M&A advisory for cybersecurity companies
Cybersecurity M&A has been one of the most consistently active corners of enterprise software. Strategic consolidation at the major security platforms - the endpoint, identity, cloud security and SIEM majors - runs alongside a deep PE bench focused on security software. Deals price on net retention, module attach and multi-year renewal durability.
The most active strategic buyers are Palo Alto Networks, CrowdStrike, Microsoft, Cisco, Fortinet and the other security megaplatforms, alongside a deep PE bench focused on security software roll-ups. Flow has direct access to the security strategic acquirers and PE platforms that drive deal activity in this category.
Flow team has relevant sector experience and has worked with cybersecurity companies across endpoint and identity security, cloud and application security, network and infrastructure security, security operations and SIEM/SOAR, and managed detection and response.
"Cybersecurity" KPIs M&A buyers look at
Key metrics strategics and PE buyers look at when analayzing cybersecurity M&A targets
ARR
Net retention
Endpoints / identities / assets
Enterprise customer count
Module attach
Multi-year contract mix
Renewal rate
Pipeline coverage
Gross margin
CAC payback
Cybersecurity valuations in May 2026
Public cybersecurity comps trade at 4.1x EV/Revenue. Median revenue multiple across cybersecurity M&A deals was 3.2x in the last 12 months.
4.1x
Median EV/Revenue as of May 2026 for public cybersecurity companies
4.4x
IBM is the highest valued public cybersecurity company based on EV/Revenue (excluding outliers)
3.2x
Median EV/Revenue across cybersecurity M&A deals in the last 12 months
20x
Median EV/Revenue across cybersecurity VC rounds in the last 12 months
Key recent cybersecurity M&A deals
$25B acquisition of CyberArk Software by Palo Alto Networks was the largest cybersecurity M&A transaction completed in the last year.
See all cybersecurity M&A deals| Logo | HQ | Description | Buyer | ||||
|---|---|---|---|---|---|---|---|
Jul-25 | CyberArk Software |  | CyberArk is a provider of privileged access management solutions protecting enterprises worldwide. The company secures high-value assets like credentials, infrastructure, and applications against targeted cyber threats through its identity security platform. Serving over 8,000 organizations including 65% of Fortune 500 companies, CyberArk prevents attack escalation with tools for session monitoring, just-in-time access, and threat detection. Founded in 1999 with additional offices in Israel, the UK, France, Germany, the Netherlands, and Singapore, it operates in more than 65 countries and maintains a NASDAQ listing under CYBR. | Palo Alto Networks | $25B | 19x | |
Dec-25 | Armis |  | Armis is a Palo Alto-headquartered cybersecurity company offering an agentless platform that discovers, monitors, and protects all devices including IoT, OT, and unmanaged assets across IT environments. Using behavioral analysis and risk prioritization, it detects threats in healthcare, manufacturing, and retail sectors while integrating with SIEM and other security tools for compliance and automated remediation. Founded in 2015, Armis provides visibility into shadow IT and network-connected medical devices. | ServiceNow | $7.8B | 23x | |
Oct-25 | Jamf | | Jamf is a Minneapolis-headquartered software provider specializing in Apple device management and security solutions. Jamf Pro enables IT administrators to deploy, configure, and monitor Macs, iPads, iPhones, and Apple TVs in enterprise environments. Complementary products include Jamf Protect for endpoint threat detection, Jamf Connect for identity management with Okta and Azure AD integration, and Jamf Nation for community resources. The company supports organizations in business, education, and government sectors worldwide. | Francisco Partners | $2.2B | 3.2x | |
Jun-25 | Multiven |  | Multiven is a Los Gatos, California-based provider of third-party maintenance and cyber-defense for network and IoT hardware from Cisco, Juniper, and HP. It offers firmware integrity checks, vulnerability patching, and 24/7 support extending equipment life beyond vendor EOS. Serving enterprises in finance and telecom, Multiven avoids OEM lock-in. Established in 2015, the company audits millions of devices annually. | Photon AI | $2.2B | - | |
Oct-25 | Securiti | | Securiti is a data security platform offering the Data Command Center for governance, privacy, and compliance across hybrid multicloud setups. San Jose-headquartered since 2019, it unifies data intelligence with automated controls for GenAI usage in AWS, Azure, and Google Cloud. Global enterprises like Mastercard and Broadcom rely on Securiti for DSPM and DLP features. The company earned recognition as a Leader in Forrester's Privacy Management Wave and Gartner's Cool Vendor in Data Security, processing petabytes of data daily for over 300 customers. | Veeam Software | $1.7B | - | |
