The investors actually funding European cybersecurity in 2026 are a narrow set, and most of the ranking lists miss them. On the specialist side it is TIN Capital in Amsterdam, 33N Ventures in Porto, and Paladin Capital deploying EU capital from Luxembourg. On the buyout side it is Keensight, Bregal Milestone and Verdane running roll-ups and booking exits. And underneath all of them sits a layer of state and institutional capital that no firmographic list covers. Continental European cyber startups raised $1.33 billion in 2025, up 81 percent from $734 million the year before, so the money is real and growing, just concentrated in fewer hands than the totals suggest.
A European cybersecurity investor, for this piece, is a fund putting equity into security companies domiciled or built in continental Europe, from first seed through the buyout that takes them off the board. I read this from an operator's seat, because I run growth for MSPs and cyber firms and spend my time watching where the capital lands rather than where the press releases point. This is the continental companion to the most active cybersecurity VCs globally and to the private equity firms buying cyber, and it sits inside the wider cybersecurity market map. The UK is a big enough ecosystem to deserve its own treatment, so it gets a separate UK piece and only a pointer here. What follows is tiered, dated, and honest about what I could and could not verify.
The specialist cyber funds
Continental Europe has a real, if thin, layer of funds that do nothing but cybersecurity. They are the closest analogue to the Israeli and US specialists, and when one of them writes your seed check you are buying its operator network as much as its money. Here is who is actually deploying.
TIN Capital (Amsterdam)
The purest cyber specialist in the Benelux, and arguably the continent. TIN was founded in 1998 and turned cyber-focused in 2018. Its European Cyber Tech Fund V held a first close in October 2023 and a final close above 80 million euros in May 2025, with the European Investment Fund committing 20 million euros and Invest-NL as an LP. The portfolio is a good map of Dutch and European cyber: Eye Security, EclecticIQ, BreachLock, SignPath and EGERIE. TIN backed Eye Security early, and that name is worth holding onto, because it became one of the clearest proof points in the whole European market.
33N Ventures (Porto)
The most ambitious new specialist on the continent. 33N raised a 50 million euro first close in January 2024 against a 150 million euro target, dedicated to cybersecurity and infrastructure software, with the EIF, the Luxembourg Future Fund, Criteria Venture Tech and Caixa Capital as LPs. The firm says it has put more than 200 million euros to work since it was founded in 2022, writing Series A and B checks across Europe, the US and Israel. Portfolio names include Equixly, Apono, Acoru, Panorays, StrikeReady, Exein and DataGalaxy. This is the firm to watch if you want a European lead that can travel across the Atlantic and into Tel Aviv.
Auriga Cyber Ventures (Paris)
Auriga is what happens when four cyber founders decide to fund the next generation. Its 55 million euro early-stage fund backs European cyber and digital-trust startups with tickets of 500,000 to 1 million euros, and it has built a portfolio of 18 companies. The founding partners are the tell: Jean-Noel de Galzain of Wallix, Edouard de Remur of Oodrive, Georges Lotigier of Vade and Thierry Rouquet, formerly of Sentryo. That is operator capital in the literal sense, and for a French seed founder it is close to the ideal cap-table name. Source: the Auriga Cyber Ventures site.
Paladin Capital Group (Luxembourg and London arms)
Paladin is US-rooted but matters enormously to European founders because of how it deploys here. Its Cyber Fund II closed at $372 million, and the firm has committed more than $1.5 billion across 65-plus investments since 2008. The European angle is the partnership: Paladin teamed with the EIF and the Luxembourg Future Fund to invest specifically in EU-based cyber firms. When a firm this size formalises an EU deployment vehicle with European state money behind it, it stops being a foreign fund and starts being part of the local plumbing.
