The cybersecurity landscape is transforming. AI-driven threats, shifting buyer priorities, and disciplined capital markets are redefining how ventures are built, bought, and scaled. In a recent GCP Podcast episode, we unpacked a few of these shifts with Pratik Mehta, a cybersecurity deal making veteran and Managing Director at William Blair, whose insights on AI threats, M&A trends, and platform strategies anchor our analysis. Here’s what’s shaping 2025—and how founders, IT leaders, CISOs, and investors can thrive.
Hear the entire conversation with Pratik Mehta on Youtube
Enterprises face a sprawling attack surface. Cloud sprawl, remote work, and IoT multiply endpoints—laptops, servers, even smart sensors. Gartner’s 2024 Security Outlook flags “hundreds of entry points” per organization. Breaches take 204 days to detect and 73 days to contain (IBM, 2024).
Generative AI fuels hyper-realistic phishing, keeping CISOs on edge. Attackers need only one successful hit; defenders need perfection all the time.
Insider threats—malicious or careless employees and contractors—cause 15% of breaches, costing $4.88M each (IBM, 2024). Hybrid work and generative AI, enabling sophisticated phishing and data theft, have spiked risks, with 83% of firms reporting attacks (Cybersecurity Insiders, 2024). Remote employees accessing sensitive systems and AI-crafted scams make early detection vital.
Recognizing this emerging threat, we acquired CurrentWare in March 2025 to strengthen mid-market defenses. CurrentWare’s monitoring tools track suspicious activity, like unauthorized file transfers or unusual logins, and integrate seamlessly with platforms, simplifying security for lean IT teams. By 2026, 68% of organizations will prioritize such tools (Ponemon, 2024), as insider risks grow alongside cloud and remote work adoption. Our investment in CurrentWare reflects our belief that addressing insider threats is non-negotiable for modern enterprises.
Large enterprises favor best-of-breed stacks, but mid-market firms (200–2,000 employees) crave simplicity. Lean IT teams, juggling security and compliance, are flocking to platforms that unify endpoint, email, identity, and cloud security. Forrester predicts 60% of mid-market buyers will choose platforms by 2026, cutting costs and chaos.
VCs poured $50B into cybersecurity startups from 2019–2022 (Momentum Cyber), spawning niche tools in identity, analytics, and security health. Sub-$15M ARR firms now struggle to scale in a budget-tight market. 451 Research forecasts 70% of 2025 M&A deals will target these vendors, as platforms acquire to plug gaps. Case in point: Palo Alto Networks bought Talon Cyber Security (est. $10M ARR) in 2023 to enhance its cloud security platform, a trend surging in 2025.
PE firms are moving beyond quick flips to craft enduring platforms. Their 2025 strategy:
PE firms are building cybersecurity giants by combining companies. Thoma Bravo acquired SailPoint, a leader in identity security, in 2022 for $6.9B. In 2023, SailPoint added SecZetta, a specialist in third-party identity, to expand its platform. Vista Equity Partners bought KnowBe4, a security training provider, in 2022 for $4.6B, then added Egress, an email security firm, in 2024. These moves reflect a trend of creating stronger platforms in today’s cost-conscious market.
Cybersecurity remains mostly horizontal, but vertical-specific tools are emerging in healthcare, finance, and government, driven by compliance needs. Think HIPAA-focused platforms or financial audit trackers. Only 8% of 2025’s Cyber 500 vendors are vertical-specific (CB Insights), but as AI attacks target industries and regulations tighten, this niche could soar.
Here’s what cuts through in 2025:
Cybersecurity is vast, fragmented, and fast-moving. With AI proliferation and hybrid becoming the norm, addressing insider threats is a non-negotiable for organisations. We acquired CurrentWare (March 2025) to tackle this, while Thoma Bravo’s SailPoint expansion and Palo Alto’s Talon acquisition drive industry trends. Platform consolidation, mid-market demand, vertical niches, and PE-driven platforms are shaping the winners. Success demands sharp positioning, flawless execution, and deep buyer alignment.
Listen to the full GCP Podcast episode for Pratik Mehta’s unfiltered insights.
Gulmohar Capital Partners is seeking cybersecurity acquisitions in insider threat detection, data protection, identity, and endpoint intelligence to complement CurrentWare’s capabilities. Founders and advisors, let’s connect—reach out via our website or contact the GCP team directly.
Platform consolidation,insider threat detection, mid-market focus, AI-driven threats, PE platform-building, and vertical solutions.
They cut complexity, costs, and unify workflows for lean IT teams.
Simplify pitches, target mid-market, solve platform gaps, partner early, and show traction.
Use platforms with monitoring tools like CurrentWare, to combat soaring risks, track unauthorized access and integrate with endpoint and identity security.
