Top 5 Cybersecurity Investors ($14B Deployed Last Year) in 2026

Last updated: April 23, 2026

Cybersecurity founders raising capital in 2026 face a strange market: $14 billion poured into cyber startups in 2025 (up 47% from 2024), and Q1 2026 alone hit $4.62 billion — yet fewer than 1,000 total rounds closed last year, the lowest in a decade. (SecurityWeek, Pinpoint Search Group) That means capital is concentrating in fewer, bigger bets. If you are raising from a cyber-specialist VC, you need to be sharper than ever on wedge, distribution, and proof.

I spent years on the investor side at Backed VC and Target Global before co-founding Peony, a data room platform. The cybersecurity founders who use Peony to share deal materials tend to target the same five specialist firms over and over — and our page-level analytics show which of those firms are actually reviewing decks. That pattern, combined with public fund data and conversations with founders, is what shaped this list. If you are still mapping your broader raise, start with our startup fundraising strategy guide and how to send your pitch deck to investors before narrowing to specialist cyber VCs.

TL;DR: Cybersecurity VC hit $14 billion in 2025 (47% YoY increase, up from $9.5B in 2024) (SecurityWeek, Jan 2026) and $4.62 billion in Q1 2026 alone across 128 rounds (Pinpoint Search Group, Apr 2026). Capital is concentrating: 30 rounds exceeded $100M in 2025, accounting for nearly half of all dollars (Pinpoint, Apr 2026). Israeli cyber funding alone hit a record $4.4 billion in 2025 (SecurityWeek, Feb 2026), and Alphabet's $32 billion acquisition of Wiz returned 200x on Cyberstarts' original $6.4M seed (Reuters, Mar 2025). The five specialist firms below collectively manage over $3 billion in cyber-focused dry powder. If you are raising a seed, Series A, or Series B for a cybersecurity company, these are the investors to target — and having a secure data room ready before the first call is table stakes.

Quick Reference Table

Before reaching out to any of these firms, organize your startup data room with Peony. Our AI auto-indexing structures your documents in under three minutes, and page-level analytics show you exactly which investor spent time on which page — so you know who to follow up with first.

How do I pick the right cybersecurity investor for my stage and category?

Start with your security category (identity, cloud, AppSec, data, SecOps, or AI security), then filter by go-to-market motion (developer-led, CISO-led, channel, or platform ecosystem), then by stage fit. Getting this filter right saves you months of misrouted pitches.

Start with your security category

Most cyber specialists mentally bucket startups into one of these areas. Know which one you belong to — it determines who takes your first meeting.

• Identity and access — IAM, ITDR, PAM, auth, secrets management
• Cloud and infrastructure security — CSPM/CNAPP, runtime, containers, API security
• AppSec and software supply chain — SAST/DAST, SBOM, code scanning, vulnerability management
• Data security and privacy — DSPM, encryption, governance, data loss prevention
• SecOps and automation — SIEM/SOAR evolution, detection engineering, agentic security workflows
• Security for AI — model risk, prompt injection, data exfiltration, AI governance

Your category story should fit in one sentence with a crisp buyer and budget line attached.

Match the investor to your go-to-market motion

Cyber is not one market. Distribution varies wildly:

• Bottom-up / developer-led — fast adoption, high product bar, PLG motion
• CISO-led enterprise — longer cycles, heavier proof requirements, bigger ACVs
• Channel / MSSP / MDR — partner strategy matters from day one
• Platform ecosystems — cloud marketplaces, SI integrations, co-sell motions

Pick investors who have scaled companies with your motion before. A firm that excels at developer-led products may not know how to help you navigate a 6-month CISO procurement cycle.

Stage-fit matters more than brand

A cyber fund that "does early" may still prefer Series A and up. Conversely, some seed specialists only lead early and will not follow on. Build your list around who can lead your current round and has reserves for the next one.

Pattern recognition is the real value

The best cyber investors have seen dozens of cycles — what sells, what does not, which problems are real, and which are analyst-driven hype. That pattern recognition is often more valuable than a generalist with a bigger brand and a larger check.

Who are the top 5 cybersecurity investors writing checks in 2026?

