Who leads cybersecurity investments?
This blog post has been written by the person who has mapped the cybersecurity investment market in a clean and beautiful presentation
Cybersecurity investment remains remarkably resilient despite broader economic uncertainty.
The sector attracted $9.5 billion in venture capital during 2024, with over $5.4 billion already deployed in the first half of 2025. Data security and identity management are capturing the largest funding shares, while specialized cyber-only VCs like Ten Eleven Ventures and SYN Ventures are challenging traditional generalist firms.
And if you need to understand this market in 30 minutes with the latest information, you can download our quick market pitch.
Summary
Despite macroeconomic pressures, cybersecurity investment continues growing at double-digit rates, with the US and Western Europe commanding over 70% of global spending. The market shows clear concentration among top-tier VCs, with data security emerging as the dominant funding category.
| Investment Metric | 2024 Performance | 2025 YTD | Key Drivers |
|---|---|---|---|
| Total VC Funding | $9.5 billion (9% increase) | $5.4 billion (13% increase) | Cloud migration, AI security needs |
| Top Funding Category | Data Security ($2.94B) | DSPM/DLP dominance | Privacy regulations, data breaches |
| Leading VC Firm | Insight Partners (74 deals) | Continued dominance | Deep portfolio, follow-on capacity |
| Largest Single Round | Wiz ($1B Series F) | $12B valuation | Cloud security market leadership |
| Geographic Distribution | US/Europe: 70%+ | Maintained leadership | Regulatory complexity, enterprise budgets |
| Stage Distribution | 60% early-stage by count | 50%+ late-stage by value | Scale-up capital concentration |
| Emerging Unicorns | 4 new billion+ valuations | Wiz, Cyera leading | Enterprise adoption acceleration |
Get a Clear, Visual
Overview of This Market
We've already structured this market in a clean, concise, and up-to-date presentation. If you don't have time to waste digging around, download it now.
DOWNLOAD THE DECKWho are the most active venture capital firms and corporate investors in cybersecurity today?
Insight Partners dominates cybersecurity investing with 74 deals since 2021, significantly outpacing competitors in both deal volume and follow-on support capabilities.
Traditional generalist VCs like Sequoia Capital, Andreessen Horowitz, and Accel maintain strong positions through early-stage investments in companies like Snyk, Abnormal Security, and CloudSEK. However, specialized cyber-only funds are gaining momentum by offering deeper domain expertise and faster decision-making.
Ten Eleven Ventures and SYN Ventures represent the new breed of cyber-focused VCs, backing companies like ThreatQuotient and Arctic Wolf with industry-specific knowledge that generalist firms struggle to match. Ballistic Ventures focuses exclusively on early-stage security startups, while Forgepoint Capital and NightDragon target growth-stage companies with proven product-market fit.
Corporate venture arms are becoming increasingly strategic rather than purely financial. Microsoft M12's investments in Wiz and Armis align with Azure's security roadmap, while Okta Ventures backs identity-focused startups like Transmit Security that complement their core platform. CrowdStrike's Falcon Fund targets automation and SOAR companies, creating an ecosystem around their endpoint detection capabilities.
The most successful investors combine deep technical understanding with extensive enterprise customer networks, enabling portfolio companies to achieve faster sales cycles and higher valuations at exit.
Which cybersecurity startups raised the most money in 2024 and 2025?
Wiz's $1 billion Series F round at a $12 billion valuation represents the largest cybersecurity funding round in recent history, highlighting investor appetite for cloud security platforms with massive enterprise adoption.
Cyera's $600 million Series C for data security posture management demonstrates how privacy regulations and data breach costs are driving demand for automated data discovery and classification tools. Their platform helps enterprises understand what sensitive data they have, where it's stored, and who has access to it.
Kiteworks secured $466 million for secure file-sharing and collaboration, addressing the growing need for zero-trust content protection as remote work becomes permanent. IONIX raised $42 million for attack surface management, helping organizations discover and secure internet-facing assets they didn't know existed.
Wondering who's shaping this fast-moving industry? Our slides map out the top players and challengers in seconds.
