Checking in on the 2025 Cyber 150
Six months into the year
Last year we created the concept of the Cyber 150 to hammer home the point that data is useful for identifying high flyers. We asked the question: what are the top 150 cybersecurity companies that are interesting to track? We picked a lower limit on head count of 50 because that is when startups begin to get traction with the enterprise. An upper limit of 500 catches the unicorns before they enter the next phase on the road to IPO. It takes only seconds to generate the list of candidates and a few hours to vet them all. We published the list in September of last year. At the beginning of January we looked at the numbers for the full year and published the Cyber 150 in Security Yearbook 2025.
Note that you will not find any of the Cyber 150 in a Gartner Magic Quadrant, highlighting once again that focusing on the big players misses all the interesting players.
Let’s check in on the Cyber 150.
Acquisitions. Dazz was acquired by Wiz for $450 million before we could go to print. Our automated system detects that the URL redirects to wiz.io so we have added Dazz to the 625 archived vendors in the IT-Harvest Dashboard. Dazz’s chart tells the story:
Funding. Of the 25 which received new funding so far this year, eight took in $100 million or more. A total of $2.3 billion was invested in the Cyber 150 in the first six months of 2025. Over the years, $10.6 billion has gone into 125 of them. 25 are still bootstrapped.
Graduation. Being identified and awarded the Cyber 150 designation usually comes as a complete surprise to vendors. They are not asked for input or even given a heads up other than in this Substack. Once a vendor surpasses 500 people they graduate from the list. Congratulations to Cyera, Coralogix, and Silverfort, which have already outgrown the list. At their current growth rates I expect Chainguard, miniOrange, Persona, Tines, Sprinto, Group-IB, and Hexnode to all matriculate by the end of 2025.
Failing the growth test. The other way to be dropped from the list is to turn in growth rates that are less than stellar. While 130 of the Cyber 150 have continued to add head count in the first six months of the year, twenty have not. Keep in mind that fast growth one year is often followed by a flattening out as a company optimizes its staff. While these 20 will probably not make it back into the Cyber 150 this year there is always 2027!
See all the 2025 Cyber 150 vendors in this public Google Sheet.
I am going to continue to track the Cyber 150 in future editions of Security Yearbook. They provide a nice snapshot of the industry.
If we apply the filters 50-500 and at least 5% growth YTD there are 225 companies that match. The cut off to make the Cyber 150 today would be 16% growth. That translates to 32% growth for the year.
One final note: When picking a name for your startup please think about the consequences of being too clever by far. I was so happy when [redacted], and Noname, went away. Both of these were impossible to track using reported LinkedIn head count data. Random people from all over the world who do not want to reveal their employer all exhibit the same level of wit by choosing names like “redacted” and “noname" which completely skews the numbers. Now we have to deal with Confidencial, which, even with the Spanish spelling, has attracted over 3,000 people to align with their LinkedIn page.
And one big announcement. We have decided that the current edition of Security Yearbook is the last to contain a complete directory of all the cybersecurity vendors by category, country, and location. It turns out that our data is taking on tremendous value, far beyond the $54 price of the book. So, if you are the founder of one of the 4,000+ vendors in Security Yearbook 2025 this is your last chance to see your company’s name in print!
Great research and glad I got a copy of the book where value > cost :)