Unlocking Competitiveness: Rethinking Cybersecurity Investment in Europe
The scale-up bottleneck
The investment imbalance is clear. European venture capital funds specialising in cybersecurity are, on average, three times smaller than their United States (US) counterparts, with an average ticket of €6 million compared to $22 million in the US. This chronic investment gap has concrete impacts: only 30% of European cybersecurity companies advance from seed to Series A fundings, compared to some 50% in the US. In the first half of 2025, 55% of European cybersecurity funding rounds remained stuck at early stages.
This shortfall carries broader strategic implications. In 2024, nearly half of mergers and acquisitions involving European cybersecurity companies were by non-European entities , raising concerns about the drain of intellectual property, expertise, and strategic assets from Europe.
A parallel challenge arises on the demand side. Unlike in the US, where public and private actors often act as early adopters of domestic technologies, European buyers do not procure European cybersecurity solutions at scale. This deprives European startups of the reference customers and revenue streams essential for commercial validation. Addressing this gap requires not only a more strategic approach to public procurement but also a shift in market behaviour by European businesses.
Unlocking dormant capital
Europe is not constrained by a lack of capital, but instead by how that capital is deployed. European pension funds direct roughly 0.01% of their assets to venture capital, compared with around 10% in the US. Unlocking even a fraction of this dormant capital could fundamentally contribute to reshaping Europe’s cybersecurity investment landscape.
Regulatory constraints play a central role. Current European prudential rules encourage low-risk asset allocation to preserve capital by limiting exposure to higher-risk investments. While sound in principle, these frameworks do not adequately distinguish strategic infrastructure investments such as cybersecurity venture capital from speculative risk-taking. With a compound annual growth rate near 10%, Europe’s cybersecurity market offers both commercial viability and strategic value.
The European Commission’s ongoing pension fund reform offers a timely opportunity to adjust these rules. Updating prudential and capital market frameworks could enable institutional investors to engage responsibly in venture capital while maintaining fiduciary prudence. Complementary steps, such as harmonising IPO procedures and strengthening the capital markets union, would further channel European resources into productive innovation.
Three priorities for collective action
Europe’s cybersecurity competitiveness relies on coordinated efforts along three fronts:
- Establish a pan-European investment vehicle to support scale-ups. The European Cyber Security Organisation (ECSO) and the European Investment Fund are developing a fund-of-funds mechanism targeting at least €1 billion in committed capital. This vehicle aims to address fragmentation by aggregating capital at the European level, enabling specialised venture funds to deploy larger tickets and support companies through multiple funding rounds. Public participation can play an essential signalling role, helping attract private investors and amplifying the total funding available to promising scale-ups.
- Unlock institutional capital to fuel long-term growth. Institutional investors remain underrepresented in European venture capital. Advancing capital markets union reform and the proposed “28th regime” could simplify cross-border investment and reduce regulatory friction. Alongside these measures, awareness initiatives must highlight the attractive risk-return profile of cybersecurity investments and the growing maturity of European venture managers with both financial and operational expertise.
- Strengthen exit pathways to attract later-stage investors. Successful exits, through IPOs or strategic acquisitions by European companies, reinforce investment in cyber by rewarding early-stage risk-taking and incentivising continued investment. Yet only about 2% of European scale-ups reach public listing. Strengthening Europe’s stock exchanges, harmonising IPO regulations, and promoting a culture of strategic domestic acquisition are key to stimulate growth-stage capital, reinvestment, and sustained innovation.
Reframing cybersecurity as a strategic priority
Europe’s discourse on cybersecurity often remains focused on resilience and protection of our digital ecosystem, especially critical infrastructures. Cybersecurity should however also be recognised as a driver of competitiveness, innovation, and prosperity. It lies at the heart of digital transformation and industrial capability, with far-reaching benefits that extend well beyond traditional IT security. Cybersecurity investment should not be viewed as competing with other funding priorities but instead as a horizontal enabler of Europe’s digital and industrial ambitions.
From ambition to action
Our continent possesses the ideas, expertise, and market potential to lead the world in cybersecurity. A stronger investment framework effectively linking early-stage innovation with scalable and resilient growth remains essential to do so. In an era of global digital competition, technological dependence creates strategic vulnerability. For Europe to remain competitive, it must be capable of securing, scaling and sustaining the companies that safeguard its digital future.
The investment gap is real but not insurmountable. With coherent policy reform, shared commitment, and sustained political will, Europe can turn its cybersecurity sector into an integrated ecosystem of global champions.
About the author: Joanna Świątkowska, member of the Advisory Board of InCyber Forum Europe, is the Secretary General of the European Cyber Security Organisation (ECSO) since June 2025. She also serves on the Advisory Group of the EU Agency for Cybersecurity (ENISA) and the Research Council of the Polish National Research Institute (NASK).