Introduction
The fourth quarter of 2025 largely reinforced the market dynamics that defined the year as a whole. Deal activity continued to recover modestly, while total capital invested accelerated, approaching $150 billion for the year. Together, these trends point to sustained valuation growth, even as capital remains highly concentrated at the top end of the market. Fewer than 100 deals accounted for a disproportionate share of total investment, reflecting a continued tendency for companies to remain private longer. At the same time, signs of renewed IPO momentum throughout 2025 suggest that this pattern may begin to shift in 2026, potentially catalyzing exits and accelerating capital recycling across the venture ecosystem.
At the early stage, the picture remains bifurcated. Deal volumes at seed and Series A improved during the quarter, with seed activity surpassing 1,000 deals for the first time since mid-2023 and cybersecurity continuing to outperform the broader venture market. Investor selectivity, however, remains elevated, particularly at Series A. Founders who successfully secure funding are commanding substantial valuation premiums, while many others face a more difficult path forward. This combination of rising valuations and constrained deal flow continues to define the early-stage environment heading into 2026.
From a thematic standpoint, Q4 saw capital rotate back into several categories that had softened earlier in the year. Services-oriented companies reemerged as a meaningful share of deal activity, even as services-as-software continues to reshape how security capabilities are delivered. AI security remained a focal point, with increasing emphasis on governance as enterprises prepare for more autonomous systems. Identity and access management regained prominence amid the rapid expansion of machine identities, and data security attracted renewed interest, including in areas such as fully homomorphic encryption, reflecting its potential role in future AI-driven architectures.
Q4 State of the Market – Cyber Deal Activity
Simply put, the fourth quarter largely reflected trends seen earlier in 2025. Deal count growth remained modest, while total capital invested grew more quickly, approaching $150 billion. Together, these metrics continue to point toward sustained valuation growth. Beneath this headline figure, however, capital deployment remains highly concentrated in fewer than 100 deals, reflecting the ongoing tendency for companies to extend their time to exit. That dynamic may begin to shift in 2026, as the IPO market showed meaningful recovery throughout 2025, suggesting renewed public market appetite that could help catalyze exits in the year ahead.
At the early-stage, we also saw valuations continue their upward trajectory despite deal volumes remaining below historical averages. This environment presents a bifurcated market. It remains highly selective, yet rewards substantial premiums for founders who successfully secure funding.
Deal Count and Capital Investment See Slight Increases
Source: PitchBook
Megadeals Continue in Spite of IPO Market Recovery
Source: sec.gov, “IPOs: Number and Proceeds”
Capital investment during the quarter remained highly concentrated at the top end of the market, with fewer than 100 deals representing more than $34 billion in investment and multiple financings surpassing the $1 billion threshold. This concentration of megadeals that has characterized the venture capital landscape in the post-pandemic era would typically signal a stagnant IPO market as companies extend their time in private hands. However, 2025 defied this pattern, with the U.S. IPO market seeing 110 offerings with more than $22 billion in proceeds in Q3. While final Q4 figures from the SEC are not yet available, an analysis of the global IPO market from EY indicates that Q4 was the strongest quarter since Q4 of 2022, with 387 IPOs across the globe. This would suggest that the U.S. market likely maintained or exceeded its Q3 volumes. Should this momentum continue through the first half of 2026, late-stage investors may face renewed competition as companies look to public markets for funding and capital recycling accelerates across the venture ecosystem.
At the Early Stage, Deal Volume Rises
Source: PitchBook
The uptrend in seed investment volume continued during the quarter, surpassing 1,000 deals for the first time since Q3 2023. While this represents a modest improvement over the previous quarter, it marks a significant 41% increase from the post-pandemic lows observed in Q4 2024. Series A deal volume also saw a slight uptick, though it remained below the near-term peak established in Q4 2024. Cybersecurity continued to outperform the broader market, posting gains in both seed and Series A deal volumes.