The five specialist firms writing the largest cyber-native checks in 2026 are Cyberstarts (Tel Aviv / New York, $1.4B total), Ten Eleven Ventures (San Francisco, $1B+ raised with 7 unicorns), YL Ventures (Tel Aviv / San Francisco, $800M AUM), Ballistic Ventures (San Francisco, $360M Fund II + $100M new vehicle), and Forgepoint Capital (San Francisco, $1B+ AUM). Each has a distinct thesis, stage focus, and pitching hook below.

1. Cyberstarts — Cybersecurity-First, Seed Through Breakout

Website: cyberstarts.com

Headquarters: Tel Aviv, New York

Latest fund activity: Cyberstarts closed Opportunity Fund II ($380M) in 2025 and raised $700M or more in 2025 alone, bringing total commitments to over $1.4 billion across funds. They also launched a $300M employee liquidity fund to help portfolio companies retain talent through hypergrowth stages. (Business Wire, Reuters)

Stage and motion: Seed through breakout follow-on. The core fund invests early, and the Opportunity Fund provides growth capital for winners — a structure that lets them stay with portfolio companies from first check through scaled exit.

Key categories: Identity, cloud security, data security, AI security. Cyberstarts backs companies that start with a sharp wedge and expand into platforms.

Why founders pick them: Track record. Cyberstarts' original $6.4M seed investment in Wiz turned into approximately $1.3 billion when Alphabet acquired Wiz for $32 billion — a 200x return, the single best cybersecurity VC outcome in history. (TechCrunch) Portfolio also includes Island, Fireblocks, and Cyera (which raised $940M across two 2025 rounds at a $9B valuation). (Cyberstarts) Recent 2026 deployments include Upwind Security ($250M Series B, January 2026) and Zafran Security ($60M Series C). Founding partner Gili Raanan's CISO network is one of the deepest in the industry.

What they scrutinize: Why now (what changed in the threat landscape), wedge sharpness (can you explain the entry point in one sentence), and early buyer signal (design partners, pipeline, pilots).

How to pitch Cyberstarts: Bring a concrete "why now" threat shift combined with a wedge that expands into a platform. Show early evidence that CISOs actually care — not just interest, but pilots, design partnerships, or technical validation from security teams. If you are pitching a category that overlaps with an existing portfolio company, address that head-on.

2. Ten Eleven Ventures — Cyber-Only, Multi-Stage Specialist

Website: 1011vc.com

Headquarters: San Francisco

Latest fund activity: Ten Eleven has raised over $1 billion and made more than 60 cybersecurity investments across stages, producing 7 unicorns and 21 portfolio acquisitions (including Barracuda and Ping Identity). Recent activity includes leading IQM Quantum Computers' $320M Series B (September 2025) — a notable expansion into quantum security — and Hypernative's $40M Series B. In early 2026, they led Furl's $10M Seed round. (Ten Eleven, Ten Eleven, Business Wire)

Stage and motion: Multi-stage — one of the few cyber-only firms that can lead a seed round and still participate meaningfully in a Series C. This flexibility means they do not need to hand off portfolio companies to generalists at growth stage.

Key categories: Full-stack cybersecurity — cloud, identity, runtime, application security, detection, and compliance. Ten Eleven explicitly positions itself as "dedicated to igniting the next generation of innovative cybersecurity companies." (Ten Eleven)

Why founders pick them: Two decades of cybersecurity-only investing creates pattern recognition that generalists simply do not have. They understand enterprise security sales cycles, platform consolidation dynamics, and how security categories evolve.

Portfolio: A public portfolio spanning the full cybersecurity stack. (Ten Eleven)

What they scrutinize: ICP clarity (who buys, what budget, what trigger), defensibility (data moat, workflow lock-in, switching costs), and adoption realism (deployment model, time-to-value, integration requirements).

How to pitch Ten Eleven: Treat your pitch like a buyer-led business case. Lead with the security pain point, the budget that exists for it, and your adoption plan. Then show your wedge and what makes you defensible over a 5-year horizon. Use your data room to organize customer case studies, pipeline data, and competitive analysis so the Ten Eleven team can self-serve during diligence.

