Cybersecurity

Cybersecurity software is the protection layer across endpoints, networks, identity, cloud and applications - the largest and fastest-growing horizontal software category over the past five years. The category breaks into endpoint security (EDR/XDR), identity and access management (IAM and PAM), cloud security (CNAPP/CWPP), network security and SASE/SSE, SIEM and SOC platforms, application security, fraud prevention and email/anti-phishing. CrowdStrike, Palo Alto Networks, Fortinet and Microsoft Security define the platform tier; Wiz's acquisition by Google ($32B in 2025) and Splunk's acquisition by Cisco ($28B in 2024) anchor recent strategic consolidation.

It spans endpoint security and XDR, identity and access management, cloud security, network security and SASE/SSE, SIEM and security operations, application and developer security, vulnerability and exposure management, and data security and cyber resilience.

Revenue comes from per-endpoint and per-user SaaS subscriptions paid by enterprises, multi-product platform deals offering bundled pricing across security categories, hyperscaler-bundled security inside Microsoft and AWS commitments, MSSP and managed-service revenue, and a growing tier of usage-based pricing on data security and SIEM ingestion.

Cybersecurity is part of Software.

$215B

Global market size

144

Public companies

Y Combinator
Sequoia Capital
Accel
Lightspeed Venture Partners

Key VC investors

Check Point Software
Cisco
Palo Alto Networks
Integrity360

Key strategic buyers

Business model

How cybersecurity companies monetize?

Cybersecurity software companies monetize through per-endpoint SaaS, per-user identity subscriptions and platform bundles across endpoint, cloud and identity products.

Per-endpoint SaaS

Annual per-endpoint subscriptions for EDR/XDR. Standard for CrowdStrike, SentinelOne and Microsoft Defender.

Per-user / per-identity

Per-user or per-identity subscriptions for IAM, PAM and SaaS security. Used by Okta, CyberArk and SailPoint.

Platform bundles

Multi-product bundles offering meaningful discount versus per-product pricing. CrowdStrike Falcon Complete, Palo Alto Cortex and Microsoft Security E5 anchor the model.

Per-asset / per-scan

Per-asset or per-scan pricing on vulnerability and exposure management, CNAPP and TPRM. Tenable, Qualys and Rubrik use variants.

SIEM ingestion-based

Per-GB or per-event ingestion pricing on SIEM and log management. Splunk (Cisco), Elastic, Datadog and Microsoft Sentinel compete; this pricing has driven significant customer pushback in recent years.

MSSP and managed services

Managed security service revenue from monitoring, threat hunting and incident response. CrowdStrike Falcon Complete and Arctic Wolf lead the segment.

Cybersecurity valuations in May 2026

Public cybersecurity comps trade at 4.1x EV/Revenue. Median revenue multiple across cybersecurity M&A deals was 3.2x in the last 12 months. Median revenue multiple across cybersecurity VC rounds was 20x in the last 12 months.

4.1x

Median EV/Revenue as of May 2026 for public cybersecurity companies

4.4x

IBM

IBM is the highest valued public cybersecurity company based on EV/Revenue (excluding outliers)

3.2x

Median EV/Revenue across cybersecurity M&A deals in the last 12 months

20x

Median EV/Revenue across cybersecurity VC rounds in the last 12 months

Sector breakdown

Cybersecurity market segments

Cybersecurity software spans endpoint security and XDR, identity and access management, cloud security, network security and SASE, SIEM and security operations and data security.

Endpoint security & XDR

EDR, XDR, EPP and managed endpoint security. CrowdStrike leads modern endpoint; Microsoft Defender XDR bundled with E5; SentinelOne competes; Sophos, Cybereason, Bitdefender and Trend Micro serve adjacent segments.

Identity & access management (IAM/PAM)

Software managing user access, authentication and privileged access. Okta and Microsoft Entra anchor IAM; CyberArk, Delinea, BeyondTrust and One Identity (Quest) lead PAM; SailPoint serves identity governance.

Cloud security (CNAPP)

Cloud-native application protection platforms. Wiz (Google), Palo Alto Prisma Cloud, Microsoft Defender for Cloud and Lacework lead the category; Orca Security and Sysdig compete at the venture-backed tier.

Network security & SASE/SSE

Network firewalls and Secure Access Service Edge platforms. Palo Alto Networks, Fortinet, Check Point and Cisco lead the firewall tier; Zscaler, Netskope, Cato Networks and Versa lead modern SASE.

SIEM & security operations

Log management, SIEM, XDR and security analytics. Splunk (Cisco), Microsoft Sentinel, Datadog Cloud SIEM and Elastic Security lead; Devo and Sumo Logic compete in specific segments.