Valuations Reach New Highs, Especially in Cybersecurity
Source: PitchBook
During the quarter, median pre-money valuations at Series A reached another record high, extending a multi-year upward trend across all U.S. ventures. In the cybersecurity vertical, Series A valuations neared an all-time high as well, approaching the records set in Q3 2023.
At the seed stage, valuations remained relatively flat in the broader market after sustained growth over recent years, while cybersecurity saw a significant uptick to establish a new all-time high.
Investor Selectivity Remains Heightened at Series A
Source: PitchBook
Median valuation step-ups remained stable during the quarter across the broader market. While the cybersecurity vertical experienced a modest decline, it remained within the range established in recent quarters. Both sectors have demonstrated upward momentum since bottoming out in late 2023. Down rounds persisted at elevated levels throughout the quarter, reflecting a Series A landscape characterized by heightened investor selectivity, even as companies successfully securing financing achieve valuation appreciation that is in-line with pre-pandemic norms.
Where Was Cyber Investment Flowing
Source: PitchBook
Q4 saw several categories that had waned in recent quarters return to the forefront of cyber investment. One such vertical was services companies, which accounted for more than 15% of deals during the quarter. This occurred despite the continued growth of services-as-software, a trend that is reshaping how security capabilities are delivered and consumed across organizations.
AI security companies also made a strong showing this quarter, with many shifting their focus toward governance rather than traditional areas such as data loss prevention (DLP) or detection and response. Identity and access management (IAM) likewise returned to prominence, with more than 15% of deals occurring in that sector during the quarter. This resurgence comes as AI agents further exacerbate the challenge of a rapidly expanding number of machine identities within the modern enterprise.
Data security represented 10% of deals this quarter, including multiple companies focused on fully homomorphic encryption (FHE), signaling growing investor interest in its potential applicability to AI systems.
The next section provides an end-of-year deep dive into how cyber investment categories in 2025 as a whole aligned with enterprise spending priorities for 2026.
Are Cyber Startups Actually Building What Enterprises Want to Buy?
As the new year begins, it’s a natural moment to look both backward and forward, reflecting on where innovation capital flowed over the past year and asking whether those bets align with where enterprises say they plan to spend next.
At DataTribe, we live and breathe early-stage cybersecurity. We spend our days evaluating, investing in, and helping build companies we believe will define the next generation of cyber defense. With that lens, we wanted to explore a simple and important question:
Are seed-stage cyber startups building in areas that CISOs are actively prioritizing?
To answer that, we compared the types of cyber startups raising seed capital in 2025 with where enterprises say they plan to allocate cyber budgets in 2026.
How We Did the Analysis
For enterprise demand signals, we used data from PwC’s 2026 Global Digital Trust Insights report, which surveyed 3,887 business and technology executives between May and July 2025. Respondents spanned large and mid-sized enterprises across a broad range of industries and 72 countries, with approximately 59% based in Western Europe and North America.
Among a wide set of cybersecurity questions, one survey item asked executives which areas they planned to prioritize when allocating cyber budget over the next year. We used the results of that question as our proxy for enterprise cyber budget priorities in 2026.
We then identified 98 cybersecurity startups that raised seed rounds in 2025 using PitchBook data and categorized each based on its primary product focus, aligning those categories with the PwC survey framework and adding a small number of additional categories where necessary.
The resulting chart compares:
- Red bars: percentage of enterprises prioritizing each category in their 2026 cyber budgets
- Blue bars: percentage of 2025 seed-stage cyber startups focused on each category
What the Data Shows
The top-line result is encouraging. PwC reports that 78% of surveyed organizations expect their cyber budgets to increase in 2026, and in broad terms, seed-stage startup activity lines up with where enterprises expect to spend.
Artificial intelligence leads the chart, as one would expect. The largest share of seed-stage cyber startups in 2025 focused on AI-driven solutions, and enterprises likewise rank AI at the top of their 2026 cyber budget priorities. In a market where AI is discussed almost nonstop, this alignment is not exactly a revelation. Still, it reinforces that founders are generally building toward problems enterprises are actively funding.