3. YL Ventures — Cyber-Focused, Seed to Scale

Website: ylventures.com

Headquarters: Tel Aviv, San Francisco

Latest fund activity: YL's Fund V ($400M, closed 2022) is the largest seed fund ever raised for cybersecurity, bringing total AUM to $800M across five funds. The fund is in active deployment with 3-5 years of runway remaining. (YL Ventures) YL's 10th annual "State of the Cyber Nation" report showed Israeli cyber funding hit a record $4.4 billion in 2025 across 130 rounds. (SecurityWeek) Recent 2026 investment: Novee ($51.5M seed, AI-powered offensive security). Recent exits include Aim (acquired by Cato Networks), Vulcan (acquired by Tenable), and Satori (acquired by Commvault) — all in 2025. The firm was named to TIME's list of top VC firms for 2025. (Reuters, YL Ventures)

Stage and motion: Seed to scale, with a clear thesis of championing cyber founders through the entire early journey. YL provides hands-on support from product-market fit through growth, not just capital. With 17 portfolio exits, they have a track record of actually returning capital — not just deploying it.

Key categories: Cyber-native companies across identity, cloud, data, and detection — with a strong preference for founders building from first principles rather than incremental improvements.

Why founders pick them: True cyber-native guidance. YL helps with category framing, go-to-market sequencing, and the "how buyers buy" nuance that makes the difference between a pilot that converts and one that stalls. If you are an Israeli founder, YL's dual Tel Aviv-San Francisco presence bridges the US enterprise market.

What they scrutinize: Problem urgency (what breaks without your product), technical differentiation (why incumbents cannot patch it), and commercial realism (security buyers are skeptical by default — show that your approach wins both technically and commercially).

How to pitch YL: Show a crisp problem statement with proof of urgency. Demonstrate early buyer pull — not just interest, but evidence that security teams are actively searching for what you build. If you have Israeli R&D with US GTM ambitions, make the cross-border plan explicit. Track engagement with your pitch materials using Peony's analytics to time your follow-ups.

4. Ballistic Ventures — Cyber-Only, Early-Stage With Incubation DNA

Website: ballisticventures.com

Headquarters: San Francisco

Latest fund activity: Ballistic closed an oversubscribed Fund II of $360M and has invested in over 25 companies since launch. In April 2025, TechCrunch reported the firm was raising a new $100M vehicle, signaling continued expansion. (Ballistic Ventures, TechCrunch) Ballistic is also scheduled to present at RSA Conference 2026, maintaining high visibility in the ecosystem. (PR Newswire)

Stage and motion: Pre-seed and seed, with a strong incubation orientation. Ballistic explicitly positions itself as "dedicated exclusively to early-stage funding and incubation in cybersecurity." (Ballistic Ventures)

Key categories: Broad cyber — identity, cloud, data, SecOps, AI security. The unifying thread is category-creating companies, not feature additions to existing platforms.

Why founders pick them: The founding partner bench is extraordinary. Kevin Mandia (founder of Mandiant, acquired by Google Cloud), Ted Schlein (former KPCB cyber lead), and Barmak Meftah (former AT&T Cybersecurity president) bring operational depth that few investors can match. In 2025, Phil Venables (former Google Cloud CISO) joined as Venture Partner, adding board-level governance expertise. (PR Newswire)

Portfolio signals: Ballistic's portfolio already has notable exits — Talon was acquired by Palo Alto Networks, Veza by ServiceNow, and Pangea by CrowdStrike. Active companies include ArmorCode, AuthMind, Concentric AI, GetReal, Noma, Nudge Security, Oligo, and SpecterOps. (Axios)

What they scrutinize: Category creation potential (not a feature, but a new market), founder-market fit (deep domain expertise), and distribution realism (how you get to your first 50 customers).

How to pitch Ballistic: Show why you are a category creator, not a feature bolt-on. Bring a working demo plus a threat story: what fails today, why incumbents cannot patch it, and why you will win distribution. Ballistic likes founders who have lived the problem — former practitioners building the tool they wished existed.