Application & developer security

Software securing applications and the development pipeline. Snyk, Wiz (DevOps), GitHub Advanced Security and Veracode lead; Semgrep, Checkmarx and Black Duck (Synopsys) compete.

Vulnerability & exposure management

Software finding, prioritising and remediating vulnerabilities. Tenable, Qualys and Rapid7 lead independent vendors; CrowdStrike Falcon Exposure Management and Wiz Vulnerability compete from broader platforms.

Data security & cyber resilience

Data security posture management (DSPM), DLP, data security platforms and backup/recovery for cyber resilience. Rubrik leads data security platforms (NYSE: RBRK); Cohesity, Commvault and Veeam serve cyber-resilient backup; Cyera and BigID lead DSPM.

Fractional CFO, financial modelling and deal advice for cybersecurity companies

See how Flow helps cybersecurity founders.

We speak founders' language and have great operational understanding of cybersecurity businesses.

Book an intro call - we'll look under the hood and recommend concrete next steps.

Explore pricing

Fractional CFO

For founders who want to improve their FP&A functions, build an investor-ready financial model, and prepare for the next VC round.

Capital raising

For bootstrapped and already-VC-backed entrepreneurs who are looking to raise late stage venture or growth capital.

M&A

For category-leading technology companies who are exploring exit alternatives with either financial or strategic acquirers.

Sector KPIs

Key cybersecurity KPIs to track

ARR, ACV, endpoints protected, net revenue retention, module attach, gross margin and customer count are the metrics investors and operators track in cybersecurity software.

KPIDefinition
ARRRecurring SaaS revenue. The dominant headline metric across cybersecurity.
ACVEnterprise platform deals (CrowdStrike Falcon Complete, Palo Alto Cortex) reach $500K-$10M+; SMB sits at $5K-$50K.
Endpoints / users protectedDevices, users or assets covered by the platform. The standard scale metric for endpoint and identity vendors.
Net revenue retentionExpansion via additional modules, asset growth and pricing actions. Healthy NRR at 115-130% for platform-led leaders.
Module attachAverage products per customer. Higher attach correlates with retention and is the principal value driver for CrowdStrike Falcon and Palo Alto Cortex.
Gross marginPure-software cybersecurity SaaS at 75-85%; SIEM and ingestion-heavy products lower (60-75%) due to data storage costs.
Customer countEnterprise logo count. Mix between Fortune 500, mid-market and SMB materially affects revenue quality.
Key players

Main cybersecurity players globally

The most active cybersecurity software companies and category leaders globally.

CompanyHQOverview
CrowdStrike
crowdstrike.com
Austin
Cloud-native endpoint security and XDR platform (NASDAQ: CRWD). The platform-led security story; the July 2024 global outage was a major operational event but did not materially reset the long-term growth trajectory.
Palo Alto Networks
paloaltonetworks.com
Santa Clara
Largest pure-play cybersecurity vendor (NASDAQ: PANW). Three-platform strategy: Strata (network), Prisma (cloud) and Cortex (security operations). Aggressive M&A continues.
Fortinet
fortinet.com
Sunnyvale
Firewall and network security leader (NASDAQ: FTNT). FortiASIC custom silicon and broad SASE positioning underpin the franchise.
SentinelOne
sentinelone.com
Mountain View
Cloud-native endpoint security and XDR (NYSE: S). The principal challenger to CrowdStrike in next-gen endpoint.
Okta
okta.com
San Francisco
Identity and access management leader (NASDAQ: OKTA). Workforce identity and customer identity (Auth0) anchor the franchise; struggled with 2022-23 breach disclosures.
CyberArk
cyberark.com
Petah Tikva
Privileged access management leader (NASDAQ: CYBR). Strong moat in enterprise PAM; identity security expansion.
Wiz
wiz.io
New York
Cloud-native application protection platform. Acquired by Google in March 2025 for $32B - the largest pure-cyber acquisition on record.
Zscaler
zscaler.com
San Jose
Cloud-native SASE/SSE platform (NASDAQ: ZS). Strong zero-trust positioning; mid-cycle in expanding from web security into broader SASE.
Splunk (Cisco)
splunk.com
San Francisco
Largest SIEM and log analytics platform. Acquired by Cisco in March 2024 for $28B; integrating into Cisco's security and observability portfolio.
Rubrik
rubrik.com
Palo Alto
Data security and cyber resilience (NYSE: RBRK). IPO'd in April 2024; positioned as data security platform leader.

CFO-as-a-service without the overhead

Fractional CFO services priced for startups - senior operator, no permanent headcount.

