The Cyberman Show

CyberSecurity Market Breakdown Aug 2025-March 2026 — Breaches...

Prashant Mishra

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 22:01

Send us Fan Mail

I was away from content creation for a while — and a lot happened. In this comeback episode of The Cyberman Show, I cover everything that moved the cybersecurity industry between August 2025 and March 2026: the worst breaches, the biggest acquisitions, the hottest startups, where VC money is flooding in, and what the major threat reports are telling us.I'm not here to give you a news digest. I'm here to help you see the patterns — because every breach, every acquisition, and every funding round is a signal about where the industry is heading and what skills will matter next.Highlights: UK retail ransomware chaos, $1.67B Bybit crypto theft, Google's $32B Wiz acquisition, Palo Alto's $29B acquisition spree, the emergence of Agentic AI Security as a new product category, a 47% surge in cybersecurity VC funding, and CrowdStrike's alarming 27-second attacker breakout stat.If you're in cybersecurity — as a professional, a founder, or someone building a career — this episode is your six-monthly briefing, delivered by someone who's been in this industry for 20+ years.


Support the show

Google Drive link for Podcast content:
https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnko

My Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/
Youtube Channnel : https://www.youtube.com/@TheCybermanShow 
Twitter handle https://twitter.com/prashant_cyber


PS: The views are my own and dont reflect any views from my employer.