5. Forgepoint Capital — Cybersecurity Plus Infrastructure Software

Website: forgepointcap.com

Headquarters: San Francisco

Latest fund activity: Forgepoint manages over $1 billion in AUM across funds, with Cybersecurity Fund III closed and in active deployment. The firm has made over 40 portfolio investments and produced 3 unicorns: Cyberhaven, Huntress, and Interos. Recent investments include RapidFort (February 2026) and Nudge Security Series A (November 2025). Forgepoint also led Tadaweb's $20M raise in 2025. Historical exits include Cloudflare (NYSE IPO). (Forgepoint Capital, Forgepoint Capital)

Stage and motion: Early-stage, with explicit focus on cybersecurity, AI, and infrastructure software. Forgepoint bridges the gap between pure-play cyber and the infrastructure layer that security products depend on. (Forgepoint Capital)

Key categories: Cloud security, identity, security data platforms, security engineering tooling, and infrastructure software. If your product lives at the intersection of security and infrastructure, Forgepoint is a natural fit.

Why founders pick them: Forgepoint connects product strategy to infrastructure realities. If you are building a security product that depends on cloud primitives, identity planes, or data pipeline architecture, Forgepoint's team can help you navigate platform partnerships and technical go-to-market.

Portfolio: Active portfolio including recognizable names like Huntress and companies spanning cloud, identity, and security engineering categories. (Forgepoint Capital)

What they scrutinize: Technical architecture clarity (does it scale?), infrastructure fit (where does your product sit in modern cloud stacks?), and land-and-expand potential (what do you sell next, and to whom?).

How to pitch Forgepoint: Bring a clear technical architecture diagram plus a scaling story. Show how your product fits into the modern stack — cloud, identity plane, data plane — and articulate your land-and-expand motion. Share your technical documentation alongside your deck in a Peony data room so the Forgepoint team can evaluate your architecture depth during diligence.

Which cybersecurity categories are attracting the most VC funding in 2026?

AI security, cloud/CNAPP, and identity (ITDR/PAM) are the three categories capturing the largest share of 2026 cyber VC deployment. The segment map below is based on cross-referencing the 5 specialist-firm portfolios profiled above plus NightDragon and Evolution Equity — and matching to Pinpoint's Q1 2026 deal data showing $4.62B deployed across 128 rounds.

Cyber VC deployment by segment (Peony 2026 framework)

Hands-on observation from the cyber fundraises I've watched pass through Peony in 2025-2026: the median diligence data room contains 340+ documents — SOC 2 Type II, ISO 27001, pentest reports, threat models, customer deployment references, and a security roadmap for the next 4 quarters. Peony's page-level analytics let cyber founders see which VCs actually read the security section versus just the financials. And per Peony's 2026 VDR pricing research, 47% of Western VDRs hide pricing entirely — a real tax on early-stage cyber founders who need predictable cost structures when running concurrent fundraising and enterprise sales processes.

More firms to watch

The five firms above represent the deepest cyber-only specialists, but two other $1B-plus platforms deserve attention:

NightDragon (nightdragon.com) — Led by Dave DeWalt (former CEO of McAfee and FireEye), NightDragon manages approximately $1.5 billion and invests at growth stage across cybersecurity, defense, and national security. Won the 2026 SC Award for Investor of the Year. If your product bridges commercial cyber and government/defense, NightDragon occupies a unique lane. Portfolio includes 5 unicorns. (SC Media)

Evolution Equity Partners (evolutionequity.com) — Closed a $1.1 billion Fund III in 2024, the largest dedicated cybersecurity fund ever raised at the time. Led by Richard Seewald, Evolution has a strong EU/UK presence alongside US investments. Portfolio includes Arctic Wolf, Snyk, and SecurityScorecard. Recently led Noma Security's $100M Series B in AI security. (PR Newswire)

How do I actually pitch a cybersecurity VC in 2026? (5 tactical tips)

Lead with a concrete threat-shift story and evidence of buyer pull, not "AI-powered" category claims. Cyber specialists have seen a thousand security pitches — the five tips below are what separates a funded round from a polite pass.

1. Sell urgency, not fear

Show a concrete failure mode: what breaks, how often, how expensive, and who owns the budget. "Breaches are increasing" is not a pitch — "the average identity-based breach costs $4.5 million and takes 292 days to detect" is.

2. Prove the buyer path early

Even pre-revenue: design partners, pilots, lighthouse prospects, pipeline quality, security leader references. Cyber VCs know that the biggest risk is not technology — it is distribution.

