The Talent Is There—Where’s the Boldness?

Hello Cyber Builders 🖖,

Europe is taking a beating—too much regulation, slow growth, political turmoil. The criticism is louder than ever. But simultaneously, wake-up calls are sounding daily across all 30 European countries (EU27 + UK + Norway + Switzerland).

As we wrap up January and our deep dive into Cybersecurity by the Numbers—covering VC funding stats, M&A activity, and more—I want to take a step back and reflect: How is Europe doing?

There’s enough here to write a whole book (which, to be honest, is core to what I do at CyGO Entrepreneurs). But for now, let’s focus on three key topics:

🚨 Underinvestment & the lack of M&A in Europe
🇮🇱 Lessons from Israel’s Cybersecurity Ecosystem
🔬 Deep Tech vs. SaaS: The European Mindset Challenge

Let’s dive in. 🚀

2024 global cybersecurity investments hit $16B, yet only $1.7B went to European companies (based on

stats released early Jan 25). That’s just a fraction of the pie, despite Europe representing 25–30% of the global cybersecurity market.

Europe is underspending and underinvesting in its cybersecurity ecosystem. If Europe wants to compete internationally, it must seriously ramp up venture funding for cybersecurity startups and scale-ups. That’s what anyone is repeating across our continent.

Family offices and private equity firms have money. The EU ecosystem lacks a pension fund system to provide even more, but this is not the core issue.

Investors don’t invest randomly. They partner with entrepreneurs running innovative companies, and the money they provide is used to fuel ambitious projects.

This underinvestment persists due to one major factor: a risk-averse mindset from the company’s founders.

While ecosystems like Israel push for global expansion from day one, many European founders wait too long—refining their products instead of chasing market dominance early. By the time they’re ready, others have already taken the lead.

I strongly feel that A bolder, global-first approach could be a game-changer for Europe’s cybersecurity ecosystem.

Europe’s approach to Mergers and acquisitions (M&A) is mainly regional. Most deals involve service providers consolidating market share rather than strategic acquisitions of high-growth cybersecurity startups.

Meanwhile, major defense players like Airbus Cybersecurity, Thales, Leonardo, and Secunet rarely acquire smaller, cutting-edge startups. Instead, they remain focused on long-term public-sector and defense contracts.

International M&A could happen, but not always to consolidate the EU ecosystem field. For example, Thales acquired Imperva in 2023 for $3.6 billion. Imperva was an established web application firewall company headquartered in the U.S. with a global market presence. Imperva was not a startup; it was created in Tel Aviv in 2002, had a successful growth journey, and was bought out by Thoma Bravo, a large equity firm that owned it before the deal with Thales. Thales purchased it for six times the ARR, a break-even company that enables them to grow their market presence.

I think Europe needs a more dynamic, innovation-driven M&A culture that actively integrates smaller, high-potential cyber startups into larger platforms to drive global impact.

Israeli cybersecurity startups don’t play it safe—they think globally from day one. Instead of perfecting their product in a small local market, founders immediately test their ideas internationally.

They pitch to Fortune 500 companies, partner with global enterprises, and aim for rapid expansion.

This high-confidence, go-big-or-go-home mentality isn’t just about ambition; it’s a key driver of Israel’s cybersecurity dominance. By proving their value in global markets early, Israeli startups attract major investors, customers, and talent, creating a momentum that fuels further growth.

In contrast, many European startups take a slow-and-steady approach, waiting until their product is “mature” before expanding. The problem? By then, the most significant opportunities—and the market share—are often gone.

🔑 Key Takeaway: A global-first mindset isn’t optional—it’s a competitive necessity. European cybersecurity startups must move faster, aim higher, and enter global markets earlier to truly compete on the world stage.

One of Israel’s biggest strengths is its openness to foreign investment. Unlike in Europe, where startups often rely on local VCs and government-backed initiatives, Israeli founders seek funding from global venture capital firms, family offices, and corporate investors.

Israeli VCs embrace this approach, leveraging international LPs (limited partners) to ensure a steady influx of capital. This strategy has transformed Israel into a global cybersecurity powerhouse where the constraints of domestic funding don’t limit startups.

Meanwhile, Europe’s cybersecurity sector often struggles with fragmented investment ecosystems and a lack of risk-taking investors willing to back high-growth startups. As a result, many promising European startups struggle to scale or relocate to the U.S. to secure funding.

In traditional SaaS, releasing a minimum viable product (MVP)—even with a few bugs—is often an accepted strategy. However, in cybersecurity, failure is not an option.

Security solutions are often seen as Deep Tech technologies that must be stable, resilient, and interoperable from day one because they protect critical infrastructure, sensitive data, and entire organizations.

See

That said, prioritizing rock-solid security doesn’t mean building in isolation. The best cybersecurity solutions are developed in collaboration with real-world users, such as security teams, CISOs, and IT departments that deal with daily threats.

Instead of perfecting a product in a vacuum, successful startups iterate through early feedback loops with practitioners. This ensures they’re solving real problems, not theoretical ones.

Think of this as iterative co-design, where innovation happens through ongoing engagement, validation, and refinement—not a long, secretive development cycle.

Europe excels in deep-tech cybersecurity research, but too often, breakthrough innovations stay in academia or small-scale projects instead of scaling globally. Many founders hesitate to commercialize, aiming for technical perfection instead of market traction.

We inherited the European Union from our grandparents, who, after WWII, built it to ensure peace, stability, and prosperity after centuries of conflict.

Now, it’s our turn.

Europe has challenges— risk-averse entrepreneurs and investors, slow M&A activity, and a fragmented market—but complaining won’t fix them. Instead of bashing Europe, we need to build Europe. That means:

• Thinking global from day one—not waiting until it’s “perfect.”

• Investing in cybersecurity startups.

• Creating a stronger M&A culture that fosters innovation and scale.

Europe has the talent, deep tech expertise, and market potential. What we need now is boldness and execution. The future of cybersecurity isn’t just being built in the U.S. or Israel—it can and should be built in Europe, too.

Stop waiting. Build. 🚀