Validation and defensibility: Why cybersecurity investors are getting disciplined

Discover insights and exclusive interviews from the global Black Hat MEA community – in your inbox every week. 

This week we’re focused on…

The money. 

Not every breakthrough defence tool and every disruptive security platform starts with someone writing a cheque. But many cybersecurity startups do need funding to scale. And in 2025, the opportunities for founders are very different from just a few years ago. 

It was never easy 

Cybersecurity investments reached a peak in 2021, but even then, it wasn’t easy money. Cybersecurity was a major focus for VCs around the world, but all those billions that poured into the industry were hard-won by every startup who secured funding. 

Founders have always worked hard. 

Now, investors have become more disciplined; and that means founders have to work even harder. As we detailed on the blog this week, deals are increasingly skewed towards late-stage startups with proven revenue; and early-stage companies are struggling to secure funds. 

Investors are making considered decisions 

They’re not abandoning cyber. But they are concentrating on categories with clear and urgent demand:

• AI-driven defence and detection
• Continuous threat exposure management (CTEM)
• Security validation and breach simulation 

It’s a flight to quality. This year’s investors favour platforms that show measurable impact, integrate with enterprise workflows, and defend against the most immediate threats. 

Three important notes for founders 

For founders, the rules of engagement have been refined. A clever concept isn’t worth much without validation, adaptability, and a credible plan for scale.

When we interviewed Moataz Salah (CEO at CyberTalents) he told us:

“I believe that idea validation is crucial for the success of any startup, especially in the cybersecurity sector…many founders come from a technical background and may have a great idea, but they often lack the business experience to validate it.”

If you skip validation, you’re more likely to build products that solve a problem no one actually has. And investors aren’t going to overlook that. 

Speaking at Black Hat MEA, Mohammed Almeshekah (Founder and Managing Partner at Outliers VC) warned: 

“Don’t build a team that is very homogenous because you’re going to miss opportunities…if people only have homogenous networks it doesn’t create a multiplying effect.”

And when we spoke to Emre Kulali (Strategic Partnerships at AccuKnox), he cautioned against reckless expansion:

“The market is highly saturated and competitive…one common mistake is growing their teams and operating costs too quickly, which can lead to premature depletion of resources and runway.”

These voices echo what the market data shows: investors reward disciplined teams who know their market, prove traction early, and adapt fast.

For investors, discipline is opportunity

For investors themselves, this reset could be healthy. The exuberance of the boom years funded innovation (and that was exciting), but also created noise. Now, disciplined capital can flow to startups with real defensibility – the ones with proprietary threat data, strong machine learning models, or regulatory advantages.

And for founders who embrace this shift, the path to capital is still open. It’s just steeper – and smarter.

Keep exploring…

On the blog this week, we’ve gone deeper into the funding landscape and the founder’s playbook:

• Where are the smart bets in cybersecurity? Insights from 2025 investor trends
• From pitch to payoff: how cybersecurity startups win investor confidence

Cybersecurity will always need innovators. We need brilliant ideas, and we need the people who aren’t afraid to put them out into the world. But while the threat landscape continues to evolve at pace, organisations worldwide need solutions that can truly survive scrutiny and scale responsibly – and that need is exactly what investors are responding to right now. 

Want to learn more? Get your pass to attend Black Hat MEA 2025. We can’t wait to see you there.