What are the fundraising trends in the cybersecurity market?

In our cybersecurity market deck, you will find everything you need to understand the market

This chart, featured in our cybersecurity market deck, illustrates revenue distribution by customer segment in the cybersecurity market

Is more or less capital going into the cybersecurity market?

More capital is going into the cybersecurity market, but the answer needs two layers: the full-year comparison shows a broad increase from 2024 to 2025, while the fresher 2026 year-to-date comparison shows a sharper increase in dollars despite fewer deals. Full-year capital rose from about $4.49B in 2024 to about $5.44B in 2025, and year-to-date 2026 capital reached about $2.57B versus about $1.81B over the comparable early-2025 period.

The cleaner structural read is that the cybersecurity market recovered in capital terms in 2025 after 2024. The increase was not only caused by one company: even excluding the largest deal, 2025 still had about $4.74B of funding versus about $3.49B in 2024 excluding the largest 2024 deal.

The fresher 2026 signal is more aggressive but also more distorted. Only 28 deals produced about $2.57B, which means the market is raising more capital with far fewer rounds. That is not a broad liquidity boom; it is a selective repricing of a small number of high-conviction companies.

The strongest interpretation is that the cybersecurity market is attracting more dollars overall, but those dollars are becoming more selective. Investors are still willing to write very large checks, but they are concentrating those checks in companies that look like control-plane platforms, AI-native security infrastructure, scaled identity platforms, security operations leaders, or cloud security winners.

Is cybersecurity funding driven by more deals or larger rounds?

Cybersecurity funding is currently being driven much more by larger rounds than by more deals. The best evidence is the 2026 year-to-date comparison: the market has only 28 deals, down sharply from 65 deals over the comparable early-2025 period, yet total capital is higher at about $2.57B versus about $1.81B.

The round-size indicators are decisive. The average year-to-date 2026 round is about $91.6M, more than 3x the roughly $27.8M average over the comparable period in 2025. The median round is about $53.5M in 2026, compared with about $14M over the comparable early-2025 period.

The megaround count confirms the same point. So far in 2026, 14 of 28 deals, or 50% of all rounds, were above $50M. Rounds above $100M also jumped from about 6% of early-2025 deals to nearly 36% of early-2026 deals.

The full-year 2025 versus 2024 comparison tells a different background story. Full-year deal count increased from 116 deals in 2024 to 162 deals in 2025, while average round size fell from about $38.7M to about $33.6M. So 2025 was more deal-count-driven, while 2026 is overwhelmingly round-size-driven.

For deeper benchmarks on cybersecurity deal sizes, medians, and concentration, see the full cybersecurity market report.

Is cybersecurity capital moving toward later-stage or earlier-stage companies?

Cybersecurity capital is still mostly moving toward later-stage companies, but 2026 has an important twist: early-stage rounds are becoming much larger when they are tied to AI-native security, offensive automation, SOC automation, or new security control planes. Year-to-date 2026 Seed plus Series A rounds account for about 26% of capital, while Series B and later rounds account for about 74%.

The full-year comparison shows that 2025 became somewhat less late-stage-heavy than 2024. In 2024, Seed plus Series A captured about 17.5% of capital; in 2025, Seed plus Series A rose to about 28.5% of capital.

The 2026 year-to-date period looks superficially similar to 2025, but the composition is unusual. Seed rounds include Armadin at about $190M, Kai at $125M, Surf AI at $57M, and Fig Security at $38M. In AI-native cybersecurity, some company-formation rounds are being priced like growth rounds.

The strongest stage signal is Series B. In 2026 year-to-date, Series B represents about 36% of deals and about 32% of capital. That makes Series B the market’s center of gravity, where investors are repricing companies after early product-market validation but before fully mature late-stage profiles.

This chart, included in our cybersecurity market deck, compares the main business model options for XDR and MDR cybersecurity vendors

Is the cybersecurity market maturing or still experimental?

The cybersecurity market is maturing, but it still has a very active experimental layer. The clearest maturity signal is that most capital is going to later-stage or follow-on rounds, while the clearest experimentation signal is that new-company formation remains healthy.

Full-year 2025 had 162 deals, up from 116 in 2024, and first financings rose from about 28% of deals in 2024 to about 35% in 2025. So far in 2026, first financings remain about 36% of deals.

The maturity signal deserves more weight because capital allocation is much more mature than deal formation. In 2024, first financings represented about 28% of deals but only about 4% of capital. In 2025, they represented about 35% of deals but only about 11% of capital. So far in 2026, they represent about 36% of deals and about 23% of capital.

