Almost a year after initial discussions, Google is finally acquiring the privately-held cloud cybersecurity company Wiz for a staggering $33 billion, marking the largest deal in the industry to date, surpassing the $28 billion Cisco’s acquisition of Splunk from two years ago.
In recent years, Tech giants have been intensifying efforts to strengthen their cybersecurity credentials. This push is driven not only by the promising growth prospects of the cybersecurity sector—fueled by an expanding attack surface and proliferation of cyber threats—but also by the strategic nature of cybersecurity for cloud operations. Indeed, delivering comprehensive security solutions as part of a cloud offering has become a key differentiator for hyperscalers, helping them attract and retain the most demanding customers.
Israel-based Wiz has emerged as a standout success story in the cloud security space thanks to its ability to scan IT workloads without interrupting them, and its integration into Google Cloud is expected to significantly enhance Google’s offering. By incorporating Wiz’s threat detection and vulnerability assessment tools, Google is positioned to bolster its cybersecurity capabilities and move closer to building a comprehensive, end-to-end security platform. Interestingly, Wiz will continue to operate across all cloud providers, maintaining its ability to support customers in multi-cloud environments.
Overall, this M&A deal is a clear reminder of the strategic nature of cybersecurity for cloud giants. This is clearly reflected in the price Google agreed to pay, or $33 billion for a business that reportedly generated revenue around $700 million in 2024 and that is on track for $1 billion revenue in 2025, way above multiples in recent sector transactions (6-8x revenue).
Against this backdrop, we keep believing that most cybersecurity firms that still have a niche positioning will end up as natural takeover targets for Tech giants and cybersecurity leaders seeking to build end-to-end security platforms. While threat detection & response specialists (e.g. SentinelOne) should remain an area of focus, we believe that identity & access management players (CyberArk, Okta…) should be getting increasing attention thanks to the rising “machine identity” theme (need to identify an increasing number of connected devices, AI agents, copilots…).
Importantly, antitrust should not be a major hurdle in our view as the industry is still highly fragmented and as the leaders’ market share is still very low. Recent large M&A such as Cisco’s acquisition of Splunk or Google’s acquisition of Mandiant didn’t attract specific antitrust scrutiny.
For leading cybersecurity pure-plays like Palo Alto and Fortinet, the Google-Wiz deal could be viewed negatively, as it signals that hyperscalers are increasingly positioning themselves as serious players in the cloud cybersecurity space. This raises the potential risk that these hyperscalers might eventually offer security services at a discount to capture market share in their core cloud and AI workloads business.