Welcome Back And Why It Matters

SPEAKER_00

Hey everyone, welcome to the Cyberman Show. My name is Prashant Mishra. I'm a cybersecurity expert with over 20 plus years working in cybersecurity product companies. Right now I'm working at Palo Alto Networks as a solution architect. Today I'll be covering about uh what has happened in last six months in this space. The reason I'm doing a six-monthly episode is because I was away from the world of content creation for some time. Uh today is a comeback episode. Uh although I know by the time you see there would be another episode uh out because that was a wake-up call for me. Uh it was all about how Agent TKI hacked 30 plus companies. I highly recommend you to go and check that episode out. But with that, uh let's get started. So today I'll be talking about major instruments and beaches, where the money is flowing, and what are the major threat reports or publications that everybody should read. Now, the idea why I share all this content is to learn patterns. The moment we understand patterns, we can use that to learn more, build new skills, and find uh an opportunity that we might be waiting for. With that, let's look into incidents and breaches. So uh UK as a country was under siege with multiple attacks that have happened. So uh their retail chains, MS, Harids, they were attacked uh by uh ransomware uh called Scattered Spider that came through a third-party provider. JLR was attacked, it led to around$2.5 billion in cost. It impacted UK GDP. Collin Air Space breach led to three airports getting impacted. Uh that is Heathrow, Brussels, and Berlin. Then, in terms of crypto-based attacks, Bybit Hack led to$1.67 billion stolen in Q1 2025 alone. And uh in first half of 2025, the total amount that was done through cryptocurrency was$2.47 billion. It exceeded entire cryptocurrency-based theft in all of 2024. Again, there were major extortion attempts uh via overseas contractor to Coinbase. Uh now, what is the takeaway? The takeaway is you don't have to remember all these names. There are patterns that you have to know. One is ransomware, the groups, the exploits, attack on some things that we use day to day, like doing shopping, going to a grocery store, taking a flight, all those things are constantly getting attacked. What that means is IT that is used as an operational expenditure, typically doesn't have the best in-class cybersecurity, but that has to be the default choice. That's the key takeaway from this. Okay, again, in the next category of incident breaches, there have been multiple zero-day uh exploits. A lot of them are there, but worth mentioning are the Microsoft SharePoint tool shell exploits on I1T VPN that was exploited in the wild, and then the iOS Corona exploit kit. Now go ahead and search on these terms, you'll learn a lot. Uh then the next category of breaches were supply chain and third-party attacks. So, Salesforce, a major CRM software company was hit by a third-party act. It impacted a lot of high-profile firms that used Salesforce to store their data. Adidas breach led to an impact on 544,000 individuals via third-party customer service provider. And then Power School student teacher data was stolen and ransom was paid. Now, this that was 2026, most key events, not all of them, but in 2026, emerging threats came. So Hactivated Search was seen. Uh key mouse plus and dyke net drove 70% of attacks in Feb in March 2026. Uh, this is data as of yesterday when I created uh this research. Uh, again, there are active ransomware groups like uh Akira, Quillin, Black Shrantrack, Handala. The pattern here is there will be people who want to make easy money, and ransomware comes naturally to them as the first choice. The key stat that was found in this was uh 60% of breaches involved human element. The source for this is Verizon 2025 data breach report. If you're in cybersecurity, you should read this annual report from Verizon. A lot of lessons on how on what happens in breaches, how they are investigated, how they uh the cyber criminals or threat actors infiltrate the networks. Also, IBM came out with their annual average uh uh cost of breach report. They reported it to around 4.4 million dollars. This is a 9% decrease over last year, as it's driven by a faster identification and containment and improvement in the technology. And also, CrowdStrike came up with their latest threat uh report, and they mentioned that 82% of their detection were malware free, which means threat actors use native software or publicly known software for exploitation and infiltration. So the key takeaway from all this section is attackers aren't breaking in, they are logging, they are using stolen credentials. Okay. CrowdStrike mentioned that 82% of detections were malware free, uh, and 60% of breaches involved stolen credentials or phishing. Uh, why does this happen? Because humans fail in basic cybersecurity hygiene. We don't change our passwords, we don't patch our devices, we give too many permissions, and we expose our credentials. By the way, supply chain and third-party risk is now the number one attack surface that organizations underestimate. How do you track that? You invest in technologies that help you find it. Okay. Now, that was incident in which the second part of this is where is the money going? So let's talk about acquisitions first. So, the in terms of mega deals, which is greater than$5 billion, three big things happened that are redefining the industry. One was Google, a major cloud and AI player, and of course, in YouTube and uh so many technologies are uh owned by Google now. So, Google invested into Wiz, they bought it you know for$32 billion. It was the largest cybersecurity acquisition ever. It adds cloud security capabilities into Google's stack. Google already has security operations capabilities. Uh, this adds to that arsenal. Then Palo Alto acquired CyberArc in$25 billion to get into the identity security platform play. So Palo Alto has three major platforms: one for network security, third for uh sorry, second for uh cloud and security operations, and third would be identity security now. Uh similarly, ServiceNow acquired a company called Armis, which is into OT security, and uh this came as a surprise uh because service now is known for their IT service management platform, them getting into Armist. Uh I think they also realize the value of cyber security. They've done more acquisition, I'm gonna talk about it, but this was a pleasant surprise to me. Now, other large large deals in the range of a billion dollar to five billion dollars was Palo Alto acquiring Chronosphere, which is an observable type of security uh uh unification play. Uh, it was done for around$3.3 billion. Francesco partners uh invested into Jamf for around$2 billion. Essentially, it's an Apple device management uh platform that's taken private service now. Also acquired Visa, which is a company into identity authorization and access governance. And Mitsubishi acquired Nozomi Networks, which is an OT security uh play. It's the largest OT security acquisition ever, right? So if you notice, large companies are building new capabilities in cyber security. Okay. Now, if