Quarterly Report, Q2 2026: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q2 2026 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q2 2026, our team tracked 140 transactions, including 86 funding rounds and 54 M&A events. The defining feature of the quarter was the acquisition column: 54 acquisitions is the highest M&A deal count of any quarter the workbook has tracked, ahead of the prior high of 50 in Q1 2021. At the same time, disclosed funding eased to $2.79B, down from $4.62B in Q1 2026 and from $4.18B in Q2 2025.
The result is a quarter in which the ratio of consolidation to fresh capital inverted relative to recent history. Deal-making moved through balance sheets more than term sheets, with five transactions carrying disclosed prices totaling $797.9M. Where venture capital did flow, it flowed early. 61 of the 86 funding rounds were Seed or Series A, consistent with the company-formation pattern that has run through 2026, while the number of nine-figure rounds thinned to seven, down from eleven in Q1.
Strategic activity was anchored by Cisco's $400M acquisition of Astrix Security, the largest disclosed transaction of the quarter, alongside a broad wave of identity, data, and application-security consolidation. What stands out in Q2 2026 is not the size of the largest deal but the breadth of the buyers: the acquirer base widened well beyond pure-cyber strategics to include systems integrators, data platforms, and industrial engineering firms building cyber capability by acquisition.

Funding Overview
The 86 funding rounds tracked in Q2 2026 describe a market that remains active in volume but lighter in dollars than the two prior comparison quarters.
Capital concentration held at the top, but with fewer outsized rounds than Q1. Seven rounds cleared $100M — Cyera ($600M), Dream Security ($260M), Quantifind ($200M), Exaforce ($125M), Elliptic ($120M), Ent ($100M), and Twenty ($100M) — with Cyera's data-security round alone representing more than a fifth of the quarter's total disclosed capital. Below that tier, the market was broad and early: 61 of 86 rounds were Seed or Series A, and the median deal sat well under $30M.
The segments absorbing that capital cluster around a familiar set of enterprise-priority categories:
- Identity and access infrastructure, the quarter's busiest segment overall at 22 transactions, spanning both early funding and a heavy run of acquisitions as identity continues to function as the central control plane across environments
- AI/LLM security, with 13 transactions including Straiker's $64M Series A, as investors continue funding both AI-native defense and the security of AI pipelines
- Governance, risk, and compliance, at 11 transactions, as enterprises operationalize AI policy, audit, and vendor-risk programs
- Data, application security, and vulnerability management, which together accounted for 26 transactions, reflecting persistent buyer demand across the data layer and modern application environments

Market & Macro Signals
Several structural dynamics are visible in the Q2 2026 transaction record.
First, consolidation outpaced capital formation. The quarter logged 54 acquisitions against 86 funding rounds — the narrowest gap between the two in recent quarters — and the acquisition count set a workbook high. Fewer large rounds and a record volume of M&A point to a market channeling value through consolidation rather than new venture dollars.
Second, the acquirer base broadened materially beyond pure-cyber strategics. Systems integrator Accenture made three cyber acquisitions in the quarter (Dragos, runZero, NetRise); data platform Databricks made three (Antimatter, SiftD, Panther); aerospace-and-defense group Airbus made two (Ultra Cyber, Quarkslab); and automotive-engineering firm KPIT acquired Cymotive for $120M. The presence of integrators, data platforms, and industrial buyers acquiring cyber capability in the same quarter is the clearest structural signal in the data.
Third, identity was the most-acquired segment. Roughly ten of the 54 acquisitions targeted identity vendors — including Cisco/Astrix, 1Password/Apono, SailPoint/Entro, Rubrik/Strata Identity, Silverfort/Fabrix Security, and Quest/Anetac — reinforcing identity's position as the control layer platforms most want to own.
Finally, data-layer security is being absorbed into the platforms. Databricks' three acquisitions, together with Zscaler's purchase of Symmetry Systems and Spin.AI's of Revyz, continue a pattern in which data security is treated less as a standalone category and more as a capability the major data and cloud platforms intend to own outright.

M&A Activity & Strategic Movement
Q2 2026 recorded 54 M&A transactions, the highest quarterly deal count in the workbook, five of which carried disclosed prices totaling $797.9M.
The disclosed transactions were led by:
- Cisco's $400M acquisition of Astrix Security, extending Cisco's identity and non-human-identity capabilities and standing as the quarter's largest disclosed deal
- Akamai's $205M acquisition of LayerX, adding browser security to Akamai's edge and application-protection portfolio
- KPIT Technologies' $120M acquisition of Cymotive, an automotive-cybersecurity move from an industrial engineering buyer
- Torq's $70M acquisition of Jit in application security, and Cycurion's $2.9M acquisition of Secuvant in managed security services
The undisclosed column is where the quarter's structural story sits. Beyond the broadened acquirer base noted above, the activity clustered heavily in identity (1Password/Apono, SailPoint/Entro, Rubrik/Strata Identity, Silverfort/Fabrix, Quest/Anetac, Cisco/WideField, AppViewX/Eos, Incode/Identiq) and across application and supply-chain security (BoostSecurity's twin acquisitions of SecureIQx and Korbit.ai, Socket/Secure Annex, Airbus/Quarkslab). Strategic cyber platforms — Zscaler, Check Point, Silverfort, Rubrik, SailPoint — remained active alongside the new entrants, but the volume and breadth of buyers is what distinguishes Q2 2026 from prior consolidation waves.
Across these transactions, a consistent pattern emerges: acquirers are pursuing targeted capability expansion — identity, data security, application security, and AI-driven tooling — rather than broad roll-ups, and the set of companies doing the acquiring is wider than in any recent quarter.

Looking Ahead
Q2 2026 reframes the year's throughline from capital deployment toward consolidation. The combination of softer funding dollars, fewer megarounds, and a record volume of M&A suggests a market where value is increasingly realized through acquisition — and where the buyers are no longer confined to the incumbent security platforms.
We expect the following dynamics to continue through the back half of 2026:
- The acquirer base will keep widening. Systems integrators, data and cloud platforms, and industrial buyers entering cyber by acquisition is a structural shift, not a one-quarter anomaly, and it changes the exit landscape for venture-backed vendors
- Identity and data-layer consolidation will persist, as platforms move to own the control planes that early-stage vendors have been building
- Early-stage formation will remain the volume engine, with Seed and Series A rounds continuing to dominate deal count even as growth-stage dollars stay selective
From a go-to-market perspective, the implication is that operational clarity and a legible exit path now matter as much as technical differentiation. With a broader set of strategic and financial buyers active, vendors that can align product capability to a well-understood buyer landscape — particularly in identity, data, and application security — are best positioned to translate capital into an outcome. As the year progresses, the interplay between a widening acquirer base, selective growth capital, and sustained early-stage formation will continue to shape competitive positioning across the cybersecurity ecosystem.
The full Q2 2026 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q2 2026 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains roughly 2,700 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