Apr-26 | IDEMIA | | IDEMIA is a Courbevoie-headquartered global provider of identity and security technologies. The company supplies governments with biometric passports, national ID cards, and voter registration systems deployed in countries including India and Brazil. It equips airports such as Paris Charles de Gaulle with facial recognition gates and delivers contactless payment cards to banks like BNP Paribas. IDEMIA manufactures secure SIM cards for telecom operators and digital signatures for enterprise workflows. Formed in 2017 through the merger of Oberthur Technologies and Morpho, it maintains production facilities in France, Portugal, and South Africa. | Amadeus | $1.4B | 1.7x | |
Dec-25 | Veza | | Veza is a data security platform that maps and governs access across multicloud environments. It scans authorization paths in AWS, Azure, Snowflake, and Salesforce to detect excessive permissions and policy drifts. Headquartered in San Francisco, the company serves Fortune 500 firms including Broadcom and Workday. Founded in 2020, Veza's Access Graph engine processes billions of permissions daily, enabling least-privilege enforcement through integrations with Okta and Ping Identity. | ServiceNow | $1.0B | - | |
Jul-25 | A | A-LIGN | | - | Hg | $1.0B | - |
Sep-25 | Nozomi Networks | | Nozomi Networks is a San Francisco and Milan-headquartered cybersecurity provider for operational technology and IoT environments. Founded in 2013, it deploys Guardian sensors for passive network monitoring, Arc agents for endpoint visibility, and Vantage for cloud data aggregation. The platform uses AI-driven Asset Intelligence and Threat Intelligence to detect anomalies in ICS protocols like Modbus and DNP3. Nozomi protects critical infrastructure for clients in energy, utilities, and manufacturing worldwide. | Mitsubishi Electric | $950M | 9.4x | |
May-25 | Red Canary | | Red Canary is a managed detection and response provider delivering cloud-native cybersecurity services. Denver-headquartered, its platform employs behavioral analytics to detect threats across endpoints, cloud workloads, and networks for enterprises worldwide. The company serves over 1,000 organizations, including partnerships with AWS and integrations for rapid incident response. | Zscaler | $675M | - | |
Aug-25 | CyberCX |  | - | Accenture | $650M | - | |
Sep-25 | MarkMonitor | | MarkMonitor is a brand protection service headquartered in San Francisco that monitors domains, social media, and e-commerce for counterfeits using automated crawlers. Established in 1997, it serves Fortune 500 clients like Nike and Pfizer with takedown notices processed in 24 hours across 200 registries. The firm operates enforcement teams in Boise and London. | Com Laude | $450M | 5.6x | |
May-26 | Astrix Security | | Astrix Security is a cybersecurity platform dedicated to securing non-human identities such as API keys, service accounts, and access tokens. The agentless solution provides visibility into all machine identities, automates remediation of excessive permissions, and mitigates supply chain risks. Serving enterprises globally, Astrix Security manages the full lifecycle of non-human identities to prevent data breaches. | Cisco | $400M | 16x | |
Feb-26 | Koi | | Koi is a cybersecurity firm delivering an endpoint security platform that controls software installations across devices, browsers, containers, and AI models. Headquartered in San Francisco, Koi enforces policies on extensions, packages, and applications for enterprises using macOS, Windows, Linux, and cloud environments. The platform prevents shadow IT and supply chain risks through automated governance and compliance reporting. | Palo Alto Networks | $400M | - | |
Sep-25 | Aim Security | | Aim Security is a Tel Aviv-headquartered platform securing generative AI deployments for enterprises. It scans AI models, prompts, and outputs to prevent data leaks, toxic content, and supply chain attacks, integrating with tools like ChatGPT and Vertex AI. Backed by $27 million in funding, the company protects Fortune 500 firms in finance and healthcare, blocking over 90 percent of AI-specific threats in real-time. Founded in 2022, Aim Security expanded to North America in 2023. | Cato Networks | $350M | - |
Most active buyers of cybersecurity companies
Check Point Software, Cisco and Palo Alto Networks are the most active acquirers of cybersecurity companies in the last three years.