The stage mix also points to maturity. In 2026, Series B and later rounds capture about 74% of capital. That is not the profile of a purely speculative market; it is the profile of a market where buyers and investors are rewarding companies that have crossed a validation threshold.

The most defensible conclusion is that the cybersecurity market is maturing at the capital layer while remaining experimental at the company-formation layer. Serious dollars are going to validated platforms, but founders are still entering the market wherever buyer pain is acute.

Are new startups still entering the cybersecurity market?

Yes, new startups are still entering the cybersecurity market, and the signal is surprisingly resilient. First financings represented about 28% of all deals in full-year 2024, about 35% in full-year 2025, and about 36% so far in 2026.

The full-year 2025 comparison is the cleaner read because it uses a complete year. In 2025, first financings accounted for 56 of 162 deals, up from 32 of 116 deals in 2024. That means 2025 was not only a year of late-stage recycling; it brought more newly funded companies into the market.

The 2026 year-to-date signal is fresher but needs caution. Ten of 28 deals are first financings, and several are unusually large. Armadin, Kai, Surf AI, Fig Security, Artemis, and Cogent Security raised first financings that look more like high-conviction platform formation than conventional seed-stage experimentation.

Capital share also matters. First financings captured about 4% of capital in 2024, about 11% in 2025, and about 23% so far in 2026. That means new entrants are not only still being funded; some are being funded aggressively.

For the broader category view across cybersecurity startups, first financings, and new-company formation, see the cybersecurity market deck.

Are more investors entering the cybersecurity market?

The cybersecurity market does not show a simple surge in the number of disclosed investors, but it does show sustained investor breadth and a more concentrated set of high-conviction repeat backers. Full-year 2024 had about 121 unique disclosed investors, while full-year 2025 had about 117.

The more important signal is not raw investor count. The more important signal is who is repeating. In 2024, Evolution Equity Partners led the repeat-investor ranking with 6 deals. In 2025, SYN Ventures led with 7 deals. So far in 2026, Accel and Sequoia each appear in 6 deals, Cyberstarts appears in 4, and Insight appears in 3.

This suggests that investor attention is not randomly expanding. Instead, a core group of generalist and cybersecurity-specialist investors is increasing conviction around specific themes: AI SOC, cloud security, identity control planes, application security automation, and autonomous offensive security.

The strongest answer is that more investors are not obviously entering the cybersecurity market in a broad democratic way. Investor breadth remains healthy, but investor conviction is being expressed through fewer, larger, more thematic rounds.

This chart, included in our cybersecurity market deck, illustrates yearly funding for cybersecurity startups

Are top investors getting more or less active in cybersecurity?

Top investors are getting more active in the parts of the cybersecurity market that matter most for pricing and narrative formation. The strongest evidence is the 2026 year-to-date repeat-investor pattern: Accel and Sequoia each appear in 6 qualifying deals, Cyberstarts appears in 4, and Insight appears in 3.

The current-year signal is preliminary because 2026 has only 28 deals so far. But the concentration of elite investors inside those 28 deals is hard to ignore. Accel, Sequoia, Cyberstarts, Bessemer, Insight, Lightspeed, Index, Ten Eleven, Redpoint, and Ballistic are showing up in the exact areas receiving large rounds.

The full-year 2025 comparison adds nuance. Top-investor activity in 2025 was broad but not overwhelmingly concentrated. SYN Ventures had 7 deals, and a long tail of investors had 2 or 3. That pattern suggested a healthy market with distributed conviction.

The better interpretation is that top investors are not necessarily funding more cybersecurity companies overall, but they are becoming more visible and more influential in the most narrative-setting rounds. Their activity is concentrated enough to shape the market’s perception of which themes are real.

Which cybersecurity subcategories are gaining momentum?

Managed Security Services, Application Security, Identity Security, and selected Cloud Security platforms are gaining momentum, but each is gaining momentum in a different way. Managed Security Services leads 2026 year-to-date deal count with 10 of 28 deals and about $842M raised.

Managed Security Services has the clearest fresh momentum. In full-year 2025, it had 37 deals and about $1.08B, up from 23 deals and about $394M in 2024. The category is benefiting from AI SOC, MDR, security operations, detection-response, and workflow automation.

Application Security has the strongest breadth momentum. It moved from 30 deals and about $795M in 2024 to 67 deals and about $1.58B in 2025. So far in 2026, it has produced large autonomous offensive-security and software-supply-chain rounds.

