What do a $25 billion corporate acquisition and an AI-generated deepfake of a CEO have in common? They both illustrate the paradox of European cybersecurity—a market that is booming in response to escalating threats. One is a sign of a maturing industry, the other a stark reminder of the risks.

The age of the "cyber super-group"

The Palo Alto Networks acquisition of CyberArk for $25 billion signals a major shift towards consolidation. For years, businesses sourced security needs from dozens of specialists. Now, the largest players are acquiring these specialists to become "cyber super-groups," offering all-in-one solutions that protect every part of a business’s digital infrastructure. We expect to see more of these deals as major companies vie for market dominance.

The Next Cyber Threat: AI-Driven Attacks

While the market matures, the threat landscape is growing at a terrifying pace. Threat actors are using AI to supercharge attacks, making them faster, more targeted, and harder to spot. We are seeing an emerging trend with AI used to create:

• Sophisticated phishing: AI generates flawless, personalised emails that mimic a specific person's writing style, making it difficult to differentiate a real message from a fake.

• Deepfakes: With seconds of audio or video, AI can create a digital clone of a person—for example, a CEO—to trick employees into transferring funds or handing over sensitive information.

This new wave of attacks is pushing businesses and individuals to upgrade their defences.

The EU's master plan: turning regulations into resilience

A key driver of this spending is the European Union's move towards a coordinated, continent-wide response to cross-border threats. This includes:

• The Cyber Blueprint: This framework is designed to get all EU countries working together to defend and respond to large-scale cyberattacks, replacing a country-by-country approach.

• The NIS2 Directive: This enforced directive requires businesses to invest in robust security measures and holds them accountable if they fail. Non-compliance can lead to substantial fines, making a strong cybersecurity posture a legal and financial necessity.

These regulations are creating a powerful incentive for companies to invest in security.

The Data is Clear: Europe is Making Significant Investments

Europe’s cybersecurity revenue grew by 13% YoY in 2025-H1. This is a sign of healthy, sustained investment. The top-performing countries were Spain (26% YoY change), Italy (23% YoY change), and Germany (14% YoY change).

Growth is widespread, with all five key security segments—including network, endpoint, and cloud security—up YoY. This indicates that businesses are building multi-layered defences.

The one notable exception is the UK, which had a negative 11% YoY performance. This is not a sign of weakness, but a statistical anomaly due to an exceptionally strong performance in the same period last year, which created a high bar for comparison.

What's next for cybersecurity?

2025-H1 paints a clear picture: the battle between cyber threats and defences is escalating. While AI is arming attackers with new tools, new regulations and major market players are equipping defenders with the budget and technology to fight back. Our data helps illuminate these shifts, supporting both the market and cybersecurity companies as they navigate risks, seize opportunities, and strengthen resilience.

For more on these and other IT channel trends, tune into CONTEXT’s weekly IT Industry Forum webinars. Register here.