March 27, 2026

European cybersecurity M&A set to climb as attacks accelerate

LinkedIn Facebook X Send Embed

European organizations ramp up investment in cybersecurity as malicious cyberattacks on mission-critical technology infrastructure increase

Cyberattacks in Europe are escalating, with consequences that are becoming ever more severe for businesses and public sector organizations across the continent.

The average number of weekly attacks per organization in Europe reached 1,642 in 2025. This is a higher average than in North America and 20 percent up on the 2024 figure for European organizations, according to analysis from Check Point Research. There is a clear trend which shows no signs of reversing as economies and market sectors continue to digitize at-pace.

The financial impact of malicious attacks are severe for the organizations targeted.

UK retailer M&S, for example, was the victim of a ransomware attack that forced a 15-week closure of its click-and-collect service and put a £300 million (US$402 million) dent in its annual profit forecasts. Fellow retailer, the Co-Op Group, suffered a breach that resulted in the data of 6.5 million customers being stolen, disruption to store supply chains and an impact on contactless payments. Carmaker Jaguar Land Rover (JLR) suffered a major cyberattack which forced a shutdown of production lines for five weeks, costing an estimated £1.9 billion (US$2.6 billion). According to the Cyber Monitoring Centre, the cyberattack on JLR ranks as the most damaging in UK history.

European companies and governments are stepping up to enhance the protection of mission-critical software, systems, networks and other digital assets. The European cybersecurity market, which is already worth US$81.8 billion, is forecast to grow at a compound annual growth rate of 8.2 percent between 2026 and 2034 and is predicted to be valued at US$165.7 billion by 2034, according to research consultancy IMARC Group.

A key driver for growth is recognition in the private and public sector that advanced investment in cybersecurity is essential, not optional. Industry growth is also being driven by the implementation of regulations that will make cybersecurity investment non-discretionary.

The EU’s NIS2 Directive, for example, mandates cyber standards compliance for companies operating in 18 critical industries, while the Digital Operational Resilience Act demands comprehensive cybersecurity risk management for all financial institutions in the EU. From late 2027 onward, the EU Cyber Resilience Act will impose extensive cybersecurity compliance requirements on entities involved in manufacturing and distributing digital products, such as smart devices and mobile apps.

M & A helps accelerate cyber investment

M&A has been one of the levers for ramping up investment and scale in cybersecurity, with the sector generating a cluster of large, high-profile transactions.

In the largest European cyber deal in 2025, California-based cybersecurity company Proofpoint, backed by buyout firm Thoma Bravo, agreed a US$1 billion deal to acquire Hornetsecurity, a German cyber business specializing in cloud-based email security services.

More cybersecurity M&A from US-based companies into Europe is expected in 2026, as Stateside businesses invest in European assets to ensure their new enterprises are already compliant with EU regulation and sovereignty requirements.

In the second largest European cyber deal last year, Bain Capital acquired Italian technology company Namirial in a US$776 million secondary buyout. Namirial is known for its digital identity verification, digital trust technology and e-signature workflows.

Digital identity and access management have been attractive cyber subsectors for dealmakers, with identity verification and privileged system access receiving greater attention and investment as remote working rises and opportunities emerge to build technology that unites these protective layers in a single product.

The third largest European cyber deal in 2025 saw CVC’s infrastructure business DIF agree a US$707 million transaction for French B2B digital infrastructure operator Celeste. Celeste serves more than 20,000 companies and 3,000 municipalities. Expanding Celeste’s cloud and cybersecurity provision is a key pillar of DIF’s investment strategy.

Deal dip despite tailwinds

Despite large deals progressing in 2025 and the favorable growth dynamics supporting the industry, overall European cybersecurity M&A dropped last year.

Volume remained relatively stable, with 106 transactions, but value slid from US$9.8 billion in 2024 to US$3.5 billion in 2025—a decrease of more than 60 percent. For context, 2024 was the second-best year on record for European dealmaking in the sector. In this year so far (to March 26), there have been 26 cybersecurity deals in Europe, valued at US$172 million.

There is also a cyclical dynamic to cybersecurity investment. Threats and risks are constantly evolving, a trend that has accelerated as cyber criminals use AI tools to increase the volume and route of cyberattacks. Shifts in underlying technology platforms can also put cybersecurity investment on hold, as services need to address newly deployed tech stacks before implementing new iterations of cyber protection.

These themes can make it difficult for dealmakers to predict how cybersecurity deal targets will perform over time. Investment cycles can be truncated, and the risk of stranded assets is real.

Scaling a cybersecurity company across Europe also poses challenges as the market is fragmented and regulatory frameworks can vary from jurisdiction to jurisdiction.

Long-term growth cycles persist

For all these cyclical and technical complexities, however, the long-term trajectory for cybersecurity M&A in Europe is an upward one.

Cyberattacks are increasing and bad actors are constantly developing different vectors of infiltration. Organizations need to invest continually to protect their networks and data.

Increasing defense spending across Europe will also be a key driver of dealmaking, as companies adapt to the risks of hybrid warfare, where digital attacks have been used as a weapon by adversarial states.

In this complex and fast-moving environment, M&A will be a powerful tool that companies and investors use to fill in security gaps, “acqui-hire” in expertise, consolidate cybersecurity capabilities and adapt to evolving threats.

[View source.]

Send Print Report

Latest Posts

• European cybersecurity M&A set to climb as attacks accelerate
• Navigating legal professional privilege under EU law in the age of AI
• Regulating Space: A Closer Look At The Proposed EU Space Act
• Geopolitical Tensions and Disruption: Key Areas for Consideration for Borrowers and Capital Markets Issuers in the Gulf Region – Proactiveness in Financial Management and Where to Seek Support
• The Visionary, Books + Café, LLC v. Bank OZK: Supreme Court Declines Review, Cementing An Eleventh Circuit Opinion That Upholds Arbitral Finality See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
White & Case LLP
2026

Written by:

White & Case LLP Contact + Follow Dr. Detlev Gabel + Follow John Timmons + Follow Daniel Turgel + Follow

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Cyber Attacks + Follow Cybersecurity + Follow Digital Operational Resilience Act (DORA) + Follow EU + Follow Investment + Follow NIS Directive + Follow Private Equity + Follow Regulatory Requirements + Follow Consumer Protection + Follow International Trade + Follow Mergers & Acquisitions + Follow Privacy + Follow Science, Computers & Technology + Follow more

White & Case LLP on:

Solve with 2Captcha

Solve with 2Captcha