Top 10 security categories where VC funding trails Gartner’s 2026 growth forecast, Crunchbase data
Two of Gartner’s 10 fastest-growing security categories have zero venture-backed startups. Firewall equipment, a $26.7 billion market by 2030, and pure-play cloud access security brokers, projected at $7.1 billion, are controlled entirely by incumbent vendors. No startup has raised a dollar in either category since January 2025.
I cross-referenced Gartner’s 1Q26 Information Security forecast against CB Insights, Crunchbase, and PitchBook funding data for every one of the 10 fastest-growing security categories. The question: where is venture capital following Gartner’s growth signal, and where is it missing?
The answer is stark. $93.2 billion in projected 2030 spending across these 10 categories. $11.2 billion in total VC raised by 59 funded startups. That is an 8.3:1 gap between where enterprise demand is heading and where startup capital is flowing. In 5 of 10 categories, the gap exceeds 12:1. As I detailed in last week’s analysis of the 10 fastest-growing categories, growth is concentrating in cloud infrastructure, proactive intelligence, and privacy compliance. The VC data tells you whether anyone is building what CISOs need to buy.
“Cybersecurity leaders are navigating uncharted territory this year as these forces converge, testing the limits of their teams in an environment defined by constant change,” said Alex Michaels, Director at Gartner. The spending data confirms it. The startup funding data shows the supply side has not caught up.
The master table: Gartner forecast vs. startup funding by category
I mapped each Gartner category against every cybersecurity startup that raised equity or debt since January 2025. Each company is assigned to one primary category to avoid double-counting. Gap Ratio is the Gartner 2030 market projection divided by total VC raised. Higher means wider gap.
| # | Gartner Security Category | 2025-26 GR | 5yr CAGR | 2030 Proj | Startups | Total VC | Gap Ratio | Verdict |
| 1 | Cloud Access Security Brokers (CASB) | 27.2% | 24.3% | $7.1B | 4 | $182M | 39:1 | Critical Gap |
| 2 | Firewall Equipment (NGFW/FWaaS) | 15.9% | 9.1% | $26.7B | 0 | $0 | ∞ | Incumbent Lock |
| 3 | Cloud Security Posture Mgmt (CSPM) | 33.4% | 27.6% | $16.2B | 6 | $752M | 21.5:1 | Underfunded |
| 4 | Vulnerability Assessment | 15.7% | 12.0% | $6.4B | 6 | $306M | 20.9:1 | Underfunded |
| 5 | Cloud Workload Protection (CWPP) | 25.9% | 21.0% | $16.1B | 8 | $1.28B | 12.6:1 | Underfunded |
| 6 | Subject Rights Request Automation | 16.2% | 12.3% | $2.3B | 2 | $240M | 9.6:1 | M&A Absorbed |
| 7 | Network Detection & Response (NDR) | 15.6% | 12.4% | $4.1B | 4 | $701M | 5.9:1 | Moderate Gap |
| 8 | Zero Trust Network Access (ZTNA) | 23.0% | 20.9% | $6.4B | 10 | $1.94B | 3.3:1 | VC Ahead |
| 9 | Threat Intelligence | 27.3% | 21.1% | $6.9B | 12 | $3.16B | 2.2:1 | Oversupplied |
| 10 | Consent & Preference Mgmt | 22.1% | 18.6% | $2.0B | 7 | $2.61B | 0.8:1 | Oversupplied |
Source: Gartner 1Q26 Information Security Market Current Outlook (G00846158, March 2026). Growth rates in constant currency. Funding data from CB Insights, Crunchbase, PitchBook. Analysis by Software Strategies Blog, April 2026.
The table splits cleanly into three tiers. Five categories are underfunded or locked out (Gap Ratio above 9:1). Two sit in the middle. Three are oversupplied or ahead of the Gartner signal.
I update this comparison every quarter as Gartner releases new forecast data. Get the next one in your inbox.
The 3 widest gaps
Gap #1: CASB — 39:1, and the category is disappearing
Gartner projects cloud access security brokers reaching $7.1 billion by 2030 at a 24.3% CAGR. Total startup funding since January 2025: $182 million across just 4 companies.
| Company | Total Funding | Last Round | Lead Investor | HQ | Founded |
| Reco | $85M | $30M Series B | Zeev Ventures | New York | 2020 |
| Seraphic Security | $44M | $29M Series A | GreatPoint Ventures | Palo Alto / Israel | 2020 |
| Nudge Security | $35M | $22.5M Series A | Cerberus Ventures | Austin, TX | 2021 |
| Spin.AI | $18M+ | Undisclosed (K1) | K1 Investment Mgmt | Palo Alto | 2017 |
The gap is structural, not cyclical. Pure-play CASB startups no longer exist as a standalone category. The buying motion has shifted to SASE platforms. Cato Networks raised $409 million in a Series G in June 2025, but that money funds a unified SASE platform spanning CASB, ZTNA, and SD-WAN.
For CISOs, the implication is direct. If your CASB requirement is standalone, your vendor options are Netskope, Skyhigh, Forcepoint, and a handful of sub-$50 million startups. Expect fewer competitive bids and less pricing leverage than in categories where VC is abundant.