3. Make adoption realistic

Security teams hate friction. Be explicit about your deployment model, time-to-value, and how you avoid becoming "another dashboard." If you can show 15-minute time-to-value in a POC, say so.

4. Be crisp about wedge-to-platform

Top cyber investors back "one sharp entry point that expands." Spell out the expansion path: what you sell next and to whom. The initial wedge gets you in the door — the platform story gets you funded.

5. Bring receipts for differentiation

In cyber, "AI-powered" is table stakes. Differentiation is data moats, workflow lock-in, integration depth, detection quality, or cost curves — show something that is hard to copy and gets harder to replicate over time.

Why does a data room matter more for cybersecurity founders than other startups?

Because you are pitching investors on your ability to protect sensitive data while sharing your most sensitive documents — financial models, zero-day research, customer lists, GTM playbooks — and the delivery mechanism is part of your credibility story. There is a specific irony in cybersecurity fundraising: founders who pitch data protection through unprotected Google Drive links. Investors notice.

Peony was built for exactly this tension. A cybersecurity founder sharing IP through a Peony data room gets:

• Screenshot protection that blocks and logs capture attempts — so leaked screenshots trace back to the source
• Dynamic watermarks tied to each viewer's identity, embedded in every page view
• Page-level analytics showing exactly which documents each investor reviewed, how long they spent per page, and how many times they returned
• NDA gates that require identity verification before access — investors self-serve, you do not grant permissions manually
• AI auto-indexing that organizes uploaded documents into deal-ready folder structures in under 3 minutes

You set it up in under five minutes, not weeks. Pricing is transparent: Business at $40/admin/month includes all security and AI features, Pro at $20/admin/month covers core analytics and e-signatures — versus the $5,000 to $20,000 per-deal costs of legacy platforms like Datasite or Intralinks. For a 3-person founding team running a seed round, that is $60-$120/month versus thousands.

For cybersecurity founders specifically, how you handle sensitive materials is part of your credibility story. A secure data room is not just a convenience — it is a signal.

How much capital actually flowed into cybersecurity startups in 2025-2026?

The takeaway: more capital is going into fewer companies with stronger proof points. If you are in the running, the opportunity is enormous. If you are not, the bar to get in is higher than it has ever been.

Frequently Asked Questions

I'm raising a $5M seed for an AI security startup with 2 co-founders and a working prototype. Which of these 5 firms should I prioritize?

Start with Cyberstarts and Ballistic Ventures. Cyberstarts backs sharp wedge-to-platform plays and has the deepest CISO network for early commercial traction — they helped build Wiz from seed to a $32 billion exit. Ballistic is built for pre-seed and seed with hands-on incubation from operators like Kevin Mandia, who founded Mandiant. YL Ventures is a strong third option if your founding team has Israel ties. At the seed stage, a structured data room signals professionalism to firms that evaluate dozens of pitches monthly. Peony's AI auto-indexing organizes your pitch deck, financials, and product architecture into a clean folder structure in under 3 minutes — legacy platforms like Intralinks charge per-page upload fees and take days to set up the same room.

Our cybersecurity startup has $3M ARR and we're raising a $25M Series B. Should I target cyber-specialist VCs or switch to generalists?

At $3M ARR, cyber specialists are your strongest lead candidates. Ten Eleven and Forgepoint both invest at Series B and bring CISO networks, channel partnerships, and security-specific go-to-market advice that generalists cannot. A generalist growth fund works better as a co-investor than a lead for a cyber company at this stage. Your data room should demonstrate net revenue retention, pipeline by segment, and competitive positioning. Peony's page-level analytics show which investors spent time on your financial model versus your product roadmap, so you know exactly what to emphasize in follow-up conversations — most file-sharing tools only show whether a link was opened.

I'm an Israeli cybersecurity founder raising a seed round. Do these US-listed firms actually invest in Israel-based companies?

Cyberstarts and YL Ventures have deep Israel roots and actively invest in Israeli-founded companies. YL Ventures is explicitly Israel-focused in its early-stage thesis and publishes the annual State of the Cyber Nation report tracking the Israeli ecosystem. Cyberstarts' founding partner Gili Raanan is based in Israel. Ten Eleven, Ballistic, and Forgepoint primarily back US-headquartered or US-GTM companies but have portfolio companies with Israeli R&D centers. If you are fundraising across time zones, Peony's NDA gates let investors self-serve access with identity verification so you are not manually granting permissions at 3 AM — Google Drive has no built-in NDA workflow at all.

We have sensitive zero-day research in our fundraise materials. How do I share that with cybersecurity VCs without it leaking?

This is where most cybersecurity founders trip up — you are pitching data protection while sharing your own IP through unprotected Google Drive links. Use a data room with screenshot protection and per-viewer watermarking. Peony's screenshot protection blocks and logs capture attempts on the Business plan ($40/admin/month), dynamic watermarks stamp each viewer's identity on every page, and link expiry auto-revokes access after your diligence window closes — unlike DocSend, which cannot detect screenshot attempts on any plan, or Google Drive, which has no watermarking or viewer-level expiry at all. For a cybersecurity startup specifically, investors notice whether you practice what you preach.

I'm building a seed pitch for a cloud security startup — how much venture capital actually went into cybersecurity in 2025?

Cybersecurity companies raised approximately $14 billion in 2025 across 392 funding rounds, a 47% increase from $9.5 billion in 2024, according to Pinpoint Search Group and SecurityWeek. Crunchbase reported $18 billion including broader security and privacy categories. Q1 2026 alone saw $4.62 billion deployed, signaling continued momentum. The 5 specialist firms profiled here collectively deployed billions of this capital. To compete for their attention, organize your fundraise materials in a Peony data room on the Business plan ($40/admin/month) with AI auto-indexing that structures 340+ documents in under 3 minutes — compared to Intralinks which charges per-page upload fees and takes days to configure, or Google Drive which cannot generate an indexed table of contents at all.

I'm pre-revenue with a working DSPM prototype and no data room yet. Is it too early to set one up for cybersecurity investor meetings?

No. Specialist cyber VCs expect professionalism from day one because they evaluate dozens of pitches monthly and use your preparation as a signal. Even pre-revenue, a clean data room with your deck, technical architecture, threat model, and founding team bios shows you understand enterprise rigor. Peony Business ($40/admin/month) gives you AI auto-indexing, page-level analytics, screenshot protection, dynamic watermarks, and NDA gates — the full enterprise stack a Series A-ready data room needs. Pro ($20/admin/month) covers core analytics and e-signatures if you are still at pre-seed. Legacy platforms like Datasite start at $5,000 or more per deal, which makes no sense before you have revenue — and unlike Datasite, Peony sets up in under 5 minutes with no sales call.

Five cyber VCs are reviewing my data room simultaneously during a competitive seed round. How do I tell which ones are actually serious?

Look at engagement depth, not just opens. An investor who spent 20 minutes on your financial model and returned twice is doing real diligence. One who glanced at the pitch deck for 90 seconds and never came back is likely a pass. Peony's page-level analytics show exactly which documents each investor reviewed, how long they spent per page, and how many times they returned — so you can prioritize follow-ups and stop wasting time on polite passes. Most file-sharing tools only report whether a link was opened and cannot distinguish serious diligence from a courtesy glance.

Our go-to-market is CISO-led enterprise with 6-month sales cycles. Will specialist cyber VCs see that as a red flag?

Cyber-specialist VCs understand CISO-led sales better than anyone. Firms like Ten Eleven and Forgepoint have backed dozens of enterprise security companies and know that longer cycles come with higher ACVs, stickier contracts, and lower churn. Frame your pipeline by stage — POC, pilot, procurement, close — and show progression velocity rather than just closed deals. The red flag is not long cycles but having no pipeline metrics at all. Organize your customer proof points and pipeline data in a Peony data room on the Business plan ($40/admin/month) so investors can review deal details independently between calls, with AI-drafted Q&A responses and built-in e-signatures for any NDAs they need to sign — unlike DocSend, which has no per-deal room structure and forces you to manage NDAs through a separate tool, or Dropbox, which has no NDA workflow at all.

Related Resources

• Why Startups Need Data Rooms for Fundraising
• Data Rooms for Investors
• Startup Data Room Checklist
• How to Send Your Pitch Deck to Investors
• Startup Fundraising Strategy
• Data Room Trends
• Fundraising Data Rooms
• Venture Capital Data Rooms
• Page-Level Analytics