Series A and B rounds dominate deal count but represent less than half of total capital deployed. Growth-stage rounds capture disproportionate funding as investors chase companies with proven enterprise traction and predictable revenue growth. The average Series A cybersecurity valuation has increased 40% since 2023, reaching $60-80 million for companies with strong technical differentiation.
If you want fresh and clear data on this market, you can download our latest market pitch deck here
How much total capital was invested globally into cybersecurity?
Global cybersecurity venture capital reached $9.5 billion in 2024, representing a 9% year-over-year increase despite broader market contraction.
The first half of 2025 has already seen over $5.4 billion deployed across approximately 330 funding rounds, putting the year on track to exceed $11 billion in total investment. This 13% increase over the same 2024 period reflects continued enterprise urgency around security modernization and regulatory compliance.
Deal velocity has increased significantly, with average time between rounds decreasing from 18 months to 14 months for high-performing companies. Late-stage rounds now account for over 50% of total dollars invested, indicating investor confidence in cybersecurity business models and exit potential.
The median round size has grown across all stages: seed rounds average $8 million (up from $5 million in 2022), Series A rounds average $25 million (up from $18 million), and growth rounds exceed $100 million for companies with clear market leadership positions.
Which countries and regions are leading cybersecurity investments?
The United States and Western Europe together command over 70% of global cybersecurity investment, driven by sophisticated threat environments, stringent regulatory requirements, and large enterprise technology budgets.
| Region | Investment Share | Key Drivers | Notable Trends |
|---|---|---|---|
| United States | 45-50% of global spend | Enterprise budgets, regulatory mandates, cloud adoption | AI security focus, zero trust deployments |
| Western Europe | 20-25% of global spend | GDPR compliance, Brexit reshoring, industrial security | Data localization requirements driving growth |
| China | 8-12% of global spend | State-sponsored threat mitigation, rapid digitization | Government-led funding, domestic preference |
| United Kingdom | 5-8% of global spend | Financial services security, government initiatives | Post-Brexit cybersecurity sovereignty focus |
| Germany | 4-6% of global spend | Industrial control systems, automotive security | Manufacturing digitization driving OT security |
| Japan | 3-5% of global spend | OT/ICS modernization, critical infrastructure protection | Legacy system security upgrades accelerating |
| Middle East & Africa | 2-4% of global spend | Government cyber-defense spending, infrastructure protection | Highest year-over-year growth rates globally |
Which large tech and defense companies are backing cybersecurity startups?
Microsoft leads corporate cybersecurity investment through M12's strategic backing of companies like Wiz and Armis, directly supporting Azure's security ecosystem expansion.
Amazon's investment strategy focuses on cloud-native security tools that integrate with AWS services, while Google's ventures target AI-driven security platforms that leverage their machine learning capabilities. These investments create competitive moats by ensuring portfolio companies build on their respective cloud platforms.
Defense contractors like Lockheed Martin and Raytheon are increasingly investing in cybersecurity startups that address government and critical infrastructure needs. Their corporate venture arms provide startups with access to federal procurement opportunities and security clearance pathways that traditional VCs cannot offer.
Palo Alto Networks' venture arm targets companies that complement their network security platform, while CrowdStrike invests in endpoint security adjacent technologies. These strategic investments help build comprehensive security platforms that increase customer stickiness and reduce churn.
Need a clear, elegant overview of a market? Browse our structured slide decks for a quick, visual deep dive.
The Market Pitch
Without the Noise
We have prepared a clean, beautiful and structured summary of this market, ideal if you want to get smart fast, or present it clearly.
DOWNLOADWhat types of cybersecurity technologies are attracting the most investment today?
Data security emerged as the top-funded category in 2024 with $2.94 billion in investment, driven by privacy regulations and the exponential growth of unstructured data in cloud environments.
Data Security Posture Management (DSPM) and Data Loss Prevention (DLP) tools are capturing the largest share because enterprises struggle to understand what sensitive data they have, where it's stored, and who can access it. Companies like Cyera and Varonis are building platforms that automatically discover, classify, and monitor data across hybrid cloud environments.
Identity and Access Management received over $1.4 billion in funding as organizations adopt zero-trust architectures. The shift from perimeter-based security to identity-centric models is driving demand for solutions that verify every user and device attempting to access corporate resources.
