Why Cybersecurity Is Where the Money and Attention Are Going in 2026
On Christmas Eve, ServiceNow’s confirmation of the acquisition of the cyber exposure management firm Armis for $7.75 billion showed the clearest signal of where enterprise tech spending is consolidating as 2026 begins.
The market clearly is looking closely at security platforms that can sit across sprawling attack surfaces, from IT and cloud to operational technology and connected devices.
That logic is also visible further down the market for the last few months of 2025. In recent months, the pace of dealmaking has been hard to miss, from Palo Alto Networks’ agreement to buy CyberArk for about $25 billion, both aimed at turning large vendors into broader, identity-led security platforms.
More recently, Saudi Arabia-based security provider DSShield announced a $54 million funding round led by Merak Capital to scale its security operations and advisory footprint, a reminder that the funding pipeline is not only flowing to Silicon Valley-style pure software plays, but also to operators building capacity around managed services and incident-driven demand.
Taken together with a string of late-2025 platform moves across data, cloud and AI stacks, the pattern is tightening: boards are treating security less as a bolt-on purchase and more as infrastructure, while the market shifts from “more tools” to “fewer control planes’, and from experimentation to operational risk management.
A consolidation cycle, not a surprise boom
Morey Haber, Chief Security Advisor at BeyondTrust, frames the current wave as cyclical, but happening at a very specific inflexion point: funding is becoming more selective, products are maturing, and the easiest route to scale is increasingly through acquisition rather than independence.
“Right now, very little private equity or venture capital money is going into entirely new AI companies. Some funding still exists, but it’s nothing like the first wave. Many of these companies have reached a stage where their technology works, but the real question is what comes next,” he added.
Haber’s point is that we are in a phase where the market is separating deployable products from promise, and where the “what next” question increasingly has one answer: distribution. “Companies need either a clear integration story, an owner with scale, or a use case that makes the technology viable for the long term,” he said, adding that this is why “these technologies are now finding homes inside cybersecurity platforms, development platforms, or infrastructure companies, where they can actually be used and monetised at scale.”
Funding is rising again, but concentrating around fewer, bigger bets
The funding story in 2025 was not an indiscriminate boom. It was capital concentrating into companies with clear buyer pull. According to Crunchbase data, cybersecurity and privacy startups raised roughly $9.4 billion globally in the first half of 2025, before activity cooled in the second half as investors became more selective. Even so, security remained one of the few categories where big rounds continued to land for companies pitching platform outcomes and defensible control points.
That selectivity has sharpened the market’s logic going into 2026. Capital is still available, but it is increasingly flowing to companies that can either consolidate spend into a platform story or control a chokepoint created by AI adoption, such as data security posture management, machine identity, or security operations automation.
“Too many tools” is not the real problem; disciplines are collapsing into platforms
It has become fashionable to say security budgets are rising because CISOs are tired of juggling too many tools. Haber argues the more precise reality is that tool sprawl is worse within specific security disciplines, and that is why consolidation is happening.
“I don’t think there are too many tools in cybersecurity overall,” he said. “What I do think is that there are too many tools within individual disciplines. That’s an important distinction.”
In his view, what is collapsing is not “cybersecurity” as a broad market, but the silos within it. “What we’re seeing now is the collapse of disciplines into platforms,” Haber said, pointing to identity and access management as a clear example where categories that used to be sold separately are being pulled together under one control plane.
That platform logic is one reason large buyers keep paying up: the prize is not another point product, but the ability to own an entire discipline end-to-end, and to sell security outcomes in a way that is operationally usable at scale.
AI is pulling security into the data layer, not just the perimeter
The other force accelerating this consolidation is AI, not because of hype, but because it changes the cost of getting governance wrong. As enterprises move from pilots to production agents and embedded AI, the security question is increasingly about whether organisations can safely use their own information at scale.
Rehan Jalil, President and CEO of Securiti (recently acquired by Veeam), says that is the constraint enterprises are now hitting. “The core problem here is fundamental: there is no enterprise AI without data security,” he said. “If that’s the constraint, then the companies that solve it, and demonstrate market leadership, and show large customers trusting them, and show growth will be rewarded.”