Bright Pixel Capital (Porto)
The former Sonae IM, rebranded, running a 300 million euro fund across a mandate that mixes cybersecurity with retail-tech and infrastructure, so not a pure play. It holds 66 companies and added nine in the trailing year. On the cyber side it led a $12 million round in Tamnoon in hybrid cloud security, and it co-invested with TIN in Sekoia.io, the Rennes threat-detection company that raised a 26 million euro Series B in April 2025 with Revaia leading alongside Bright Pixel and Bpifrance. Treat Bright Pixel as a cyber-active generalist with a genuine security book rather than a dedicated fund.
eCAPITAL (Munster), one honest line
eCAPITAL launched what it billed as Germany's first dedicated cybersecurity VC fund, a 30 million euro vehicle in 2018, against firm-wide assets above 400 million euros. I could not surface a verified 2023 to 2026 cyber deal from it, so I am naming it for the record and leaving it there rather than padding the profile.
Generalists with real cyber evidence
Below the specialists sits a set of generalist and deep-tech funds that back security when the company is good enough, usually with EIF or national money behind them. The bar for inclusion here is a dated, verifiable cyber deal, not a line on a website.
HV Capital (Munich)
Opportunistic in cyber but with a real check on the board: HV led Hadrian's 10.5 million euro seed in 2022 for the Amsterdam startup that simulates attacker behaviour against a company's external surface. Not a cyber shop, but a fund that will lead a security seed when the team is right.
Elaia (Paris)
Elaia's Digital Venture Fund V reached a 120 million euro first close, backed by Bpifrance and France 2030, with an explicit AI-and-cyber mandate from pre-seed to Series B. This is a case where the state thesis and the private fund line up directly, which is the pattern that runs through the whole continental market. Worth noting: I have seen Elaia linked to Sekoia in secondary write-ups, but I could not confirm that, so I am not claiming it.
OTB Ventures (Warsaw)
The largest deep-tech fund in Central and Eastern Europe, with a $185 million Fund II closed in 2024. Cybersecurity is one of four verticals, and the LP base is the interesting part: it includes the NATO Innovation Fund and the EIF, which tells you how the state layer feeds the private one. For a founder in the CEE region, OTB is the obvious first call.
Jolt Capital (Paris)
Deep-tech growth, and a fund with real institutional weight behind it. Jolt's Fund V held a 600 million euro first close against a 1.1 billion euro target, anchored by a 260 million euro EIF commitment through the European Tech Champions Initiative. On the cyber side, Jolt led the 44 million euro round into Tehtris in 2022, which is a name we will come back to as the cautionary case in this market.
Seaya (Madrid), as thesis not track record
Seaya's Growth Tech Fund I targets 1 billion euros, with cyber as one of six verticals and a 300 million euro EIF anchor committed in February 2026. I am including it as a thesis, not a record. It is a new vehicle with a stated cyber mandate and no cyber deal to point to yet, so a founder should read it as intent backed by capital rather than a proven security investor.
Lakestar (Zurich and Berlin), a watch item
One line, because that is all the evidence supports: Lakestar is raising a European defence-tech fund in the $250 to $300 million range that spans cyber. It is not yet active on that mandate, so it belongs on the watch list rather than the roster.
The growth and buyout tier, where the action moved
This is the freshest and most active tier in European cyber right now, and it is where the roll-ups and the exits live. If the specialists fund the companies, this tier consolidates them, and 2025 into 2026 was one of its busiest recent stretches.
Tikehau Ace Capital (Paris)
The most committed dedicated cyber investor in European private equity, and the one the ranking lists never explain properly. Tikehau Ace is the PE subsidiary of Tikehau Capital, and it has run a dedicated cybersecurity PE strategy since 2019, framed inside an aerospace, defence and cyber vertical. Gilles Daguet heads the Private Equity Cybersecurity Strategy, which means there is a standing internal team rather than a generalist deal partner who does cyber on the side. Aggregator data puts the portfolio at around ten companies. One of them, Quarkslab, backed alongside Airbus and Thales, has a pending acquisition by Airbus announced in April 2026. Tikehau Ace also backed the Tehtris round in 2022. I want to be precise here: I could not verify a standalone cyber fund size for the strategy, so I am not printing one. What is verifiable is the team, the tenure and the deal flow, and that is enough to make it the anchor name in continental cyber PE.
Verdane (Oslo), the exit case study
If you want the single cleanest proof that European cyber can return real money, it is Verdane and Hornetsecurity. Verdane backed the Hanover-based email-security company from 2016, held through rounds that also drew PSG in 2020 and TA Associates in 2022, absorbed Vade into the platform, and then exited to Proofpoint. Proofpoint completed the $1.8 billion acquisition on 8 December 2025. Verdane also bought five German cyber and infrastructure companies out of HQ Equita. This is the model working end to end: European growth investor, European company, billion-dollar strategic exit.
Keensight Capital (Paris)
Keensight runs 5.5 billion euros in assets and is building a European cyber and secure-network roll-up around Nomios. It supported Nomios in acquiring Dionach in the UK in October 2024, then Intragen in identity and access management in October 2025. This is the classic buy-and-build: take a services platform, bolt on capability, sell the combined scale to enterprises that want one accountable provider for compliance-heavy security work.
Bregal Milestone (London and pan-EU)
Bregal Milestone built CyberSentriq in June 2025 by combining TitanHQ and Redstor into an MSP-focused security platform, with more than 3,000 MSP partners, 150,000 SMBs served, and a stated target of $100 million in ARR by 2028. This is the deal that should matter most to anyone running a managed services shop, because it is capital betting directly on the channel. If you want the products that platform is competing to sit inside, I mapped the MSP tool stack separately.
PSG Equity (London, Madrid, Paris)
PSG co-led Aikido Security's $60 million Series B in January 2026 with DST Global, at a $1 billion valuation, which makes the Ghent developer-security company Europe's cleanest new cyber unicorn. Aikido's path shows the whole ladder: a 5 million euro seed in November 2023, a $17 million Series A in May 2024 led by Singular, then the unicorn round. What is interesting about PSG is the distribution play: it rolls Aikido out across its own portfolio, using the fund as a channel, which is the same margin logic that runs through the buyout tier.
Main Capital Partners (The Hague)
Main took a majority stake in PRIM'X in 2025, the French encryption vendor that sells into defence and government, its second France platform after opening a Paris office in February 2025. This is the sovereignty thesis made concrete: a Dutch software investor buying French cryptographic capability aimed at the state.
EQT (Stockholm)
EQT took a majority stake in Acronis at a valuation above $3.5 billion, announced on 7 August 2024. One honest caveat: Acronis runs a Swiss and Singapore dual headquarters, so the European label is partial. I am including it because the check and the sponsor are unambiguously part of this market, but the company is not cleanly continental.
| Firm | Base | Tier | Key vehicle or AUM | Notable cyber activity, dated |
|---|---|---|---|---|
| TIN Capital | Amsterdam | Specialist | Cyber Tech Fund V, above 80M euros (2025) | Eye Security, EclecticIQ, BreachLock; EIF-backed |
| 33N Ventures | Porto | Specialist | 50M euro first close, 150M target (2024) | Panorays, StrikeReady, Exein; 200M+ deployed |
| Auriga Cyber Ventures | Paris | Specialist (seed) | 55M euro fund | 18 startups; founded by Wallix, Vade, Oodrive operators |
| Paladin Capital | Luxembourg, London | Specialist | Cyber Fund II, $372M | EU deployment vehicle with EIF and LFF |
| Bright Pixel | Porto | Cyber-active generalist | 300M euro fund | Sekoia.io (with TIN), Tamnoon |
| Tikehau Ace Capital | Paris | Buyout | Dedicated cyber PE team since 2019 | Quarkslab (Airbus pending), Tehtris; around ten companies |
| Verdane | Oslo | Growth buyout | Multi-fund | Hornetsecurity to Proofpoint, $1.8B (Dec 2025) |
| Keensight Capital | Paris | Buyout | 5.5B euro AUM | Nomios roll-up: Dionach (2024), Intragen (2025) |
| Bregal Milestone | London, pan-EU | Buyout | Pan-European growth | CyberSentriq: TitanHQ + Redstor, MSP-focused (2025) |
| PSG Equity | London, Madrid, Paris | Growth equity | Software-focused | Aikido $60M Series B at $1B (Jan 2026) |
| Main Capital | The Hague | Buyout | Software-focused | PRIM'X majority stake (2025) |
| EQT | Stockholm | Buyout | Large-cap PE | Acronis majority at $3.5B+ (2024), dual-HQ caveat |
The state and institutional layer nobody covers
Here is the part every firmographic list skips, and it is the most important part of the whole picture. In Europe, private cyber capital sits on top of a thick layer of state and institutional money, and if you do not understand that layer you will misread who actually holds the power in this market. The EIF, the NATO Innovation Fund and the national development banks are not passive LPs. They set the mandates that the private funds then execute.
The European Investment Fund
The EIF is the LP behind nearly every fund on this page. It committed 20 million euros to TIN's Fund V, anchored Jolt V with 260 million euros, anchored Seaya with 300 million euros, and is an LP in 33N and others. Its Defence Equity Facility commitments typically run between 7.5 and 25 percent of a fund's close, which means the EIF is often the single largest reason a European cyber fund reaches its target at all. You can watch the flow directly through the EIF's own press releases. If you are raising a fund in this space, the EIF is not one LP among many. It is the keystone.
The NATO Innovation Fund
A 1 billion euro-plus fund with 24 Allied nations as LPs, and it invests in cyber on both sides of the table. Directly, it led a $15 million Series A into RevEng.AI alongside Sands Capital, In-Q-Tel and IQ Capital. As an LP, it sits inside OTB Ventures and Expeditions. It refreshed its investment team in July 2025 as defence-tech momentum built. So yes, the NATO fund is a cybersecurity investor, and it moves both as a direct backer and as the money behind the funds that back you.
Defence Equity Facility 2.0
The EIB and EIF fund-of-funds vehicle, with a 1 billion euro target spread across 25 to 30 portfolio funds in defence, cyber and dual-use. The earlier ECSO-originated European Cybersecurity Investment Platform has largely been absorbed into this structure. For a founder, this matters indirectly but heavily: it is the mechanism that keeps refilling the private funds you will actually pitch.
Bpifrance and France 2030
France runs the most aggressive national cyber-funding machine in Europe. Bpifrance's Digital Venture team manages 1.1 billion euros through its digital funds of funds, and France 2030 backed the Elaia fund directly and ran a dedicated cyber call that funded 12 laureates. This is why so much of the specialist and generalist activity on this page runs through Paris. The state is standing behind it.
One line to keep the categories clean: the EU's Digital Europe Programme is putting 1.3 billion euros into cyber, AI and digital skills across 2025 to 2027, but that is grant money, not investment. Do not blend it into the private-capital totals. It funds capability and adoption, not cap tables.
The market context: regulation, sovereignty, and one cautionary tale
Three forces explain why this capital is moving now, and one recent failure explains why it is not a free lunch.
The regulatory thesis
The cleanest bull case for European cyber is that the law is forcing demand onto a fixed schedule. NIS2 pulls essential and important entities into mandatory security obligations. DORA became applicable to financial entities in January 2025, with its first real enforcement cycle running through 2026. And the Cyber Resilience Act came into force on 10 December 2024, with reporting obligations landing on 11 September 2026 and the main obligations on 11 December 2027. Those are not soft targets, they are dated compliance deadlines, and every one of them creates a buyer who has to spend. Investors can underwrite that demand with more confidence than they can underwrite a features race.