AI-driven security platforms attracted $800 million, with investors betting on machine learning's ability to detect sophisticated threats that bypass traditional signature-based detection. Cloud security (CSPM/CWPP) and detection/response platforms each secured over $600 million as enterprises migrate critical workloads to public clouds.
Vulnerability management is experiencing renewed investment as attack surfaces expand with cloud adoption and remote work. Companies are moving beyond simple scanning to prioritize remediation based on actual business risk and threat intelligence.
If you want to build or invest on this market, you can download our latest market pitch deck here
What cutting-edge cybersecurity R&D is receiving funding?
Agentic AI security represents the newest frontier, with startups like Descope developing identity platforms that secure AI-driven workflows in no-code environments.
Homomorphic encryption and post-quantum cryptography are attracting significant research funding as organizations prepare for quantum computing threats. Companies like Duality Technologies are building secure multiparty computation platforms that allow data analysis without exposing sensitive information.
Zero trust architecture is evolving beyond network security to encompass identity fabrics and continuous authentication. Aembit's workload IAM platform enables micro-segmentation at the application level, treating every workload as untrusted by default.
AI adversarial robustness is emerging as a critical research area, with startups like ProtectAI developing defenses against model poisoning, evasion attacks, and prompt injection. These companies are building security controls specifically designed for machine learning pipelines and large language models.
Looking for the latest market trends? We break them down in sharp, digestible presentations you can skim or share.
What stage of funding dominates cybersecurity investments?
Early-stage rounds (seed and Series A) represent approximately 60% of total deal count but only 40% of capital deployed, indicating investor preference for scaling proven cybersecurity companies.
Growth and later-stage rounds (Series C+) capture over 50% of total investment dollars as investors chase companies with demonstrated enterprise traction and predictable revenue growth. The median cybersecurity company reaches $10 million ARR before attempting Series B, compared to $3 million ARR in other software categories.
Seed rounds have grown significantly in size, averaging $8 million compared to $5 million in 2022, as investors recognize the high capital requirements for building enterprise-grade security platforms. Series A rounds now average $25 million, with top-tier companies commanding $40-60 million based on technical differentiation and early customer traction.
Late-stage investors are particularly focused on companies approaching $50 million ARR with net revenue retention above 120%. These metrics indicate strong product-market fit and expansion potential within existing customer bases, critical factors for cybersecurity company valuations.
Who are the emerging unicorns in cybersecurity?
Wiz achieved a $12 billion valuation in just four years by dominating cloud security posture management with over 1,500 enterprise customers worldwide.
| Company | Valuation | Business Model | Key Traction Metrics |
|---|---|---|---|
| Wiz | $12 billion | SaaS subscription with consumption-based CSPM platform | 1,500+ enterprise customers, 300% net revenue retention |
| Cyera | $2 billion | Usage-based DSPM with per-data-source pricing | 200+ customers in regulated industries, 40% of Fortune 100 |
| Coro | $1 billion | Tiered XDR/MDR service through MSP channel | 300+ MSP partnerships, 100,000+ endpoints under management |
| BigID | $1.25 billion | Data discovery and privacy platform with modular pricing | Fortune 500 deployments, 250% average customer expansion |
| Snyk | $8.5 billion | Developer-first security with freemium model | 3 million+ developers, 50% of Fortune 100 customers |
| Lacework | $8.3 billion | Cloud security with workload-based consumption pricing | Cloud-native enterprises, 400% revenue growth rate |
| Armis | $4.2 billion | Asset visibility and IoT security platform | Enterprise IoT deployments, critical infrastructure focus |
We've Already Mapped This Market
From key figures to models and players, everything's already in one structured and beautiful deck, ready to download.
DOWNLOAD
If you need to-the-point data on this market, you can download our latest market pitch deck here
What terms and conditions are typical in recent cybersecurity funding rounds?
Cybersecurity startups typically give up 15-25% equity in early rounds and 5-10% in later stages, with valuations ranging from $20-100 million for Series A to over $300 million for growth rounds.