A Deeper Look at the Gaps and Nuances
Box A: What Does “AI” Actually Mean?
One ambiguity in the PwC survey is how respondents interpreted “AI” as a budget priority. Are enterprises planning to spend on securing AI as a new attack surface, or on using AI to improve cybersecurity operations?
To account for this, we split seed-stage startups into two distinct categories:
- AI Security: companies focused on protecting AI models, AI agents, and AI-enabled systems as a new class of assets and attack surface
- AI-Automated & Autonomous Security: companies whose core value proposition is using AI to automate or fully autonomize cybersecurity operations (e.g., AI-driven SOC automation, continuous autonomous penetration testing)
Importantly, this second category does not include every cyber company that “uses AI.” Nearly all modern security products do. We only included companies where automation or autonomy was the central product thesis.
Seen through that lens, the strong alignment between enterprise priorities and startup activity around AI appears real, but it spans two very different interpretations of AI’s role in cybersecurity, both of which are likely to see sustained demand.
Box B: Cloud Security and Zero Trust: Why the Gap?
Two categories where the chart suggests a potential mismatch are Cloud Security and Network Security and Zero Trust. These rank as the second and third highest enterprise budget priorities for 2026, yet relatively few seed-stage startups appear to be focused exclusively on these areas.
What explains this discrepancy? A large share of startup activity in 2025 concentrated on red teaming, penetration testing, and SOC automation, much of it leveraging AI to automate existing security workflows. By contrast, relatively few startups focused directly on improving how organizations identify and manage network vulnerabilities or address cloud security configuration challenges.
While some companies in the AI-Automated Security category are clearly building capabilities that can support cloud and network security outcomes, this does not appear to fully account for the gap. As a result, cloud security and network security may represent areas of opportunity for new startups, particularly those able to address persistent enterprise pain points in more effective or operationally efficient ways.
Box C: Managed Services and Security Awareness
Another area of divergence appears in Cyber Managed Services and Security Awareness Training, both of which show relatively high enterprise budget priority but comparatively few venture-backed seed startups.
For managed services, this is not surprising. Managed Security Service Providers (MSSPs) are typically cash-flow-driven businesses operating in a crowded and competitive market, which makes them a less natural fit for venture funding. That said, the data reinforces the importance of MSSP channels as a go-to-market strategy. Startups selling products through managed service providers may be well positioned to tap into this budget line.
Security awareness training is more intriguing. Enterprises continue to allocate meaningful budget to this area, even as the market remains crowded with large, established vendors. At the same time, many organizations report ongoing dissatisfaction with the effectiveness of existing approaches. This combination suggests room for innovation in how employees are educated, shifting security awareness from a periodic compliance activity to a more continuous and shared responsibility across the organization.
The Rest
Beyond these highlighted areas, the remainder of the categories show a natural tapering: fewer startups and lower enterprise priority as you move down the chart.
We also added a couple of categories that didn’t map cleanly to PwC’s budget taxonomy. Email security, for example, doesn’t sit neatly under threat management or endpoint security, yet continues to attract startup activity. Blockchain security is another area to watch, particularly as regulatory clarity improves and traditional finance continues to converge with decentralized finance infrastructure.
Final Takeaways
Overall, the data paints a promising picture.
Seed-stage cyber startups in 2025 are largely building in areas that enterprises say they plan to fund in 2026.
While there are pockets that warrant closer scrutiny, the broad alignment is there.
That said, seed-stage companies are not building for next year’s budget alone. Their true horizon is three to five years out. So the more compelling question is what enterprises will be prioritizing several years from now as AI systems become more autonomous, digital infrastructure grows more complex, and cyber risk continues to evolve.
Those long-range shifts are where the most consequential, category-defining cybersecurity companies will emerge, and where the best founders are already building today.