Jalil argued that the market is shifting away from piecemeal governance tools and towards unified outcomes that combine prevention, visibility and recovery. “Customers are demanding unified outcomes rather than piecemeal solutions,” he said. “In the world that’s emerging now, especially with AI agents, both have to exist together.”
His warning is that agents introduce a new class of operational risk because they act at speed and scale, often across systems, and not always in ways humans can easily trace. “Large enterprises don’t have ‘a few’ agents,” Jalil said. “They will have thousands - potentially hundreds of thousands of agents and workflows, across teams, across functions. You need to know what those agents are doing, whether they’re making mistakes, whether they’re leaking information, whether they’re accessing what they shouldn’t.”
He adds that governance alone is not enough in that environment. “And crucially: even with the best governance, something will go wrong,” Jalil said. “When it does, you need to undo it—restore, roll back, recover. That has to come together ‘in one room,’ because it’s the same underlying information asset.”
Why data-security deals are being priced like “security deals”
That is why security is increasingly bleeding into what used to be framed as “data platform” M&A. It is also why buyers are willing to pay premiums for capabilities that anchor trust: discoverability, control, exposure visibility and recovery. The line between cybersecurity and data management is blurring because enterprises now treat data loss, data misuse and AI-induced leakage as security problems, not just IT hygiene issues.
Tim Pfaelzer, General Manager and Senior Vice President EMEA at Veeam, makes the same point from the attacker’s perspective. “Because attackers have turned this into a business,” he said. “This is not just individuals sitting in basements, it’s organised groups operating like companies, running projects, because they can earn a lot of money by getting access to data.”
Pfaelzer says the logic is brutally simple. “Data is power,” he said. “If someone loses their laptop, loses access to their cloud, or doesn’t know where their customer data is if they lose access to the last 20 years of records, reports, and operations, that can put the business at risk immediately.”
Even if AI’s headline hype cools, he argues the underlying security and governance demand does not disappear because it is tied to the economics of data itself. “I don’t see this category going away because it’s tied to the economics and importance of data itself,” Pfaelzer said.
“Data has a cost: it has to be stored, processed, and protected, whether on-premises or in the cloud. There are hardware costs, energy costs, and operational costs. Software is the layer you put on top, but the underlying reality is that data isn’t free to run, and it isn’t optional for modern businesses.”
The breach pattern: identity plus supply chain is becoming the dominant route in
The final driver of security’s renewed attention is not spending fashion. It is a breach of reality. Haber added that supply-chain exposure is now a defining component of major incidents, and that the weak link is often identity hygiene rather than a sophisticated exploit.
“Almost all major breaches today involve both identity and supply chain components,” Haber said. “These attacks are rarely about exploiting a zero-day vulnerability. They’re about compromised credentials, missing MFA, shared passwords, or misconfigured access.”
He describes the logic in practical terms: when direct attacks become harder, attackers follow trust relationships. “If I’m a nation-state or advanced threat actor and your defences are strong, I’m not going to attack you head-on,” Haber said. “I’m going to look at your weakest supplier. That could be an HVAC vendor, a software contractor, or a peripheral systems provider. If I can compromise them, I can often use that access to reach you.”
That is also why he expects new startup innovation to show up in places attackers are moving next. “I don’t believe innovation is disappearing,” Haber said. “It’s relocating. Innovation always follows attackers.”
What this means for 2026
Put together, the 2026 cybersecurity peg is not simply that “money is flowing”. It is that security has become the converging layer for AI, data governance and operational resilience, at the same time as consolidation compresses tool sprawl into fewer platforms. In a market where boards want fewer vendors and clearer accountability, vendors that can own a full discipline, integrate into workflows and prove measurable risk reduction are the ones gaining pricing power.
That leaves point products with a sharper choice. Some will survive by owning an essential niche and being brutally cost-efficient. Many will build towards acquisition because distribution and bundling are becoming the default. Others will be squeezed as platforms absorb features and reset price expectations.
Cybersecurity is where the money and attention are going in 2026 because it is the category where enterprise risk has become unavoidable, and where the market is still willing to pay for outcomes that reduce complexity and make security operationally real.