Market trends

Key cybersecurity market trends

Platform consolidation, identity at the centre and AI in security operations are reshaping cybersecurity software right now.

Platform consolidation

CrowdStrike, Palo Alto Networks and SentinelOne consolidating capabilities across endpoint, cloud, identity and SIEM into platform bundles. Standalone-product vendors increasingly challenged in tier-1 deals.

Identity at the centre

Okta, CyberArk and Microsoft Entra anchored identity as the new security perimeter. Identity-driven breaches (SolarWinds, Okta and Microsoft mid-2024) have driven structural identity-security spend.

SASE/SSE convergence

Cato Networks, Netskope, Zscaler and Palo Alto Prisma competing for the SASE/SSE category. The combination of SD-WAN, ZTNA, CASB, SWG and FWaaS is the principal network-security architecture shift.

CNAPP and cloud-native security

Wiz (Google), Orca Security and Sysdig leading CNAPP; Palo Alto Prisma Cloud and Microsoft Defender for Cloud bundling. The category has consolidated rapidly through M&A and platform bundling.

CrowdStrike outage and consolidation reckoning

The 19 July 2024 global outage (affecting roughly 8.5M Windows devices) renewed scrutiny on platform concentration and update governance. Did not materially reset CrowdStrike's competitive position long-term but accelerated diligence on vendor concentration risk.

AI in security operations

LLM-powered SOC copilots, autonomous detection and response and AI-driven threat hunting. CrowdStrike Charlotte AI, Palo Alto Cortex XSIAM and Microsoft Security Copilot lead; standalone challengers (Dropzone AI and Prophet Security) attacking the agent productivity layer.

Similar verticals to cybersecurity

Explore niches like automotive software, education software, energy & utilities software and financial services software.

Explore other sectors
Automotive software
Education software
Energy & utilities software
Financial services software
Healthcare software
Industrial software
POS & retail management software
Professional services software
Public sector & non-profit software
Real estate software
Transportation & logistics software
Travel & hospitality software

Explore other sectors

We know tech inside & out.

We live and breath tech - true understanding of how startups operate is fundamental at what we do.

Software

Software

Vertical and horizontal SaaS, AI-native software products, infrastructure SaaS, cybersecurity

AI & ML

AI & ML

Foundation models, AI applications, AI infrastructure, semiconductors, AI consulting

Fintech

Fintech

Neobanking, online payments, fintech infrastructure, lending platforms, wealth tech, online brokerage, vertical FS software

Consumer internet

Consumer internet

Consumer software subscription platforms, edutech, online content, social networks, online dating

Digital media

Digital media

Streaming platforms, mobile and console gaming, content distribution, digital publishing, VR & AR

E-commerce & marketplaces

E-commerce & marketplaces

Consumer and B2B marketplaces, inventory-based e-commerce, classifieds, lead generation platforms

Consumer products

Consumer products

Direct-to-consumer (D2C) brands, consumer electronics, smart home devices, lifestyle products

Mobility

Mobility

Ridesharing, micromobility, food delivery, logistics tech, autonomous tech, EV charging infrastructure

Digital health

Digital health

Digital therapeutics, telemedicine, mental health solutions, EHR and practice management, vertical healthcare SaaS

Industrial technology

Industrial technology

Industry 4.0 solutions, 3D printing, climate tech, industrial IoT, robotics, smart manufacturing

Digital infrastructure

Digital infrastructure

Data centers, cloud infrastructure, edge computing, network security, vertical infrastructure SaaS

IT services

IT services

Software development and testing, digital transformation, cloud services, advertising agencies, IT support services

SoftwareAI & MLFintechConsumer internetDigital mediaE-commerce & marketplacesConsumer productsMobilityDigital healthIndustrial technologyDigital infrastructureIT services

Recent insights across cybersecurity and beyond

The Magnificent Seven - The VC Frontier & The New AI Wild West

The Magnificent Seven - The VC Frontier & The New AI Wild West

How Google, Apple, Tesla, Meta, Microsoft, Amazon and Nvidia are shaping the AI frontier, their $14T combined value, and their role in venture capital. Co-produced with Dealroom.

Reports29 May 2024
Latin America - A Startup and Venture Frontier - 2024 Report

Latin America - A Startup and Venture Frontier - 2024 Report

Co-produced with Dealroom, our launch report on Latin America's $526B tech ecosystem - $3.9B in 2023 VC, leading investors, founder voices, and the rising cities to watch.

Reports15 March 2024
Awto team

Spotlight on Awto - LatAm's Leading Vehicle Sharing Platform

Interview with Francisco Loehnert, co-founder and CEO of Awto, discussing the growth and future of Latin America's leading vehicle sharing platform.

