MSSP, Acquisition, Security Strategy, Plan, Budget, Venture capital, Private equity

Investors Grow Their Cybersecurity Spend in 2025 – So Far

Adobe Stock

The amount of money being invested in cybersecurity companies is continuing to rise, though the number of firms that are receiving it is remaining steady and early-stage startups are getting a lot of the investor interest, according to Pinpoint Search Group.

In its report this week about funding in the second quarter, the cybersecurity recruiting firm said that $4.2 billion was raised, almost a 25% year-over-year increase over the $3.4 billion in Q2 2024. The money spanned 100 funding rounds, compared with 98 during the second three months last year, resulting in the average deal size likely getting larger.

Eight of the 100 funding rounds were for more than $100 million each, or about 55% of all the funding for the quarter. In addition, investments in cybersecurity companies in the first six months of the year was $6.4 billion – including the $2.2 billion in Q1 – a 13% increase over the first half of 2024.

Amid all the investing, there also were 18 acquisitions made in the cybersecurity space, Pinpoint researchers noted, including high-profile ones like Check Point buying Veriti, Zscaler with Red Canary, Palo Alto Networks with Protect AI, and Proofpoint grabbing Hornetsecurity.

Headwinds Include Layoffs, Budgets

These are the numbers that cybersecurity companies and partners like MSSPs and MSPs need to keep on top of, according to Mark Sasson, founder and managing partner at Grand Junction, Colorado-based Pinpoint.

While the amount of money being invested this year is a positive sign for the cybersecurity industry, there are trends to keep an eye on, Sasson said in a statement. The numbers show investors are placing larger and more selective bets and that there are still challenges they have to navigate, such as ongoing layoffs in the tech industry and enterprise budgets being scrutinized.

“The challenge for investors, and the reason cybersecurity as an industry is so resilient, is that the threat landscape changes with technological advancement,” Sasson told MSSP Alert. “Being in a period today where technology is advancing at breakneck speed, investors are looking to identify solutions that are solving today’s problems and will address the forecasted challenges of tomorrow. That’s a really tough mandate, requiring educated bets across different fields and categories within cyber.”

Startups Get Attention, Money

One area investors are looking at is early-stage funding for Seed and Series A startups, which are the top funding targets so far in 2025 – about 56% of all second-quarter funding rounds – even though there was a 6% decline in comparison to the first quarter.

Additionally, any decisions investors make have to be made amid the ongoing headwinds of layoffs and budgets, and investors have an up-close view of those challenges.

“Investors are the ones sitting on the boards of these cybersecurity companies,” Sasson said. “They interact with executives and participate in – if not influence – decisions. It’s important to remember that P/E (private equity) and VCs (venture capitalists) are raising capital to invest and are responsible for delivering returns. With that context, scrutiny and a focus on the bottom line are natural. They will make decisions that they believe will support positive returns for them and their stakeholders.”

Information MSSPs Need to Know

MSSPs and MSPs should know and understand where investors are putting their money, he said. Early-stage startups have dominated the amount being invested for the past several years, which is by design, and shouldn’t be surprising.

“These are relatively low-risk investments for VCs that essentially serve as incubators for cybersecurity innovation,” Sasson said. “Monitoring the types of solutions being proposed by these innovators can help MSSP decision-makers gauge where the market is headed.”

This is important, given the tough job MSSPs have, he added.

“Just like investors, it’s incumbent upon MSSPs to stay on top of the current threat landscape and to be skilled at forecasting how that landscape will evolve,” Sasson said. “I would expect that these organizations will be looking at these investment trends and using them as one of many data points that influence the solutions they acquire and utilize to protect their client base.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds