The cybersecurity sector is suited to innovation and rapid adaptation driven by the evolving threat landscape and emerging technologies.
Such traits are synonymous with startup companies, often at the forefront of novel tools and technologies.
In an era where advanced technologies such as AI and quantum are set to transform cyber threat actors’ capabilities, such approaches will be crucial for securing organizations against new and future threats.
However, the cybersecurity marketplace has become more challenging for new players to break into. This is partly due to global economic instability, resulting in declining investment opportunities.
Another factor is the trend towards “platformization,” where established cybersecurity firms are developing broader product offerings, often via acquisitions, to reduce the need for multiple vendors and tools.
Despite the temptation to take the safe option of using a small number of well-known vendors to make up an organization’s security architecture, CISOs should still strongly consider what startups have to offer.
This could be crucial for filling gaps in their security stack and getting ahead of new threats before it’s too late.
The Cybersecurity Startup Environment
Challenging Economic Environment and Marketplace
As a relatively young industry, cybersecurity is home to a large number of companies. However, as the market becomes increasingly crowded, the opportunities for new companies to compete and prosper are declining.
There are currently over 4000 cybersecurity companies across the globe.
Paul McKay, VP, principal analyst at Forrester, told Infosecurity that startups are struggling to gain wide scale adoption of their products and ideas. This is largely due to business and economic factors rather than the products themselves.
“The value problem and ability to articulate the business challenge it solves is a struggle for many startups and it is impacting the ability for many firms to be credible with customers and achieve commercial success and have a path to profitability,” McKay noted.
Startup funding is another significant challenge. McKay said that while many startups are achieving seed or series A funding, higher interest rates has resulted in reduced exit opportunities through initial public offering (IPO).
Saj Huq, chief commercial officer at Plexal, a company that fosters the growth of startups, said he has observed startups experiencing similar challenges in translating innovation into customer adoption.
“Early-stage companies often struggle to gain traction, especially in a market where trust, brand recognition and product maturity are critical,” he told Infosecurity.
The Shift to Platformization
Complex technology stacks, involving multiple tools and vendors, has become a significant concern in cybersecurity.
Research by Palo Alto Networks found that 64% of UK organizations cited technology complexity and a lack of interoperability as the most significant challenge in building a sophisticated security posture.
Several large vendors have sought to expand their offerings to cover a broader range of cybersecurity services, thereby simplifying end users’ technical architecture and ongoing maintenance.
This includes global tech giants like Microsoft and Google. For example, in April 2025, Google unveiled Google Unified Security – a converged AI-powered solution encompassing multiple areas, including cloud security, Google SecOps, secure browsing and threat intelligence.
In this landscape, the temptation to use one or a small number of large vendors to cover security technology needs will be strong for many CISOs. The result being that start-ups are often overlooked as viable options for security technologies.
The Value of Startups in Cybersecurity
Innovative Ideas and Solutions
Startups often generate novel approaches to cybersecurity challenges. They look to tackle emerging and big picture issues to stand out in a crowded market.
Huq noted that a number of cybersecurity startups he has worked with focused on solutions to challenges posed by emerging technologies like generative AI, deepfakes and quantum computing.
Additionally, there is a growing interest in hardware-level security, with the development of solutions that embed security into the architecture itself, in line with secure by design principles.
“Startups offer innovation, speed and a forward-looking perspective that can help organizations stay ahead of both current and future cybersecurity challenges. For security leaders, engaging with startups isn't just about solving today's problems – it's about preparing for the problems of tomorrow,” Huq explained.
Financial services giant BNY has developed its Ascent Program to partner with startups, recognizing that these companies provide fresh thinking and differentiated capabilities to solve current and future challenges, including in cybersecurity.
“These innovative cyber companies help us address issues around AI security, model governance and data protection by challenging assumptions, pressure-testing our defenses, and accelerating the deployment of next-gen AI solutions across our enterprise,” explained Marianna Lopert-Shaye, global head of strategic partnerships and innovation, BNY.
Another benefit to startups is their ability to customize their deployments and iterate quickly based on customer feedback. Their agile structure, with limited management layers and processes, enables these firms to pivot quicker compared to larger counterparts.
Huq noted, “Security leaders have a unique opportunity to go beyond being just a customer – they can become active startup partners in shaping the development and deployment of innovative solutions.”