Insights06 February 2024
Vexi team

Spotlight on Vexi - Building the Capital One of Latin America

Interview with Gabriela Estrada, co-founder and CEO of Vexi, a neobanking platform providing first-time credit cards to the rising middle income population in Mexico.

Insights16 January 2024
Venture Wrapped 2023 - Global Tech & VC in 13 Charts

Venture Wrapped 2023 - Global Tech & VC in 13 Charts

Co-produced with Dealroom - a 13-chart wrap-up of the definitive totals and trends that shaped private and public tech markets in 2023.

Reports31 December 2023
Flow Partners x Dealroom - Global Tech Update - Q3 2023

Flow Partners x Dealroom - Global Tech Update - Q3 2023

Co-produced with Dealroom - the data and trends driving the global startup, tech and venture ecosystem through Q3 2023.

Reports09 November 2023
Flow Partners x Dealroom - European Tech Update - Q3 2023

Flow Partners x Dealroom - European Tech Update - Q3 2023

Co-produced with Dealroom - the latest update on European tech, covering private VC markets, public company performance, and geo trends through Q3 2023.

Reports26 October 2023
Cybersecurity Sector Update - M&A, Capital Raising, Public Markets - October 2023

Cybersecurity Sector Update - M&A, Capital Raising, Public Markets - October 2023

The latest trends and activity within cybersecurity M&A, capital raising, and public markets as of end September 2023.

Reports02 October 2023
The intuition and psychology that drives market valuations

The Intuition and Psychology That Drives Market Valuations

How investor sentiment, growth expectations and industry-specific factors push valuation multiples up or down - and how a simple regression connects growth to EV/EBITDA in practice.

Insights09 June 2023
SaaS Valuation 101

SaaS Valuation 101 - How to (Accurately) Value a Software Business

A primer on SaaS valuation: the metrics that drive multiples, the valuation methods that fit different stages, and how to land on the right number.

Insights26 May 2023
ARPPU - Revealing the real revenue potential of your users

ARPPU - Revealing the Real Revenue Potential of Your Users

What ARPPU is, how it differs from ARPU and LTV, how to calculate it, and how to grow it without alienating users.

Insights19 May 2023
A closer look at key valuation methodologies

A Closer Look at Key Valuation Methodologies

Absolute vs. relative valuation, why enterprise value beats equity value when comparing multiples, and a worked example of valuing a fast-growing marketplace.

Insights26 April 2023
Understanding the art & science of digital company valuation

Understanding the Art & Science of (Digital) Company Valuation

Why valuing tech companies is part discipline and part judgement - the two main valuation models, why digital adds complexity, and where valuation matters across the company lifecycle.

Insights19 April 2023
Seoul - An Asian Tiger Startup City

Seoul - An Asian Tiger Startup City

Co-produced with Dealroom and Seoul Startup Hub - South Korea is the fastest-growing Asian Tiger nation for VC investment, and Seoul has created 15 unicorns, yet 80% of investment still comes from within Asia.

Reports01 July 2021
Deliveroo - An Incredible Ride to IPO

Deliveroo - An Incredible Ride to IPO

Co-produced with Dealroom - Deliveroo's 9-year ride to (potential) decacorn status, analysed alongside the wider food delivery market ahead of a reported $10B IPO.

Reports10 March 2021
The State of Creator Economy 2021 - Key Trends, VC Activity, Market Mapping

The State of Creator Economy 2021 - Key Trends, VC Activity, Market Mapping

A deep dive into the creator economy ecosystem - VC funding statistics, key category segments, and the market drivers expected to fuel growth in 2021 and beyond.

Reports24 February 2021
Climate Tech in 2021 and Beyond - VC Stats, SPAC Performance, Ecosystem Overview

Climate Tech in 2021 and Beyond - VC Stats, SPAC Performance, Ecosystem Overview

A deep dive into the climate tech ecosystem - venture funding statistics, SPAC performance, key players, and the sector trends shaping 2021 and beyond.

Reports26 January 2021
Consumer social is back

Consumer Social Is Back (?!)

How COVID reshaped consumer tech: creator economy, social fragmentation, video commerce, audio social, streaming vs. cinema, and hybrid work - six shifts that built the 2021 playbook.

Insights31 December 2020

Talk to us

Schedule a call to get a health check on your business and see how we could help.

Download PDF deck

Fractional CFO

Stages

Countries

Cities

Sectors

© 2026 Flow Partners (London) Ltd. All rights reserved. Registered as a limited liability company in England and Wales (registered number 12969521).