Liquidation preferences remain standard at 1× non-participating preferred, though competitive deals occasionally see 2× multiples or participating preferred structures. Anti-dilution protection is universal, with weighted average broad-based being the most common structure for established companies.
Board composition typically includes one founder seat, one to two investor seats, and one independent member for Series A companies. Protective provisions cover material decisions like budget approval, key hire vetoes, and IP licensing agreements.
Revenue-based covenants are becoming more common, with investors requiring minimum ARR growth rates (typically 100% year-over-year for early-stage companies) and gross margin thresholds above 70% for SaaS-based security platforms.
Option pools are generally sized at 15-20% for Series A companies, with refreshes occurring at each major funding round. Vesting schedules remain standard at four years with one-year cliffs, though high-demand technical talent occasionally negotiates accelerated vesting upon company sale.
What investment trends and innovations can be expected heading into 2026?
AI security will experience massive funding increases as enterprises deploy more AI systems and face new attack vectors like prompt injection and model poisoning.
Data resilience platforms will continue growing as organizations realize that preventing data breaches is less important than maintaining operations during and after attacks. This includes investments in data observability, backup encryption, and recovery automation tools.
Zero trust architecture will evolve beyond network security to encompass identity-centric networking and security-as-code implementations. Investors are particularly interested in companies that automate policy enforcement across hybrid cloud environments.
Supply chain security will see increased scrutiny and funding following high-profile attacks on software build pipelines. Software Bill of Materials (SBOM) management, firmware integrity verification, and CI/CD security tools will attract significant investment.
Planning your next move in this new space? Start with a clean visual breakdown of market size, models, and momentum.
Consolidation through M&A will accelerate as large technology companies acquire point solutions to build comprehensive security platforms. This trend will create more exit opportunities for investors while potentially reducing the number of independent cybersecurity vendors.
Which accelerators and government programs are shaping early-stage cybersecurity?
UK's CyberASAP has funded over 50 startups with proof-of-concept grants up to £50,000, focusing on commercially viable security innovations that address real enterprise problems.
- US CISA's Innovation Challenge provides pilot funding and direct procurement pathways for startups solving government cybersecurity challenges
- Cyber Runway, a partnership between Salford, M.E. Tech Fund, Lloyd's, and BEIS, offers specialized support for insurance-focused security startups
- Palo Alto Networks' Elevate X program provides technical integration support and go-to-market assistance for portfolio companies
- Cisco Investments' Security Innovation Fund focuses on early-stage companies building on Cisco's networking infrastructure
- AWS Security Lab collaborations offer cloud credits, technical support, and customer introductions for cloud-native security startups
These programs provide more than capital—they offer regulatory guidance, customer introductions, and technical expertise that pure financial investors cannot match. Government programs are particularly valuable for startups targeting public sector customers, as they provide security clearance pathways and procurement process navigation.
Conclusion
Cybersecurity investment remains remarkably resilient, with specialized funds and corporate venture arms increasingly challenging traditional VC dominance through deeper domain expertise and strategic value creation.
The shift toward data security, AI-driven platforms, and zero trust architectures represents fundamental changes in how enterprises approach cybersecurity, creating significant opportunities for entrepreneurs who understand these evolving needs and can build solutions that address real business problems rather than just technical challenges.
Sources
- Cybersecurity Dive: Investors narrow scope of cyber funding deals in 2024
- LinkedIn (Mark Jasson): Cybersecurity funding in May 2025
- IDC: Worldwide Security Spending to Increase by 12.2% in 2025
- DeepStrike: Top 6 Countries by Cybersecurity Spend in 2025
- LinkedIn (Cole Grolmus): Cybersecurity funding and valuations analysis
- BlackHatMEA: Major cybersecurity investments in 2024
- Altitude Cyber: 2024 cybersecurity year in review
- SecurityWeek: Over 400 cybersecurity M&A deals announced in 2024
- Descope: Rising in Cyber 2025 list
- eSecurity Planet: Top 20 Cybersecurity Companies You Need to Know in 2025
- PR Newswire: Aembit named to Rising in Cyber 2025 list
- LinkedIn (Mark Jasson): Cybersecurity vendors raised $2 billion
- CRN: The 10 Hottest Cybersecurity Startups Of 2025 (So Far)