Welcome back to the Trident Radar!

April 2026 will be remembered as the month the mega-deals landed. ServiceNow closed its $7.75 billion acquisition of Armis, first announced in December, making it the largest cybersecurity acquisition since Google's $32 billion Wiz deal in March. Palo Alto continued its supply chain security spree with KOI for $300 million. Francisco Partners took EfficientIP private for $232 million. And Airbus quietly acquired Quarkslab, signalling that European defence is building sovereign offensive security capability.

But the real story isn't the exits. It's what's happening underneath.

Twenty-nine cybersecurity companies ceased operations this month, up from seventeen in March. That's the highest monthly failure rate we've tracked in 2026. At the same time, seed rounds averaged $6.9 million, down slightly from March's $9 million average. Series A activity dropped to just four deals, the lowest of the year. The market is bifurcating: capital is concentrating at the top while the middle struggles to raise or find buyers.

The quarterly numbers tell the story clearly. Across January through April, we tracked 700+ deals totalling over $91 billion. But strip out the mega-acquisitions, and you see a market that's getting more selective, not less active. The companies raising are raising bigger. The companies struggling are shutting down. The middle ground is disappearing.

Let's dive in.

Week 2 of 4: The Financial Breakdown - When RPO Makes Sense

Last week we talked about matching hiring models to growth stages. This week, let's get into the actual numbers. Because the financial case for embedded RPO versus building internal talent acquisition is more nuanced than most founders realise.

The Real Cost of a Hire

Most companies calculate cost-per-hire wrong. They look at the agency fee, maybe add in some job board spend, and call it done. SHRM puts the average cost per hire at $4,700, but that only captures direct recruiting expenses. The true cost includes:

When you add it all up, the fully loaded cost of a cybersecurity sales hire through traditional channels runs $27,000 to $41,000. That's before the hidden costs of a mis-hire.

The RPO Equation

Embedded RPO changes the maths in three ways:

First, cost-per-hire drops to $5,000-$12,000 at volume. The savings come from eliminating per-placement fees, building repeatable process, and amortising infrastructure across multiple hires.

Second, time-to-fill compresses from 75 days to 45. Speed compounds. Faster hiring means faster ramp, faster revenue, faster feedback on whether your hiring profile is right.

Third, quality improves through specialisation. An embedded team that does nothing but hire for cybersecurity builds pattern recognition that generalist recruiters can't match. Our submittal-to-interview ratio runs 80%, meaning four out of five candidates we present make it to final rounds.

When RPO Makes Sense

The breakeven depends on volume. Here's the rough maths:

Under 5 hires per year: Retained search makes more sense. The infrastructure cost of RPO doesn't amortise well at low volume, and you need precision over throughput.

5-15 hires per year: Hybrid model works best. Use retained for critical leadership hires, RPO for team buildout.

15+ hires per year: RPO delivers significant ROI. At this volume, the cost savings compound, and having embedded expertise means you're not reinventing the wheel with each search.

50+ hires per year: RPO becomes transformational. One of our clients went from 30 to 300 employees over three years with embedded support. 96% offer acceptance. 29-day average time-to-offer. Over $4 million in documented savings versus their previous agency model.

The Hidden Benefit

Beyond cost, RPO solves a coordination problem. When you're hiring across multiple roles simultaneously, having a single team that understands your culture, your comp philosophy, and your hiring bar creates consistency that's hard to achieve with fragmented agency relationships.

The VP Sales isn't re-explaining the territory structure to a new recruiter every time. The CEO isn't calibrating on "what good looks like" with five different search partners. There's one team, one process, one feedback loop.

The Question to Ask

If you're evaluating RPO, the question isn't "is it cheaper than agencies?" It usually is, at volume. The question is: "Are we hiring enough that the infrastructure investment pays back?"

For most Series A and B cybersecurity companies planning aggressive GTM buildouts, the answer is yes. For seed-stage companies making one or two hires a quarter, probably not yet.

Drop [email protected] a note if you want to know more about all of this!

