TLDR: The US cybersecurity market is experiencing a significant surge in dealmaking activity in 2025, driven by a dramatic increase in cyberattacks, rising costs for businesses, and an evolving regulatory environment. Cybercrime costs exceeded $16 billion globally in 2024, a 33% increase from 2023, with high-profile incidents like the Change Healthcare ransomware attack highlighting the severe financial and operational impact. This heightened threat has propelled the market to an estimated $88.3 billion in 2025, with projections reaching up to $166.7 billion by 2032, fueling both large-scale and mid-cap M&A transactions.
The United States cybersecurity sector is witnessing an unprecedented surge in mergers and acquisitions (M&A) activity in 2025, significantly outpacing the previous year. This heightened dealmaking is a direct response to the escalating and increasingly sophisticated cyber threats, the mounting financial and liability costs for businesses, and a more defined regulatory framework governing digital defenses.
Cybercrime inflicted a global cost of over $16 billion on victims in 2024, marking a substantial 33% increase compared to 2023, according to the FBI’s latest Internet Crime Report. Within the US, the spectrum of attacks has ranged from unsophisticated scams to highly coordinated ransomware campaigns that have severely disrupted critical infrastructure and public services.
The year commenced with a major ransomware strike on Change Healthcare, a subsidiary of UnitedHealth Group, which ultimately cost the company more than $2.8 billion in response efforts and necessitated over $6 billion in downstream assistance to affected providers. Other notable incidents include the November 2024 attacks on US telecom giants AT&T, Verizon, and Lumen Technologies by Chinese hackers identified as Salt Typhoon, which underscored widespread vulnerabilities and the geopolitical dimensions of cybercrime. Furthermore, Check Point Research reported a alarming 70% year-on-year increase in attacks targeting US utilities, a particularly sensitive area of national infrastructure.
These incursions are not only becoming more frequent but also more complex. Reports indicate that phishing attacks have surged by over 4000% since the release of ChatGPT in late 2022, largely driven by generative AI tools that enable the creation of more convincing and sophisticated scams.
Given the scale and growth of these threats, the US cybersecurity market is expanding in tandem. Statista projects the market to reach $88.3 billion this year, with a compound annual growth rate (CAGR) of 7.1% through 2029, at which point it is expected to hit $116.2 billion. More bullish estimates suggest the market could balloon to $166.7 billion by 2032 from $73.1 billion in 2025, representing a 12.5% CAGR. This robust demand is powering significant dealmaking across both big-ticket and mid-cap transactions.
Also Read:
- Israel’s Cybersecurity Sector Thrives: Funding Nearly Doubles Amidst Global Economic Headwinds
- Accenture and Microsoft Deepen Partnership with Gen-AI Cybersecurity Initiative
In 2024, US cybersecurity M&A activity saw 77 transactions totaling $4.9 billion. While this represented a slower year by historical standards, it remained significant given the prevailing macroeconomic conditions. Major deals included Mastercard’s $2.7 billion acquisition of threat intelligence provider Recorded Future and CyberArk’s $1.5 billion acquisition of machine-identity management company Venafi. Activity measured by value has rebounded sharply in 2025, notably propelled by a standout megadeal: Google parent Alphabet’s acquisition of cloud security unicorn Wiz for $32 billion, including net debt.
