Quarterly Report, Q4 2025: Cyber Security Vendor M&A and Funding News
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full Q4 2025 dataset — every named company, round, investor, segment, and acquisition.
Highlights and Analysis
In Q4 2025, our team tracked 125 transactions, including 112 funding rounds and 13 M&A events. Disclosed funding totaled $4.61B, more than 2.5x the $1.70B recorded in Q4 2024, while round count nearly doubled from 57 to 112. The quarter closed the year with full-year 2025 disclosed funding at $13.97B across 393 rounds, a 47% increase over 2024's $9.52B.
Late-stage capital was concentrated at the top of the market. Saviynt's $700M Series B led the distribution, followed by Armis ($435M), Cyera ($400M follow-on), Chainguard ($280M growth), CyberCube ($180M), Sublime Security ($150M Series C), 7AI ($130M Series A), Vega ($120M Series B), Exein ($117M Series D+), and Axiado ($100M Series C). Together, ten rounds cleared $100M — the broadest top-end distribution of any quarter in 2025.
The M&A column was unusually heavy in disclosed dollars despite a lower deal count. Thirteen acquisitions included six disclosed transactions totaling $16.3B, anchored by ServiceNow's $7.78B acquisition of Armis — the largest disclosed cyber M&A transaction of Q4 2025 and the largest IoT-security acquisition the workbook has tracked. Palo Alto Networks ($3.33B for Chronosphere), Francisco Partners ($2.20B take-private of Jamf), Veeam ($1.73B for Securiti), and ServiceNow ($1B for Veza) round out the disclosed top tier.

Funding Overview
The 112 funding rounds tracked in Q4 2025 highlight a market in which both early-stage formation and late-stage capital expanded meaningfully relative to recent quarters.
Ten rounds exceeded $100M, the broadest top-end distribution of the year: Saviynt ($700M), Armis ($435M), Cyera ($400M), Chainguard ($280M), CyberCube ($180M), Sublime Security ($150M), 7AI ($130M), Vega ($120M), Exein ($117M), and Axiado ($100M). Below that band, growth-stage activity remained healthy across Adaptive ($81M Series B), Guardio ($80M Series B), ConductorOne ($79M Series B), Feedzai ($75M growth), Sweet Security ($75M Series B), Tenzai ($75M Seed), and Doppel ($70M Series C). Seed and Series A counts (72 of 112 rounds, or 64%) remained at the upper end of the year's range.
What stands out in Q4 2025 is where that capital is clustering. A meaningful portion of investment is concentrating around:
- Data security and data governance, which led the segment mix with 16 transactions, anchored by Cyera's $400M follow-on and a steady tail of early-stage data-security and DSPM vendors
- Identity and identity governance, where Saviynt's $700M Series B — the quarter's largest single funding round — and ConductorOne's $79M Series B reinforce identity governance as a contested late-stage category
- IoT and operational technology, where Armis' $435M round, Exein's $117M Series D+, and Axiado's $100M Series C reflect growing buyer demand across device-security, firmware, and OT environments
- AppSec, supply chain, and AI-driven workflows, where Chainguard's $280M growth round, Tenzai's $75M Seed, and 7AI's $130M Series A signal continued enterprise demand across software supply chain and AI-native automation
This distribution reflects a market in which capital is moving toward platforms that bridge data, identity, and operational technology — categories where enterprise control surfaces and AI-driven automation are increasingly intersecting.