Next week: RPO versus building internal TA, and when each makes sense.

ServiceNow closes Armis for $7.75B. The largest cybersecurity acquisition since Wiz. Asset intelligence meets workflow automation. Announced December, closed April.

Terra Quantum goes public via $3.25B SPAC. Quantum computing meets public markets. Mountain Lake Acquisition II merger.

iC Consult secondary buyout at $496M. Bridgepoint acquires the German identity security specialist from previous PE ownership.

Palo Alto acquires KOI for $300M. VSCode extension security joins Prisma Cloud. Israeli supply chain security play.

Francisco Partners takes EfficientIP private for $232M. DDI specialist gets the LBO treatment.

Airbus acquires Quarkslab. French aerospace builds sovereign offensive security capability.

29 companies ceased operations. The highest monthly failure rate of 2026. Up from 17 in March.

Funding activity slows at Series A. Only 4 Series A deals in April versus 15 in March. Seed activity remains steady at 21 deals.

Armis → Acquired by ServiceNow (NYSE: NOW)
Deal Type: Acquisition
Deal Date: April 20, 2026
Deal Size: $7.75B

First announced in December 2025, the deal finally closed this month. ServiceNow paid $7.75 billion cash for the Israeli-founded asset intelligence platform, creating what they call "a unified, end-to-end security exposure and operations stack." Armis provides visibility into all connected assets, from IT to OT to medical devices. For Israeli cyber, this is another landmark exit following Wiz's $32B sale to Google in March.

KOI → Acquired by Palo Alto Networks (NASDAQ: PANW)
Deal Type: Acquisition
Deal Date: April 14, 2026
Deal Size: $300M

Israeli supply chain security specialist joins Prisma Cloud. KOI built a platform that continuously analyzes VSCode extensions for malicious behavior, risky permissions, and vulnerable dependencies. The acquisition extends Palo Alto's code-to-cloud security story into the IDE layer.

EfficientIP → Acquired by Francisco Partners
Deal Type: LBO
Deal Date: April 15, 2026
Deal Size: $232M (EUR 200M)

The DDI specialist gets the PE treatment. EfficientIP provides DNS, DHCP, and IPAM security services, simplifying network management while enhancing security. Network infrastructure plays never die.

iC Consult → Acquired by Bridgepoint
Deal Type: Secondary Buyout
Deal Size: $496M

German identity security and access management provider changes PE hands. iC Consult protects and manages digital identities across enterprise environments.

Quarkslab → Acquired by Airbus Space
Deal Type: Acquisition
Deal Size: Undisclosed

French aerospace giant acquires Paris-based offensive security and reverse engineering specialist. A clear sovereignty play as European defence builds internal security R&D capability.

PE-backed platforms continued consolidating:

We've spent the past four months tracking every cybersecurity deal across the US, Europe, and Israel. 778 deals. $91 billion deployed. Here's what the data actually tells us.

The Capital Concentration

The headline number, $91 billion, looks enormous. But zoom in and the picture changes. The top ten deals account for nearly $79 billion of that total. Wiz at $32 billion. CyberArk at $26 billion. Armis at $7.75 billion. Jamf at $2.5 billion. Remove the mega-deals and the market deployed roughly $12 billion across 750+ other transactions.

That's still healthy. But it's not the explosion the headline suggests.

The Geographic Reality

The US dominated with 394 deals totalling $82 billion in deal value. But again, the mega-exits skew this. Europe (excluding UK) logged 200 deals at $6.3 billion. The UK saw 85 deals worth $2 billion. Israel contributed 46 deals at $1 billion, but punched well above its weight when you factor in the acquirer destinations, both Armis and Wiz were Israeli-founded.

The pattern is clear: build in Israel or Europe, exit to US acquirers.

The Seed Round Evolution

We tracked 79 seed rounds across the quarter. The average sizes tell an interesting story:

March saw the peak, driven by outliers like Above Security's $50M "seed" and Cylake's $45M round. April normalised. But even at $6.85M, today's seed is yesterday's Series A.