Diversification in Cybersecurity
While the extensive volume of tooling in security tech stacks has become a pain point for security leaders, relying on a single or small number of vendors brings its own problems.
“Security leaders have a unique opportunity to go beyond being just a customer – they can become active startup partners in shaping the development and deployment of innovative solutions"
Forrester’s McKay noted that many CISOs he works with are skeptical about building in architectural points of failure in a single or small number of key providers.
“There is a lot of talk but also not a lot of doing on this one, and the type of vendor consolidation I see in my discussions is often rather subtle and informed. Vendors’ push to land and expand are not landing as they wish them to,” he noted.
This is a view shared by BNY’s Lopert-Shaye.
“There’s no one-size-fits-all in cybersecurity. Defense-in-depth remains the gold standard – and that means layering capabilities, not relying too heavily on any single tool or vendor,” she commented.
Startups offer a possible middle ground solution. Their adaptability means they are often good at tailoring their solutions according to different customer needs, including reducing tech complexity.
“Startups can complement your existing stack with targeted capabilities that fill gaps, reduce latency or improve detection. And by engaging early, you shape their roadmap while strengthening your own,” Lopert-Shaye said.
Huq noted that startup solutions are usually designed to complement existing infrastructure to make them more attractive to end users.
“This allows organizations to enhance security capabilities without overhauling their entire tech stack,” he added.
How to Discover Startup Cybersecurity Solutions
In a crowded marketplace, it can be difficult for security leaders to sift through the noise and find unfamiliar startup vendors.
Startups will also have less resources and expertise in marketing, making it harder to get their name heard.
As a result, a more proactive approach to discovery is required from the end users.
“One of the key enablers is improving the ability of end users in the public and private sectors to understand, evaluate and adopt emerging technologies. This includes educating security leaders on market trends, innovation ecosystems and the types of solutions startups are developing,” explained Huq.
There are a range of steps that can be taken to gain such an understanding of the startup ecosystem.
One of these is regularly attending curated events, showcases and networking forums that involve startups. An example of this is the Cyber Start Up Zone at the Infosecurity Europe conference – a dedicated space for startups to demonstrate their solutions and engage in conversations with potential customers.
Another is engaging with government-backed initiatives to assist development of startups in cybersecurity, such as the UK’s Cyber Runway program.
“These programs often align with national cybersecurity priorities and can help signal which technologies are strategically important and can deliver organizational value,” Huq added.
Partnering with venture capital firms which specialize in investing in cybersecurity startups is another effective way to understand the market and where the next wave of innovation is coming from, according to Lopert-Shaye.
Additionally, security leaders should aim to develop a culture within their team that welcomes experimentation with startups. This includes creating internal processes that support pilot programs, proof-of-concept trials and agile procurement pathways.
This approach is highlighted by BNY’s Ascent Program.
“As technology evolves, forward-looking security leaders and engineering teams are partnering with teams that interface with the external innovation ecosystem to focus on targeted capability gaps and get exposure to real-time builders in frontier technologies,” said Lopert-Shaye.
How to Work with Startups Effectively
Working with a startup vendor will likely be a different experience for security leaders compared to larger vendors, which are staffed with larger teams with significant experience.
This means security professionals may need to work in a more collaborative way, rather than leaving the vendor to manage issues alone.
Startup products may be less mature or standardized, meaning CISOs should be prepared for a more hands-on integration and be willing to work through early-stage challenges.
This should be viewed as an opportunity rather than a challenge, according to Huq.
“Unlike traditional vendor relationships, security leaders should approach these engagements as collaborative partnerships, offering feedback and insights that help tailor the product to real-world needs,” he commented.
Conclusion
Recent cybersecurity market trends, including global economic instability and a move towards simplified technology stacks, have created significant challenges for startups to compete in the industry.
Yet in a time of rapidly evolving technology and attacker techniques, the innovative ideas and fresh thinking that are synonymous with startups will be critical to staying ahead of new threats.
In this landscape, CISOs should proactively engage with the startup community, discovering the new solutions and trends that will help future-proof their organization against emerging threats.
Partnering effectively with these firms can help serve to ensure such solutions meet organizational needs, including complement existing technology stacks.