Market & Macro Signals
Several structural dynamics are visible in the Q4 2025 transaction record.
First, non-cyber strategic acquirers entered cyber at scale. ServiceNow's two acquisitions this quarter — Armis ($7.78B) and Veza ($1B) — place the workflow vendor squarely at the center of the cyber M&A column. The pattern signals that workflow, observability, and IT-operations platforms now view cyber capability ownership as core, not adjacent.
Second, disclosed M&A dollars hit the year's highest concentration. Six disclosed transactions totaled $16.3B — more than the entire $13.97B raised across all 393 funding rounds in 2025. Five of those six deals cleared $1B, the broadest cluster of $1B+ cyber acquisitions in any quarter of 2025.
Third, late-stage capital broadened across categories. Ten rounds exceeded $100M this quarter, the widest top-end distribution of the year. Identity, data, IoT, AppSec, ratings, and AI-driven automation each saw at least one $100M+ round, reflecting late-stage capital availability across a broader category set than earlier quarters.
Finally, PE take-private activity continued in the public-cyber cohort. Francisco Partners' $2.20B take-private of Jamf adds to the multi-quarter pattern of mature mid-cap cyber vendors returning to private ownership under PE sponsorship.

M&A Activity & Strategic Movement
Q4 2025 recorded 13 M&A transactions, weighted heavily toward large disclosed deals and platform-extending strategic acquisitions. The most notable transaction was ServiceNow's acquisition of Armis for approximately $7.78B, the largest disclosed cyber M&A transaction of Q4 2025 and the largest IoT-security acquisition the workbook has tracked.
Additional activity across the quarter reinforces this direction:
- ServiceNow completed a second major cyber acquisition with Veza ($1B), establishing identity governance alongside Armis' device-security capabilities and signaling a sustained strategic push into the cyber platform stack
- Palo Alto Networks acquired Chronosphere ($3.33B), extending platform reach into observability and data-pipeline infrastructure
- Francisco Partners completed the $2.20B take-private of Jamf, returning the device-management vendor to private ownership
- Veeam acquired Securiti ($1.73B), bridging backup and recovery into data security and governance
- Datamirn acquired ThreatConnect ($290M), consolidating threat-intelligence and detection/response capabilities
- LevelBlue, Vectra AI, Bugcrowd, Zscaler, Saepio, Safe Securities, and Red Hat each completed targeted acquisitions (Cybereason, Netography, Mayhem, SplxAI, Ruptura, Balbix, and Chatterbox Labs respectively) without disclosed pricing, signaling continued platform-building across XDR, AppSec, PenTesting, ratings, and AI-security
Across these transactions, the buyer-cohort distribution is unusually broad: a non-cyber strategic acquirer at the top with two billion-dollar deals, a major platform acquirer (Palo Alto Networks) extending into observability, a PE take-private at scale, and a backup/recovery acquirer entering data security. The combination signals that the cyber acquirer universe is widening, not narrowing.
Armis' $435M funding round in November and $7.78B acquisition by ServiceNow in December within the same quarter reflects a market in which late-stage capital and strategic absorption are now operating in close proximity at the top of the IoT and OT security category.

Looking Ahead
Q4 2025 closes the year with a market that has clearly moved beyond correction: full-year funding rose 47% over 2024, M&A dollar volume reached a multi-quarter high, and the cyber acquirer universe broadened to include non-cyber strategic buyers, PE sponsors, and adjacent-platform incumbents.
We expect the following dynamics to carry into 2026:
- Non-cyber strategic acquirers will continue testing cyber M&A as a platform-extension model, with workflow, observability, and IT-operations vendors likely to pursue further capability acquisitions across identity, data, and device security
- Late-stage capital will continue concentrating around vendors that bridge governance, data, and identity, as enterprise buyers consolidate spend on platforms that span multiple control layers
- PE take-private activity will persist for mature mid-cap cyber vendors, particularly those with clear cash-flow profiles and durable enterprise install bases
From a go-to-market perspective, 2025 closed with the bar for both funding and acquisition meaningfully higher than it stood twelve months earlier. Vendors entering 2026 will be measured against a market that has demonstrated both deeper acquirer demand and broader late-stage capital availability, but with continued selectivity on traction, platform fit, and operational discipline. The interplay between strategic-acquirer breadth, late-stage capital concentration, and PE-driven consolidation will continue to shape both funding outcomes and competitive positioning across the cybersecurity ecosystem in the year ahead.
The full Q4 2025 dataset — every named company, round, investor, segment, and acquisition — is in the data feed. Get the full Q4 2025 dataset →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