you look at the second part, which is mid-market deals, which is less than a billion dollars, so FOS acquired SecureWorks, Palo Alto acquired Protect AI, which is an AI security company, Zscaler acquired Red Canary, which is an MDR. Uh and then VM a data data management company acquired Security, which is into data security and privacy. Right? So these are impacting how traditional software companies, how existing cybersecurities are making new play. Okay. Now the trend that is coming is that uh what I found is that there are around 400 plus deals done, and 84 billion dollars was the value that was disclosed. Uh, 40% of deals were cross-border, which means the companies went and acquired a company in uh in a different region. Israel, by the way, is top source of targets for cybersecurity acquisition. It's hats off to those guys, and then the hottest category AI, OT, and identity. Now, this is a pattern. This signal there is a new domain appearing, new product categories will emerge. This has been uh repeating uh every time large companies acquire something, uh, there are new categories, new product strategies that come out. Okay, so uh for me the biggest uh player uh that made the move was Palo Alto because they did CyberAck plus Chronosphere plus Protect AI in uh all three in the last one year, and the idea is to get into new spaces and build new capabilities. I'm sure we will see more announcements coming from them in their in their uh conferences and and uh their in uh filings. Okay, now what is also happening is because of this, uh you can expect fewer vendors as a security buyer, you can expect large platforms and tighter lock-in, just like cloud, right? There are four or five large cloud players only, same same thing is appearing in the cybersecurity space leading to platform consolidation. Now, also look at new startups, which is where is innovation happening? The first space is agent TKI security, it's a new category. So, multiple companies uh that are coming. Uh, a company called Zenity was announced as in the Kartner Cool vendor report, uh, it governs uh AI agent behavior, uh, then Q2 CoTool, which is an AI co-pilot plus no code agent builder, it performs 70% faster investigation, um, harmony intelligence, uh, multi-factor. Okay, a look up uh on these companies, read what they're trying to do. Okay, then also breakout growth companies, these are companies that are going after a large ARR from when they started. So, Chain Guard, which is into supply chain security, currently standing at around$3.5 billion and targeting around$100 million in a year. Seminole Vanta, an automated compliance company, around$4 billion valuation. Noma Security have uh$100 million series B, they're an AI-driven platform, and then there are accelerator programs running. So there is a program by CrowdStrike AWS Nvidia where 35 startups were selected in the 2026 cohort. Final pitch is going to happen in a few weeks from now at RSO conference, and the focus has been cloud first, identity first, and anti-AI adversary. Okay, what is the takeaway? A new product category is born. It's called agentic AI security. Some people call it uh AI security only. Somebody will some people will call it security for AI infrastructure, all those things, right? So, how AI infrastructure will be secured by these products is one category again. How existing security products will use AI to get better to prevent or secure against the uh latest attacks built uh on AI is an interesting thing. Okay, now this is the next generation uh of security frontiers, and any companies that are gonna solve this problem will define the category for the next decade. Okay, now let's look at uh funding and capital. Uh, largest rounds were rate by SIER around 940 million dollars, a company into AIDS, data security money was raised by Savion, a company into identity for humans and agents, chain guards, supply chain, uh, security, Vanta for automated compliance, Aura for consumer AI protection, Tines for security automation, NOMA for AIDS. It's an AI-driven platform, right? And new IPOs came from SalePond and Netscope. NetNet. Where is the money flowing from the venture capital side is AI governance and security, identity-centric solutions, data protection, JRC with native AI, and then cloud security also because the revenue multiples are much higher there, right? The reason you have to understand all this data is the VC money typically shows or takes two to three years. Okay. Now, sometimes what happens is even if a new category comes and the and the player is new, uh, a large company will acquire it because of the uniqueness of the technology. Case in point, Koei Security out of Israel that got acquired by Paulo Alto a few weeks back, they are into a new category of product called uh agentic endpoint. Okay, go ahead and look it up. Okay, so if the technology is unique, I'm sure a bigger player will definitely go ahead and acquire, and this leads to the creation of uh new use cases, new technology, right? Now, why you have to learn all this so that you identify the uh new technologies, learn those technologies and enhance your skill, and it helps you with your career. Okay. Also, next section is all about the uh vendor threat reports that were interesting. So, CrowdStrike's 2026 global threat report came. Uh, one stat that surprised me was the fastest breakout time of 27 seconds. I was blown away reading this data. It used to be days and weeks when I started reading all these reports, and now it's in seconds, which is what we all predicted thanks to AI. Then uh they mentioned 89% increase in AI enabled attacks, they mentioned 82 uh uh malware free detection also cross-domain uh tradecraft, which is identity plus cloud plus edge. This is the skill cyber threat actors have. Why don't you have that skill? We why don't I have that skill? So that's a thing to learn, right? Similarly, checkpoint came up with their cybersecurity report for 2026. They also mentioned the same thing AI is embedded across full attack lifecycle. AI is also itself now a direct enterprise resource, so it's obvious. Why it's obvious? Uh because of the way AI works, it can't differentiate between good data, bad data, good intent uh versus bad intent of in using the AI tool itself. Okay, then Dark Trace's annual threat report for 2026 came. It mentioned 8.2 million phishing email targeted VIPs, which is 25% of all phishing that they dragged. Cloud compromise became the number one entry point, and uh shift from exploit to AI enabled credential abuse has started. Similarly, Fortinet uh came up with a 2025 global threat landscape where they mentioned 36,000 Malaysian scans per second as a data. Uh I'm not surprised. The scale of cloud and AI gives that capability. Uh again, what they mentioned is that automation plus AI plus 2000 credit credits leads to faster scalable attacks. Of course, of course, right? So AI is in enabling all that. Then ENISA, the European body, came up with their threat landscape report for 2025. They analyzed around 4800 incidents between July 2024 to June 2025, and their focus was EU digital infrastructure targeting. I recommend all of you to go through this report.

