series B and C, which raises statistics.

Early-stage funding rounds, such as seed and Series A, remain strong. It is proof of entrepreneurial dynamism but highlights the difficulties of scaling for me.

To dive deeper, I highly recommend the presentation below from Forerunner, which dives into tons of details.

Full presentation – here

You can also have a look at the Carta report – here

Globally, venture capital funding in cybersecurity for 2024 remains strong.

from the Security Industry highlights the number of 16B$

Correction: 2024 Cybersecurity Investments hit $16.1 Billion!

On January 3rd I rushed to post our findings on cybersecurity investments for 2024. It turns out I missed a few, 34 to be exact. Mark Sasson, whose recruiting firm tracks investments, posted his end-of-year summary too. Thankfully, he also reports the details of those investments on the…

Read more

6 days ago · 12 likes · Richard Stiennon

Other reports, such as AGC Partners, publish a global total of $12B (here). The AGC report is highly valuable, as it covers fundraising, M&A, and strategic trends. I am glad to see they are very aligned in their analysis with the content of this newsletter. I recommend you ask for a download from AGC Partners.

It is usual for different analysts to have various reports on the numbers. Overall, we see a steady $15B investment in Cybersecurity each year.

I would also suggest not focusing too much on the headlines of some articles and instead looking at the general trends. To illustrate, if you look at this Crunchbase article, it might seem alarming: “Cybersecurity Funding Plummets 51% In Q3” (here)

The above table is interesting. For a few weeks, I have been trying to get the “Share of Cyber in the Total VC space.” I finally found a data company comparing the cybersecurity sector with the other VC rounds.

Here, we can see that cybersecurity investment would represent 3-4% of the overall investment.

On the other hand, if you combine Carta’s $80 billion total VC per year with Stiennon & AGC Partners’ (and others’) $15 billion per year invested in cybersecurity, 18.75% of all investments would be in cybersecurity, which looks pretty high.

I am a bit confused about these numbers. The discrepancy may come from varying methodologies, including differing definitions of “cybersecurity” or “investment”.. Maybe some venture debt operations are sometimes included in the statistics.

What’s your take on these figures? Do you think cybersecurity is underrepresented or overrepresented in VC funding? Comment below 👇 or share your thoughts on LinkedIn!

In Europe, cybersecurity investments have fluctuated significantly—with early-stage funding continuing its momentum.

Extract from ECSO report in October 2024 (here)

A 45% contraction in total investments between Q3 2023 and Q3 2024 highlights a challenging landscape.

More than half of all funding rounds this year are seed or pre-seed. Meanwhile, the average round size remains in the same ballpark of H1 2024, standing at 6.5M euros.

The UK still dominates unchallenged in both the number of funded companies and total investments for the year. On the continent, while France and Germany funded the same number of companies (13), the funding size difference is apparent. French companies received investments for 221M euros, compared to only 28.6M for German ones.

Mergers and acquisitions in the cybersecurity sector are on the rise. Year-to-date (YTD) 2024 data indicates a 13.6% increase in deal volume compared to the previous year.

The industry is consolidating as more significant players seek to acquire innovative startups to add to their “platform.” I will address the platform in February; please subscribe to receive these articles.

Some interesting deals are :

  • In October 2024, Sophos, with the support of Thoma Bravo, announced its acquisition of Secureworks from Dell Technologies for $859 million in cash. This move demonstrates two significant trends (see below). First, private equity (and Thoma Bravo in particular!) is making money with mature cybersecurity offerings. Second, the line between Service and Product offerings is becoming increasingly blurry.

  • In September 2024, Mastercard unveiled its plans to acquire Recorded Future, a dynamic threat intelligence company based in Massachusetts, for $2.65 billion. This deal shows that cybersecurity is no longer a niche activity, and having a “cybersecurity” aspect to any offering is key, even for a payment giant like Mastercard.

  • CrowdStrike expanded its reach by acquiring two Israeli cloud security startups into its family: Flow Security for $200 million in March 2024 and Adaptive Shield for $300 million in November 2024. It shows that Crowdstrike, alongside other pure players like Palo Alto or Wiz, is planning to be a multi-platform, multi-threat actor. They are not stopping at endpoint or cloud but are willing to address ALL of them.

These metrics and numbers make me think of several trends Cyber Builders must not overlook.

Despite strong demand for cybersecurity products, few companies feel confident enough to pursue public listings. Market uncertainties influence this cautious approach.

At some point, it is quite the opposite; Private Equity is growing.

Private equity (PE) firms have been instrumental in fostering significant M&A activity in the cybersecurity sector. Thoma Bravo’s $5.3 billion acquisition of Darktrace is a prime example, highlighting the strong PE-backed drive to consolidate cutting-edge cybersecurity technologies.

See the full post here

Managed Security Service Providers (MSSPs) are experiencing notable growth, but competition intensifies as software vendors increasingly deliver integrated services.

This merging of software solutions and managed services creates a formidable challenge for independent MSSPs. They now face direct competition from the vendors they depend on for network or endpoint security tools, which introduces additional complexities to their business models.

I think we will see more M&A activity in 2025. 3 major tailwinds will help

Artificial intelligence (AI) and machine learning (ML) technologies are becoming central to M&A decision-making. These advancements are seen as critical differentiators, driving both investment rounds and acquisition strategies.

Companies with strong AI-driven cybersecurity capabilities or adaptive cybersecurity solutions are at the forefront of M&A activity.

Large technology firms hold billions in cash reserves, providing ample liquidity to pursue strategic acquisitions.

As the economic environment stabilizes, these corporations are expected to aggressively expand their portfolios by acquiring niche players with advanced capabilities, particularly in cloud security, AI-driven automation, and maybe OT / critical infrastructure protection.

The current political environment in the U.S. is creating favorable conditions for technology companies.

I won’t delve into politics, but it seems clear that the technology sector has significantly influenced the Trump administration. This isn’t a new trend; politics and big business have always been interconnected. Previously, it was about oil or automobiles, but now it revolves around AI, cloud computing, and cryptocurrency.

This pro-business stance is expected to drive a new wave of acquisitions as companies feel confident navigating regulatory frameworks. The Trump administration plan also changes at the head of the FTC (Lina Khan) that will probably push more big M&A deals and stop anti-trust procedures (e.g., Google case, for example, even some US academics are advocating for more regulation – here).

Cybersecurity is a changing environment. Business models are evolving, and managed services are ramping up. There is also a dynamic M&A market and a sustained level of investment in cybersecurity companies.

Sadly, the European ecosystem lags behind the US in cybersecurity and other verticals. I have often stated in this newsletter that looking at late-stage VC rounds is not a root cause but a consequence. We need EU entrepreneurs who are willing to go abroad, work in multiple EU countries, and become global players with US and worldwide offices.

I will continue on the “Cybersecurity by the Numbers” series next week.

Laurent 💚

From Local Champions to Global Innovators: Shaping Europe's Cybersecurity Destiny Takes a Mindset Shift

From Local Champions to Global Innovators: Shaping Europe’s Cybersecurity Destiny Takes a Mindset Shift

byLogan C.
Published
Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more