Gap #2: CSPM — 21.5:1, the fastest-growing category is still starved
Cloud security posture management is the single fastest-growing category in Gartner’s entire information security forecast. 33.4% growth in 2026. $16.2 billion by 2030 at a 27.6% five-year CAGR. Total startup funding: $752 million across 6 companies.
| Company | Total Funding | Last Round | Lead Investor | HQ | Founded |
| Upwind Security | $430M | $250M Series B | Bessemer Venture Partners | San Francisco | 2022 |
| Noma Security | $132M | $100M Series B | Evolution Equity Partners | New York / Tel Aviv | 2023 |
| Sentra | $100M+ | $50M Series B | Key1 Capital | New York / Tel Aviv | 2021 |
| Native Security | $42M | $31M Series A | Ballistic Ventures | Tel Aviv / Seattle | 2024 |
| Mondoo | $32.5M | $17.5M Series A Ext | HV Capital | San Francisco | 2020 |
| AccuKnox | $15M | $4M Venture | DreamIt Ventures | Menlo Park | 2020 |
Upwind alone accounts for 57% of all CSPM startup capital. It hit unicorn status at a $1.5 billion valuation in January 2026. But one company cannot fill a $16.2 billion market.
Alphabet’s $32 billion acquisition of Wiz in March 2026 removed the largest independent cloud security company from the startup market entirely. In my analysis of $3.6 billion in agentic AI security funding, I tracked how M&A is filling gaps that VC has not. CSPM is a category where that pattern is accelerating.
Gap #3: Vulnerability Assessment — 20.9:1, the most active seed-stage category
Gartner projects vulnerability assessment at $6.4 billion by 2030. Total VC: $306 million across 6 companies.
| Company | Total Funding | Last Round | Lead Investor | HQ | Founded |
| Zafran Security | $130M | $60M Series C | Menlo Ventures | New York | 2022 |
| Seemplicity | $82M+ | $50M Series B | Sienna Venture Capital | Tel Aviv | 2020 |
| Cogent Security | $53M | $42M Series A | Bain Capital Ventures | San Francisco | 2024 |
| Nucleus Security | $20M+ | $20M Series C | Undisclosed | Tampa, FL | 2018 |
| Onit Security | $11M | $11M Seed | Hetz Ventures | Tel Aviv | 2025 |
| ZAST.AI | ~$10M | $6M Pre-A | Hillhouse Capital | Seattle | 2024 |
This is the category with the most active early-stage investment. Cogent Security and Onit Security both use AI agents for autonomous vulnerability remediation. Zafran tripled ARR since its prior round. The agentic AI thesis is landing hardest in vulnerability management, and the funding trail shows it.
Balbix, which had raised $98.6 million, was acquired in November 2025. For CISOs evaluating this category, the vendor field is young and fragmented. Half of the funded companies were founded in 2024 or later.
Where VC is ahead of Gartner
Three categories show the opposite pattern. In Consent & Preference Management, OneTrust alone has raised $2.1 billion against a $2.0 billion Gartner projection. In Threat Intelligence, $3.16 billion in VC against a $6.9 billion projection, but Dataminr ($1.24B) and ReliaQuest ($1.13B) account for 75% of the total. In ZTNA, Cato Networks’ $1.1 billion alone represents 57% of all category funding.
The concentration risk matters. Strip out the single largest company in each oversupplied category and the gap ratios invert. Consent without OneTrust: $510 million, Gap Ratio 3.9:1. Threat Intelligence without Dataminr and ReliaQuest: $790 million, Gap Ratio 8.7:1. ZTNA without Cato: $835 million, Gap Ratio 7.7:1.
M&A is filling the gaps VC won’t
When startups cannot fill the gap, platform vendors acquire. The $3.6 billion in agentic AI security funding and $96 billion in M&A I tracked in March tells this story at scale. Palo Alto Networks assembled $29 billion in acquisitions. ServiceNow spent $11.6 billion. Alphabet closed $32 billion for Wiz. Veeam acquired Securiti.ai for $1.725 billion, removing the leading subject rights automation vendor from the independent market.
Forrester’s 2026 cybersecurity budget data confirms the same pattern from the buyer side. Security budgets are growing, but the spend is concentrating in fewer, larger platform purchases.
What this means for CISOs
In underfunded categories, build internally or accept platform vendor lock-in. CSPM, vulnerability assessment, and CWPP all have Gap Ratios above 12:1. Fewer funded startups means fewer competitive alternatives. If your preferred vendor gets acquired, as Wiz, Securiti.ai, and Balbix all were, your roadmap depends on the acquirer’s priorities, not yours.
In oversupplied categories, use the competition for better pricing. ZTNA, threat intelligence, and consent management have abundant VC-backed alternatives. Negotiate harder. Run competitive evaluations with three or more vendors. The funding data tells you which categories give you leverage.
Watch for single-company concentration. Chainguard holds 70% of all CWPP startup funding. Cato holds 57% of ZTNA. OneTrust holds 80% of consent management. If any of these companies pivots, gets acquired, or fails, the category funding picture changes overnight.
Bottom line
Gartner projects $93.2 billion in 2030 spending across the 10 fastest-growing security categories. Venture capital has funded $11.2 billion in startups since January 2025. The 8.3:1 blended gap tells you the overall story. The category-level ratios tell you where to act.
Cloud security posture management, vulnerability assessment, and cloud workload protection are growing at 2x to 3x the market average but remain underfunded relative to Gartner’s projections. Two categories, firewall equipment and pure-play CASB, have no startup investment at all. Platform vendors are filling gaps through acquisition at a pace that is reshaping every competitive evaluation.
This is the third quarter I have tracked Gartner’s security forecast against independent funding data. The gap between enterprise demand and startup supply keeps widening. Gartner’s 2Q26 forecast lands in July. I will break down the updated Gap Ratios the week it drops. I wrote a shorter editorial take on what these gaps mean for CISO budgets on my Substack.
Source: Gartner, Information Security Market Current Outlook, Worldwide, 1Q26 (G00846158), March 2026. Growth rates in constant currency. Dollar figures in current U.S. dollars. Funding data from CB Insights, Crunchbase, PitchBook, Statista. Cross-referenced against company press releases. Analysis by Software Strategies Blog.