Identity Security has the strongest sustained strategic importance. It captured about $882M in 2024, then nearly doubled to about $1.73B in 2025. In 2026, the category is follow-on-heavy, which suggests scale-up momentum rather than formation momentum.

Cloud Security is the most capital-dense gainer. It had only 5 deals in 2026 year-to-date but about $770M, or 30% of all capital. That means investors are not funding every cloud security startup; they are paying up for companies that look like scaled cloud security platforms or AI-era cloud control planes.

We cover this subcategory shift in more detail in the market report covering cybersecurity subcategories.

Which cybersecurity subcategories are losing momentum?

Endpoint Security is the category most clearly losing standalone venture momentum, while Cloud Security had a weak 2025 in the strict filtered classification but has already reaccelerated in 2026. So the truly weak current signal is Endpoint Security, not Cloud Security.

Endpoint Security declined from about $679M across 10 deals in 2024 to about $398M across 15 deals in 2025. That means deal count increased, but capital fell, and average round size dropped sharply. So far in 2026, Endpoint Security has no qualifying disclosed deals in the filtered set.

The Endpoint Security decline should not be read as endpoint becoming irrelevant. A better interpretation is that endpoint functionality is being absorbed into adjacent categories: browser security, cloud workload security, identity-based access, detection-response, XDR-like workflows, and managed security operations.

Cloud Security is trickier. It looked weak in 2025 under the strict category definition, but year-to-date 2026 already shows about $770M across 5 deals. That makes 2025 look more like a taxonomy and timing dip than a structural abandonment of cloud security.

The categories losing momentum are those that look like standalone point products rather than control planes, automation layers, or AI-era security infrastructure.

This chart, included in our cybersecurity market deck, breaks down CrowdStrike’s playbook in cybersecurity

Which regions are gaining momentum in cybersecurity funding?

North America is the region gaining the clearest momentum in the cybersecurity market, especially in the freshest 2026 year-to-date period. So far in 2026, North America accounts for about $2.39B of the $2.57B raised, or about 93% of capital, and 23 of 28 deals.

The regional comparison must be handled carefully because the 2025 source did not provide reliable row-level geography. The best available contrast is against full-year 2024, when North America had 56% of deals and 43% of capital, while the Middle East had 27% of deals and 48% of capital.

Europe has some activity, but not the same capital depth. So far in 2026, Europe has 4 deals and about $134M, or about 14% of deals and 5% of capital. That suggests Europe is visible in company formation and technical innovation, but it is not capturing U.S.-style megarounds at the same rate.

The strongest answer is that North America is gaining momentum in the current funding cycle. Europe remains present but undercapitalized relative to North America, while the Middle East was a major capital center in 2024 but is not showing the same broad year-to-date strength in 2026.

For ongoing regional tracking across cybersecurity funding markets, see the deeper analysis of the cybersecurity market.

Which regions are losing momentum in cybersecurity funding?

The Middle East is losing visible momentum in the cybersecurity market on the freshest available regional comparison, while Europe is not losing deal relevance but remains weaker in capital depth. In full-year 2024, the Middle East captured about 48% of all capital and 27% of all deals. So far in 2026, it accounts for only about 1% of capital and one qualifying deal.

This conclusion needs caution because the 2026 period is still short. A few large Israeli or Middle Eastern cybersecurity rounds later in the year could change the picture quickly. The 2024 Middle East share was also unusually high because several Israeli-linked cybersecurity companies raised very large follow-on rounds.

Europe is not clearly losing momentum by deal count. In 2026 year-to-date, Europe has 14% of deals, slightly higher than its 11% full-year 2024 deal share. But Europe has only 5% of 2026 capital, similar to its 6% full-year 2024 capital share.

Asia-Pacific, Latin America, and Africa are absent from the 2026 year-to-date filtered set. That should not be overinterpreted as no startup formation in those regions; it more likely reflects public-disclosure limits, smaller round sizes, local-market financing patterns, and the short current-year window.

Is cybersecurity becoming more global or regionally concentrated?

The cybersecurity market is becoming more regionally concentrated in the freshest available period, and the concentration is overwhelmingly in North America. So far in 2026, North America has about 93% of capital and 82% of deals.

The 2025 regional picture cannot be used as a clean bridge because the source did not provide reliable row-level geography. Without a trustworthy 2025 geography split, the safest interpretation is based on 2024 versus 2026, with an explicit warning that 2026 is incomplete and could be distorted by a few large rounds.

