Cybersecurity: A Growing Slice of IT Spend
- hattie898
- Sep 25, 2025
- 2 min read
Updated: Oct 2, 2025
Cybersecurity has moved from a budget line item to a board-level priority.
Global spending hit $193.5B in 2024, on track for $213B in 2025 (Gartner). Not surprising -attack surfaces are expanding, and threat vectors are evolving.
Ransomware’s still a risk, but its growth is tapering. Meanwhile, phishing and business email compromise (BEC), now often AI-enhanced, are rising fast. Threat actors are adapting. Enterprises need to respond faster.
IBM’s 2025 breach report puts the global average cost of a data breach at $4.44M - a slight drop, largely due to better detection and containment powered by AI. But regional disparities matter. In the U.S., breach costs hit a record $10.22M.
On the back of this pressure, the cybersecurity sector is consolidating. Big buyers - Cisco, IBM, HPE - are making strategic plays. So is private equity. Cisco’s $28B purchase of Splunk and Thoma Bravo’s $5.3B acquisition of Darktrace signal deep conviction in this space.
Why? Regulation, risk, and AI are reshaping the industry - and larger, integrated platforms are better positioned to meet enterprise needs.
Why Cybersecurity M&A Keeps Rising
Several forces are converging:
Increased threat complexity: Organisations are under pressure to cover more attack vectors - fast.
Regulatory pressure: Frameworks like the EU’s NIS2 and Cyber Resilience Act are pushing compliance to the front.
AI adoption: Buyers want intelligent detection, automation, and real-time response.
Fragmented market: Consolidation helps eliminate overlap and integrate offerings into more comprehensive platforms.
Economic conditions are helping. Rate cuts, easing inflation, and post-election clarity in the U.S. and U.K. have set the stage for more dealmaking. PE is active, with firms like Thoma Bravo continuing to build scaled platforms.
Recent Cybersecurity Deals
USD $63M acquisition of an Australian MSSP
Enhances Infosys’ capabilities across ANZ
Expands managed services and security architecture
USD $650M deal (media estimate)
Adds 1,300 cybersecurity professionals
Strengthens Accenture’s security presence in APAC
USD $14B transaction
Integrates networking and AI-driven security
Positions HPE in the SASE and cloud-native space
USD $6.4B acquisition
Adds identity-based security and automation capabilities
Enhances IBM’s DevSecOps and hybrid cloud offering
USD $5.3B take-private deal
AI-powered threat detection and response
Strong commitment to long-term value creation in AI-led security
What’s Next
Expect continued momentum in:
AI-driven security platforms
Cloud-native application protection
Managed security services for outsourced operations
APAC is becoming more active - especially in Singapore, Japan, and Australia - driven by digital transformation and rising threat levels.
However, scaled assets with strong margins remain scarce in Southeast Asia. For firms with solid KPIs and 15%+ margins, this remains a seller’s market.