The implication for founders: if you're raising a $2M seed, you're competing against companies raising $10M. Your milestones need to be proportional, or the next round gets harder.

The Series A Drought

April saw only 4 Series A deals, down from 15 in March. Total Series A value dropped from $651M in March to $42M in April. Some of this is seasonal. Some is RSA hangover. But the trend bears watching.

The Series A bar has risen. Investors want to see revenue, not just product. They want repeatable sales motion, not just design partners. The companies that raised seed in 2024 expecting an easy Series A in 2025-2026 are discovering the market has moved.

The Failure Rate

76 companies ceased operations across the quarter:

April's spike is notable. Nearly double March. Some of this is companies that couldn't raise follow-on funding. Some is acqui-hire outcomes that didn't close. Some is simply running out of runway.

The common thread: companies in the middle. Not good enough to raise at premium valuations. Not differentiated enough to attract acquirers. Not cheap enough to extend runway indefinitely.

The Category Winners

Looking at where capital flowed, the patterns are clear:

AI Security: Trent AI, General Analysis, Ciphero, Faberlens. Investors believe AI systems need their own security stack.

Identity: iC Consult's $496M exit, Fabrix Security's acquisition by Silverfort, continued investment in non-human identity.

Supply Chain: KOI's $300M exit to Palo Alto, continued focus on securing the development pipeline.

Quantum: Terra Quantum's $3.25B SPAC, Matrics2's raise, SKV Technology's acquisition. The quantum security thesis is getting funded.

What It Means

For founders: the bar is higher, but capital is available for the right opportunities. "Right" means experienced teams, clear differentiation, and ideally some revenue. The days of raising Series A on a pitch deck and a prototype are over in cyber.

For operators: the failure rate is real. If your company raised a small seed two years ago and hasn't found product-market fit, the clock is ticking. Either find a path to revenue, find a buyer, or face the same outcome as those 76 companies.

For buyers: the M&A market is active but bifurcated. Premium assets command premium prices (Wiz, Armis, KOI). Struggling assets are available cheap but require integration work. The middle, decent companies at reasonable valuations, is thin.

For investors: returns are concentrating. The top decile of investments will generate the vast majority of returns. Pattern matching on team, category, and timing matters more than ever.

The Trident Take: Q1 2026 wasn't a boom or a bust. It was a sorting. The market is deciding which companies matter and which don't. That process isn't pretty, but it's necessary. The companies that survive this filter will be stronger for it.

Twenty-nine cybersecurity companies went out of business in April, the highest monthly total of 2026:

VP Federal
💰 $250K base
📍 US
High-growth security vendor targeting federal and government markets. Strategic role building federal GTM from the ground up.
Contact: [email protected]

Head of Marketing
💰 $230K base
📍 US
Offensive security company disrupting penetration testing. Building marketing function for rapid growth phase.
Contact: [email protected]

Demand Generation Lead
💰 $200K
📍 US
AI-native insider threat platform backed by Ballistic Ventures. Building demand gen for US expansion post-$50M seed.
Contact: [email protected]

Technical Account Manager
💰 $180K
📍 US
Enterprise security platform with strong technical differentiation. Customer success role requiring deep technical expertise.
Contact: [email protected]

Account Executive - Northeast
💰 $160K base
📍 US (NY/Boston/Chicago)
Cloud security vendor with established customer base. Territory covering major enterprise markets.
Contact: [email protected]

VP Sales EMEA
💰 €150K base
📍 EMEA
Threat intelligence platform with strong European presence. Leading regional sales organisation.
Contact: [email protected]

Sales Director
💰 $150K base
📍 US
Application security company protecting JavaScript. Building US sales presence.
Contact: [email protected]

Senior BDR
💰 $90K
📍 US
Open-source security with massive community adoption. Nuclei-based vulnerability scanning. High-growth path to AE.
Contact: [email protected]

Ready to make your next move? These roles won't stay open long.

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.

The Trident Radar - Intelligence that moves faster than your competition
Delivered by Trident Search Research Desk
Editor: Ryan Keeley | London