See all cybersecurity acquirers| Logo | HQ | Description | Key acquisitions | ||
|---|---|---|---|---|---|
Check Point Software | | Check Point Software Technologies is a pure-play cybersecurity vendor. The company offers solutions for network, endpoint, cloud, and mobile security in addition to security management. Check Point, a software specialist, sells to enterprises, businesses, and consumers. Around 50% of revenue is generated in Europe, the Middle East, and Africa, 40% from the Americas, and 10% from the Asia-Pacific region. The firm, based in Tel Aviv, Israel, was founded in 1993 and has about 5,000 employees. | Cyclops SecurityRotateLakera+2 | 7 | |
Cisco | | Cisco Systems is the largest provider of networking equipment in the world and one of the largest software companies in the world. Its largest businesses are selling networking hardware and software (where it has leading market shares) and cybersecurity software such as firewalls. It also has collaboration products, like its Webex suite, and observability tools. It primarily outsources its manufacturing to third parties and has a large sales and marketing staff—25,000 strong across 90 countries. Overall, Cisco employs 80,000 people and sells its products globally. | Astrix SecuritySnapAttackRobust Intelligence+2 | 7 | |
Palo Alto Networks | | Palo Alto Networks is a platform-based cybersecurity vendor with product offerings covering network security, cloud security, and security operations. The California-based firm has more than 80,000 enterprise customers across the world, including more than three fourths of the Global 2000. | KoiCyberArk SoftwareProtect AI+2 | 6 | |
Integrity360 |  | Integrity360 is an IT security services provider headquartered in Dublin, Ireland. The company serves 300 enterprise clients across finance and pharma with managed detection via its 24/7 SOC in Dublin and London, penetration testing uncovering 5,000 vulnerabilities annually, and GRC consulting compliant with GDPR and PCI-DSS. | RedshiftHoliseumNclose+2 | 6 | |
Zscaler | | Zscaler is a software-as-a-service, or SaaS, firm focusing on providing cloud-native cybersecurity solutions to primarily enterprise customers. Zscaler’s offerings can be broadly partitioned into Zscaler Internet Access, which provides secure access to external applications, and Zscaler Private Access, which provides secure access to internal applications. The firm is headquartered in San Jose, California, and went public in 2018. | SquareXSplxAIRed Canary+2 | 5 | |
CrowdStrike | | CrowdStrike is a cloud-based cybersecurity company specializing in next-generation security verticals such as endpoint, cloud workload, identity, and security operations. CrowdStrike’s primary offering is its Falcon platform that offers a proverbial single pane of glass for an enterprise to detect and respond to security threats attacking its IT infrastructure. The Texas-based firm was founded in 2011 and went public in 2019. | Seraphic SecurityPangeaAdaptive Shield+2 | 5 | |
SentinelOne | | SentinelOne is a cloud-based cybersecurity company specializing in endpoint protection. SentinelOne’s primary offering is its Singularity platform that offers a single pane of glass for an enterprise to detect and respond to security threats attacking its IT infrastructure. The California-based firm was founded in 2013 and went public in 2021. | Observo AIPrompt SecurityPingSafe+1 | 4 | |
Arctic Wolf | | Arctic Wolf is a security operations platform delivering managed detection and response, managed risk, and managed cloud monitoring services. Its solutions integrate with AWS, Azure, and Google Cloud to provide 24/7 threat hunting and incident response. Headquartered in Eden Prairie, Minnesota, the company serves over 1,000 organizations across finance, healthcare, and manufacturing sectors. Launched in 2012, Arctic Wolf expanded through acquisitions like BlackBerry's Cylance and now operates globally with data centers in North America and Europe. | Sevco SecurityUpSight SecurityBlackBerry+1 | 4 | |
F5 | | F5 is a market leader in the application delivery controller market. The company sells products for security, application performance, and automation. Its three customer verticals are enterprises, service providers, and government entities. Revenue is evenly split between its services business and products business with revenue trending toward products due to software adoption. The Seattle-based firm was incorporated in 1996, and went public in 1999. | CalypsoAIFletchLeakSignal+1 | 4 | |
Fortinet | | Fortinet is a platform-based cybersecurity vendor with product offerings covering network security, cloud security, zero-trust access, and security operations. The firm derives a majority of its revenue through sales of its subscriptions and support-based business. The California-based firm has more than 800,000 customers across the world. | SuridataPerception PointNext DLP+1 | 4 |
Founders and investors we've worked with
We've supported winning builders across cybersecurity and beyond.