unknown

Okay.

Must-Read Threat Reports

Identity As The New Perimeter

SPEAKER_00

Also, the World Economic Forum's Global Cybersecurity Outlook report for 2026 came. They mentioned transfer is their number one concern both in 2025 and 2026, and 78% of enterprise planned to increase cyber spending irrespective of the geoeconomic situation. Also, these geopolitically motivated cyber attacks are also a consideration for most organizations when they're making these decisions because these attacks can disrupt their critical national infrastructure, lead to espionage, etc. So organizations are considering that. Now, the themes that are common across this report is one identity is the new parameter. Cyber came up with uh data that it there is an 82 to 1 machine-to-human identity ratio. What that means is that for every human employee, there will be now 82 non-human identities, including bot service accounts, and AI agents operating within the enterprise. Okay, this is a massive, large, unsecure, undersecure attack surface where 87% organizations experience at least two identity-centric beaches in past one year. Okay, amazing start. This also tells me that identity of or identity security for agent is gonna blow up. That's why if you notice Palo Alto acquired CyberArc, that's why you notice CrowdStrike acquired a company called Signal. That's why you saw Service Now acquired a company, uh Vesa for the same thing, right? So identity is a big thing. And if you look at the the VC data, if you look at the MA data, it's the same pattern repeating all over again. So what what I'm I'm gonna do, I'm gonna learn more about identity security and learn more about agent identity security. To learn about that, I have to understand how agents work, how they operate, how they are how to orchestrate them, right? So all these things are related. Going back through the same thing, the big tradecraft now will be identity plus cloud plus edge. Okay. Now, what also came uh as a theme is that uh AI is a dual-edge sword, uh, one uh in six breaches involved AI methods, risky AI prompts have increased by 97% in 295. Uh 40% of the analyzed MCP servers are vulnerable. And uh elevated trust and autonomy amplify the impact of prompt ingestion and workflow abuse, right? Is it's obvious as you can imagine. If you if you elevate the capabilities of AI, they uh that can be exploited. Also, Ransomware has been evolving. So instead of just spending money on encryption, they are going towards pure play data exfiltration, data espionage because it's less noisy. Uh, a lot of companies have invested into data backup, data resiliency tool, and now there's an increased usage of data leaking sites. Uh, 2025 alone saw pure play extortion, data theft only incidents, and that's a pattern that uh is easy for attackers to execute and much faster to get money. Okay, this this sub again the supply chain attacks uh is the most prevalent category of which is average cost is 4.9 million dollars. Uh speed is increasing, as I mentioned, right? So uh that's uh the uh update on uh uh from multiple vendor third reports. Now, the key thing from this section is that every menu report is telling the same thing, right? Identity as I've said before. I've told you what I'm gonna study. I'm gonna I also told you how the average breakout time has reduced as per multiple reports, including CrowdStrike, etc. Okay. This requires next set of skills. This requires AI in our job functions, AI in our the tools that we use. So I'm sure all your companies, wherever you work, even if you're a student, learn as much as you can. Whatever you have uh access of, go ahead and learn how to build agents, how to secure applications. The new job or new skill is securing the build platforms that are built by agents, not by humans, right? Of course, there is a time where we will transition, so in that period, we'll have to do both, but eventually, time of agent or builder platforms will be there or is already coming, so it's arriving much at a much faster pace. So we have to similarly learn more and build skills around securing them. With that, thank you so much. I'll see you next time. If you like the content, go ahead, share, like, subscribe, um, drop an email uh and or or a message on LinkedIn. Thank you so much.