In this episode of Resilient Cyber I catch up with Momentum Cyber's Founder & CEO, Eric McAlpine.
We will be unpacking 2025's M&A and capital market activities, using Momentum Cyber's 2025 Cybersecurity Almanac Report, as well as discussing some of the overlooked and untold details under the hood of cyber M&A, building world class teams and more.
Interested in sponsoring an issue of Resilient Cyber?
This includes reaching over 31,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives
Reach out below!
Prefer to Listen?
Please be sure to leave a rating and review, as it helps a ton!
Eric and I covered a lot of ground but here is a summary below!
Cybersecurity M&A hit $96B in 2024, but concentration tells the real story. Eight mega deals (Google/Wiz, CrowdStrike/CyberArk, etc.) accounted for $87B of that total across ~400 transactions. The real health of the market lives in the mid-market — exits between $100M–$500M — which is the lifeblood of cybersecurity M&A and where Momentum Cyber primarily operates.
A two-tier funding market is emerging, with Series A and B rounds compressing. Companies like Seven AI raising $130M Series A rounds signal that capital is being deployed as a strategic weapon from day one. With agentic AI enabling faster product development, founders can now go from stealth to near $10M ARR in under a year, collapsing the traditional seed → A → B → C funding playbook.
Repeat founders and “second acts” are reshaping deal dynamics. The Foundstone-to-McAfee deal ($87M) spawned CrowdStrike, Cylance, and Mandiant. A decade ago, most founders were on their first act — now proven operators with track records are commanding outsized investor confidence and concentrated bets.
“Follow the people, follow the money” to predict M&A activity. Leadership changes at strategic acquirers are the leading indicator: Thomas Kurian (Oracle → Google Cloud) preceded the Mandiant and Wiz acquisitions; Bill McDermott (SAP → ServiceNow) signaled their cyber push; Nadav Zafrir (Team8 → Check Point) immediately triggered three acquisitions. Operator DNA from acquisitive companies forecasts M&A strategy.
Strategics reclaimed the throne — 92% of disclosed M&A value in 2024 came from strategic buyers, swinging sharply back from private equity dominance in prior years. Over 1,568 unique buyers have acquired a cybersecurity company since 2010, with Cisco (28), Palo Alto (24), and CrowdStrike (now 10) leading the leaderboard.
AI security is the fastest-forming subsector in cyber history, but services still dominate M&A today. AI security saw 330+ vendors, 144 funding rounds, yet only ~10 M&A deals — while human-led security services drove ~140 acquisitions. Expect this to flip within 2–3 years as AI becomes pervasive, eventually turning the entire Cyberscape into an AI-native landscape.
Headcount trends are a hidden M&A signal. Momentum’s research found that companies with 50+ employees growing headcount pre-acquisition averaged 99% higher valuations, while shrinking companies saw a 58% decline. The 30–50 employee range is the inflection point where buyers shift from viewing a deal as an acqui-hire to a platform/land-grab acquisition.
Momentum Cyber rebuilt their Cyberscape taxonomy from scratch — going from 18 sectors to 12, while expanding from 803 to 1,000+ companies, with AI security alone housing 400+ companies across 10 subsectors. Every existing category is being “eaten” by AI — like Pac-Man clearing the board — mirroring the cloud-native transition a decade ago.