Resillion
We provided buy-side advice to a dominant TIC industry player on the carve-out and acquisition of Resillion (fka Eurofins Digital Testing), a Hasselt-based digital testing, cybersecurity and forensics provider.
See more
MAILINGWORK
We acted as exclusive sell-side advisor to MAILINGWORK, a Chemnitz-based email marketing software platform, on its sale to French digital marketing leader Positive Group.
See more
TestSolutions
We acted as exclusive financial advisor to Swiss PE firm Patrimonium on its majority stake acquisition of TestSolutions, a Frankfurt-based software testing and IT services provider.
See more
Digital Asset Management Software Provider
We provided buy-side advice to Byron Capital Partners on its acquisition of a leading European digital asset management (DAM) software platform.
See more
Boryszew
We provided buy-side advice to Boryszew, a Warsaw-listed diversified industrial group across automotive, metals and chemicals, on industrial software market mapping and target screening for its buy-and-build strategy.
See moreRecent M&A advisory track record
See our M&A advisory experience across cybersecurity and beyond.
Explore our M&A advisory offering for similar verticals
We're a specialized M&A advisor to software companies.
Our M&A experience spans across all software verticals.
Automotive software
Education software
Energy & utilities software
Financial services software
Healthcare software
Industrial software
POS & retail management software
Professional services software
Public sector & non-profit software
Real estate software
Transportation & logistics software
Travel & hospitality software
Explore other sectors
We know tech inside & out.
We provide M&A advisory services to companies operating across the entire tech.
AI & MLFintechConsumer internetDigital mediaE-commerce & marketplacesConsumer productsMobilityDigital healthIndustrial technologyDigital infrastructureIT services
More services
M&A is the ultimate goal, but we play a long game. We're your fractional CFO to help you build financial discipline, and advise you on raising growth capital.
Fractional CFO for cybersecurity companies
We integrate into your workflows to help with financial modelling, build out FP&A tech stack, and ultimately provide guidance towards an M&A or raising venture capital.
Learn moreVC fundraising for cybersecurity companies
We help you prepare materials, reach out to investors in our extensive network, negotiate fair term sheets and structure the VC round.
Learn moreTalk to us
Schedule a call to get a health check on your business and see how we could help.
Fractional CFO
- Fractional CFO for Software
- Fractional CFO for AI & ML
- Fractional CFO for Fintech
- Fractional CFO for Consumer internet
- Fractional CFO for Digital media
- Fractional CFO for E-commerce & marketplaces
- Fractional CFO for Consumer products
- Fractional CFO for Mobility
- Fractional CFO for Digital health
- Fractional CFO for Industrial technology
- Fractional CFO for Digital infrastructure
- Fractional CFO for IT services
Stages
Countries
- UK Fractional CFO
- Ireland Fractional CFO
- France Fractional CFO
- Germany Fractional CFO
- Spain Fractional CFO
- Portugal Fractional CFO
- Italy Fractional CFO
- Netherlands Fractional CFO
- Belgium Fractional CFO
- Switzerland Fractional CFO
- Austria Fractional CFO
- Denmark Fractional CFO
- Sweden Fractional CFO
- Norway Fractional CFO
- Finland Fractional CFO
- Poland Fractional CFO
- Estonia Fractional CFO
- US Fractional CFO
- Canada Fractional CFO
- Mexico Fractional CFO
- Brazil Fractional CFO
- UAE Fractional CFO
- Australia Fractional CFO
Cities
- London Fractional CFO
- Dublin Fractional CFO
- Paris Fractional CFO
- Berlin Fractional CFO
- Madrid Fractional CFO
- Lisbon Fractional CFO
- Milan Fractional CFO
- Amsterdam Fractional CFO
- Brussels Fractional CFO
- Zurich Fractional CFO
- Vienna Fractional CFO
- Copenhagen Fractional CFO
- Stockholm Fractional CFO
- Oslo Fractional CFO
- Helsinki Fractional CFO
- Warsaw Fractional CFO
- Tallinn Fractional CFO
- New York Fractional CFO
- Toronto Fractional CFO
- Mexico City Fractional CFO
- São Paulo Fractional CFO
- Dubai Fractional CFO
- Sydney Fractional CFO