July 2025 Cyber Funding & M&A Brief
Published by Pinpoint Search Group — the cybersecurity executive search firm that tracks every disclosed vendor funding round and acquisition in the sector.
At a glance
Get the full July 2025 dataset — every named company, round, investor, and segment.
What July told us
July 2025 delivered the second cybersecurity megadeal of the year: Palo Alto Networks' $25 billion acquisition of CyberArk. Coming four months after Google's $32B Wiz purchase, the deal removes the largest standalone privileged access platform from the public market and pulls identity security — the most-cited 'last line of defense' in the post-zero-trust era — inside the largest cybersecurity platform on earth. Together with the Wiz deal, the two transactions reframe 2025 as the year cybersecurity stopped being a venture-funded category and became a hyperscaler-and-platform asset class.
Private funding kept pace beneath the headline. $1.17B in disclosed capital cleared across 41 rounds, with the seed-and-Series-A share rising back to 68% — the venture market continues to build the next wave even as the previous wave exits. GRC led segment counts with 8 transactions — the strongest GRC month of the year so far and a clean fit with Vanta's $150M Series D+ being the month's largest pure-venture round. Vulnerability followed at 6, with Data, Threat Intel, Fraud, and Automation tied at 3 each.
Beyond the megadeal, six other acquisitions cleared, including Axonius' $180M acquisition of Cynerio in IoT — a quiet but structurally important consolidation of healthcare device security under a broader asset-management platform. The combined July M&A picture: a top-of-market consolidation transaction at $25B and a healthier-than-average mid-market consolidation cadence beneath it.
Stage and segment breakdown

| Stage | Count |
|---|---|
| Seed | 18 |
| Series A | 10 |
| Series B | 3 |
| Series C | 4 |
| Series D+ | 2 |
| Growth Funding | 4 |
| Acquisition | 7 |
| Top segments | Transactions |
|---|---|
| GRC | 8 |
| Vulnerability | 6 |
| Data | 3 |
| Threat Intel | 3 |
| Fraud | 3 |
| Automation | 3 |
Two deals worth your attention
Palo Alto Networks' $25B acquisition of CyberArk. Palo Alto Networks announced its acquisition of CyberArk for approximately $25 billion in cash and stock — the largest pure-cybersecurity acquisition ever, and the second cyber megadeal of 2025 (after Google/Wiz). CyberArk had been the standalone leader in privileged access management since its 2014 IPO, and the deal pulls identity-as-control-plane fully inside Palo Alto's portfolio alongside Prisma Cloud, Cortex, and the company's other suites. For investors and operators, the structural read is unambiguous: identity is the perimeter, and the perimeter is no longer a category that supports a standalone public-company platform.
Vanta Security — $150M Series D+ led by Wellington Management. Vanta closed a $150M Series D+ led by Wellington Management. This is Vanta's fourth appearance in this series since 2021 and pushes the company's total disclosed capital to roughly $390M across its four rounds. The round formalizes Vanta's position as the category leader in continuous-compliance automation and signals the GRC segment has reached platform-business scale.
Companies we've covered before
Vanta Security first appeared in May 2021 with a $50M Series A in GRC. Across four appearances since, the company has accumulated roughly $390M in disclosed capital — the deepest-funded vendor in the continuous-compliance category.
Cynerio first appeared in May 2021 with a $30M Series B in IoT security focused on connected medical devices. Four years later, the company exits to Axonius for $180M — a clean platform-consolidation arc inside healthcare IoT.
The other 46 transactions are in the data feed — including the 7 acquisitions whose values never hit the press. Get July's details and more →
Methodology
Every transaction in this brief was sourced from a primary public report and dedupe-checked against the master Pinpoint funding workbook, which now contains ~2,600 transactions back to May 2020. Funding totals reflect disclosed capital only; acquisition values are included where publicly available.
Each deal is classified against Pinpoint's normalized cybersecurity segment taxonomy — read directly off what the company says they protect and mapped to one of the canonical segments. The taxonomy has been maintained continuously since 2020 and currently covers roughly 55 segments. Identity, Data, Detection / Response, and Threat Intel have been tracked from the first month of the series; AppSec and GRC entered the following month; emergent categories (AI/LLM, Supply Chain, Quantum, Browser) are added when they first appear in vendor positioning. That normalization layer is what makes multi-year, cross-segment comparisons possible against an otherwise inconsistent vocabulary in the broader market.
About Pinpoint Search Group
Cybersecurity innovators work with Pinpoint Search Group to identify, attract, and land professionals that enable maturation, scale, and successful outcomes. As start-ups continue raising millions in funding and established vendors make acquisitions to round out their offerings, Pinpoint Search Group is keeping track.
Get the underlying data
The narrative above is the free version. The paid Pinpoint Cyber Funding Data feed gives you every named transaction, every disclosed investor, every segment classification — exportable, filterable, and updated as the deals close.