Even with that caveat, the 2026 regional concentration is too strong to ignore. North America has 23 of 28 deals and nearly all capital. Europe has 4 deals but only about $134M. The Middle East has only one deal. Asia-Pacific, Latin America, and Africa have no qualifying disclosed deals in the filtered set.

The reason the market looks more concentrated is not simply that North America has more companies. North America also has much larger rounds, with an average round of about $104M versus about $34M in Europe and $37M in the Middle East.

The strongest answer is that the cybersecurity market is not becoming more global in capital terms right now. It may remain global in talent, customers, threat exposure, and company formation, but disclosed venture capital is becoming more regionally concentrated around North American companies and North American-style megarounds.

This chart, included in our cybersecurity market deck, shows how ransomware pressure has driven growth in the cybersecurity market over time

Is cybersecurity capital moving toward proven winners or new opportunities?

Cybersecurity capital is moving toward both proven winners and new opportunities, but most dollars still favor proven winners. So far in 2026, follow-on rounds account for about 64% of deals and about 77% of capital, while first financings account for about 36% of deals and about 23% of capital.

The full-year trend confirms the same hierarchy. In 2024, first financings captured about 28% of deals but only about 4% of capital. In 2025, first financings captured about 35% of deals and about 11% of capital. That shows a genuine increase in capital going to new opportunities, but follow-ons still dominate dollars.

The 2026 shift is meaningful because first financings are now capturing a much larger share of dollars than in either 2024 or 2025. The reason is not that ordinary seed rounds became large across the board. The reason is that a few AI-native cybersecurity companies raised extremely large first financings.

Proven winners remain the main capital magnets. In 2026, large follow-on rounds include Cyera, Upwind, Torq, Claroty, TENEX.AI, Oasis Security, XBOW, Vega Security, and Aikido Security. These companies are being funded because investors believe they can become category leaders.

The practical takeaway is that cybersecurity capital still favors proof, but the definition of a new opportunity has changed. New opportunities can now receive winner-sized checks if they are credible responses to AI-driven attacks, AI SOC, cloud security, or non-human identity.

The full market view on cybersecurity winners and new opportunities provides more context on repeat raisers and first financings.

Is the cybersecurity market becoming winner-takes-most?

Yes, the cybersecurity market is becoming more winner-takes-most in capital allocation, especially in the 2026 year-to-date period. So far in 2026, the top 10 deals captured about 73% of all capital, the top 5 captured about 48%, and the top 3 captured about 35%.

The 2026 year-to-date comparison is the most relevant because winner-takes-most behavior is about current capital allocation. The market has fewer deals than early 2025 but more capital. That combination is a classic winner-takes-most signal.

Round-size distribution reinforces the conclusion. Half of all year-to-date 2026 deals are above $50M, and more than one-third are above $100M. The average round is about $91.6M, while the median is about $53.5M.

The full-year 2025 comparison adds nuance. In 2025, the market became less concentrated than 2024 by top-10 share, falling from about 49% to about 40%. But 2026 has reversed that broadening sharply.

The strongest answer is that the cybersecurity market is becoming winner-takes-most again after a broader 2025. The current market still funds new entrants, but the large checks are going to companies investors believe can dominate a control point.

Is the next wave of cybersecurity winners becoming visible?

Yes, the next wave of cybersecurity market winners is becoming visible, but the signal is concentrated in a few themes rather than spread evenly across the market. The strongest candidates are companies in AI-native security operations, autonomous offensive security, cloud security control planes, non-human identity, and identity governance.

The 2026 year-to-date period is especially useful for identifying emerging winners because capital is selective. Companies such as Cyera, Upwind, Torq, TENEX.AI, XBOW, Oasis Security, Vega Security, Claroty, and Aikido Security raised large follow-on rounds.

The new-winner signal is also visible in first financings. Armadin, Kai, Surf AI, Fig Security, Artemis, and Cogent Security show that investors are willing to treat certain new companies as immediate contenders. A normal first financing says “this might work.” A $50M-plus first financing says investors want the company to matter before the category settles.

The strongest category-level pattern is that winners are forming around control points. Cloud Security companies are being funded when they can sit across cloud risk, AI security, or workload protection. Managed Security Services companies are being funded when they can automate SOC workflows or deliver AI-native detection and response. Identity companies are being funded when they secure non-human identities, access governance, or impersonation risk.

The answer should still be cautious. A visible funding winner is not the same thing as a durable operating winner. The next wave is visible, but not fully proven.

As this chart shows, and as featured in our cybersecurity market deck, search interest in cybersecurity has been trending upward

Is the cybersecurity funding landscape fragmenting or consolidating?

The cybersecurity funding landscape is consolidating in capital terms while still fragmenting in company-formation terms. This is one of the most important tensions in the market. In 2025, deal count expanded from 116 to 162, first financings increased, and Application Security alone produced 67 deals. That looks fragmented.

The 2026 year-to-date comparison is the best evidence for consolidation. Deal count fell sharply versus the comparable period in 2025, but capital rose. Median round size jumped to about $53.5M, and half of all rounds exceeded $50M.

Both readings can be true because fragmentation and consolidation are happening at different layers. At the formation layer, founders continue to create new companies in AI SOC, AppSec automation, identity, non-human identity, offensive security, and cloud security. At the capital-allocation layer, investors are concentrating the largest dollars into fewer companies with stronger category-leadership narratives.

The strongest answer is that the cybersecurity market is fragmenting at the bottom and consolidating at the top. The early-stage market keeps producing new wedges, but later-stage and large-check investors are increasingly forcing a winner-selection process.

Where is investor attention shifting in cybersecurity?

Investor attention in the cybersecurity market is shifting toward AI-native security operations, cloud security, identity control planes, non-human identity, autonomous offensive security, and application-security automation. The shift is visible in 2026 year-to-date capital concentration: Managed Security Services has about $842M, Cloud Security has about $770M, Application Security has about $494M, and Identity Security has about $297M.

The most important shift is toward security operations and automation. Managed Security Services led 2026 year-to-date deal count and capital, but the investable theme is not generic services. The funded companies are tied to AI SOC, MDR, autonomous detection-response, security workflow automation, and operational complexity reduction.

Cloud Security has also returned as a major capital magnet. In 2026 year-to-date, Cloud Security has only 5 deals but about 30% of capital, giving it the highest capital-share-to-deal-share ratio. That means investors are funding companies that look like scaled cloud security platforms or AI-era cloud control planes.

Identity Security remains strategically important, but attention is shifting inside identity. The market is moving toward non-human identity, machine identity, agentic access governance, impersonation defense, and identity as a security control plane.

Application Security attention is shifting toward automation and offensive capability. The largest 2026 AppSec rounds include autonomous offensive security, AI attacker simulation, software-supply-chain security, and developer-security automation.

For real-time tracking of how investor attention is moving across AI SOC, cloud security, identity, AppSec, and offensive automation, see the cybersecurity market report.

Is cybersecurity funding activity driven by more global breadth or by a few category clusters?

Cybersecurity funding activity is driven more by a few category clusters than by broad global expansion. The 2026 year-to-date market is highly concentrated in North America and clustered around Managed Security Services, Cloud Security, Application Security, and Identity Security.

The category pattern matters more than the geography pattern for understanding investor behavior. Investors are not simply buying exposure to cybersecurity. They are funding companies tied to specific enterprise pain points: AI security operations, cloud risk, non-human identity, application and offensive security automation, and security workflow consolidation.

The 2025 full-year comparison shows that broad activity can coexist with clustering. Application Security, Managed Security Services, and Identity Security together accounted for 139 of 162 deals in 2025, or about 86% of all activity. Even in the broader year, funding was not evenly distributed across the six allowed categories.

The 2026 year-to-date market is even more clustered. Endpoint Security has no qualifying disclosed deals, Network Security has only 2, and most dollars are concentrated in the top categories. This confirms that investor attention is not spread evenly across the cybersecurity stack.

The honest interpretation is that cybersecurity is a large market, but this funding cycle is not broad-based. It is concentrated around a few urgent operating problems and a few geographies with the capital depth to finance large rounds.

All the funding deals in the cybersecurity market from 2024 to April 2026

The table below lists every disclosed cybersecurity funding deal in the supplied dataset between January 1, 2024 and April 25, 2026.

Each row shows the company, the fundraising date, what the company does, its category, the funding stage, the round size, the region, whether it was a first financing or a follow-on, and the tier-1 investor if any. For the broader investability view, see the supplied market report.

This chart, included in our cybersecurity market deck, shows how identity verification platform technology has evolved over time

Who is the author of this content?

NEW MARKET PITCH TEAM

We track new markets so founders and investors can move faster

We build living “market pitch” documents for emerging markets: from AI to synthetic biology and new proteins. Instead of digging through outdated PDFs, random blog posts, and hallucinated LLM answers, our clients get a clean, visual, always-updated view of what’s really happening. We map the key players, deals, regulations, metrics and signals that matter so you can decide faster whether a market is worth your time. Want to know more? Check out our about page.