The sovereignty framing
The second force is political. European defence, security and resilience startups raised a record $8.7 billion in 2025, roughly 10 percent of all European venture capital, and cyber is increasingly funded as sovereignty tech rather than plain software. You can see it in the mandates: the NATO fund, the EIF's Defence Equity Facility and Bpifrance all frame their cyber activity in sovereignty terms. Main Capital buying French encryption for the state is the same story in a single deal. Europe has decided it does not want to depend on American and Israeli security stacks for its critical infrastructure, and capital is following that decision.
The Tehtris caution
Now the counterpoint, because a list that only shows winners is incomplete. Tehtris, the Pessac-based endpoint and XDR company, raised a 44 million euro round in 2022 led by Jolt Capital with Tikehau Ace participating, and it was held up as a French cyber champion. It entered judicial reorganization in April 2026. Strong backers and a big round do not guarantee the outcome. The same regulatory tailwind that lifts the market does not save a company that cannot convert it into durable revenue. Read the Tehtris case next to the Hornetsecurity exit and you have the honest range of what happens to funded European cyber.
What it means if you are raising in Europe
The practical read is that your target list should be shorter and more deliberate than the ranking articles suggest, and it should be built around who actually deploys at your stage and in your geography.
At seed and Series A, go to the specialists first. TIN in the Benelux, Auriga in France, 33N and Bright Pixel out of Iberia, OTB across Central and Eastern Europe. They bring the CISO relationships and the design partners that a generalist cannot. The proof that this tier produces winners is on the record: TIN-backed Eye Security raised a 36 million euro Series B led by JPMorgan Growth in March 2024 and then a 60 million euro Series C in 2026 led by Sofina, the largest Dutch cyber raise to date. Filigran, the Paris company behind OpenCTI, raised a $35 million Series B in October 2024 and a $58 million follow-on in October 2025 that pulled in Deutsche Telekom. The European seed-to-scale ladder works.
At growth and exit, understand which buyout firm is building in your category, because in Europe the consolidator is often the exit. Aikido is the cleanest recent unicorn, hitting $1 billion on its PSG-and-DST round. The exits are landing too: Onum sold to CrowdStrike for $290 million in August 2025, and Hornetsecurity went to Proofpoint for $1.8 billion. One domicile note worth carrying: Nord Security raised $100 million at a $3 billion valuation led by Warburg Pincus in September 2023, but it is Lithuanian-founded with a Panama corporate domicile, so read its European credentials with that asterisk.
Above all, learn the state layer. If you are raising a fund, the EIF and the NATO Innovation Fund are the keystone LPs, and a sovereignty-tech framing is not marketing, it is how the money is actually allocated. If you are raising a company, the same logic reaches you through Bpifrance calls and defence facilities that quietly decide which of your investors have dry powder. The founders who win in European cyber over the next few years will be the ones who read the whole stack, from the seed specialist down to the government behind the fund behind the fund. For where these companies sit competitively, the market map is the companion read, and the Middle East piece covers the Gulf's thesis-stage interest and the few confirmed routes into cyber.
FAQ
There is no single answer, because the activity splits by tier. Among dedicated specialists, TIN Capital in Amsterdam and 33N Ventures in Porto are the most committed pure-play cyber funds, and Paladin Capital deploys a large EU-focused vehicle with the EIF. On the buyout side, Keensight, Bregal Milestone, Verdane and Tikehau Ace Capital are the most active consolidators. If you count the money behind the money, the European Investment Fund is arguably the most influential cyber investor on the continent, since it anchors most of the private funds.
Tikehau Ace Capital is the private equity subsidiary of Tikehau Capital and has run a dedicated cybersecurity strategy since 2019, led by Gilles Daguet as Head of Private Equity Cybersecurity Strategy. It sits inside an aerospace, defence and cyber framing and holds around ten portfolio companies per aggregator data, including Quarkslab, which has a pending Airbus acquisition announced in April 2026. It matters because it is the rare European PE firm with a standing internal cyber team rather than a generalist doing cyber on the side. Note that no standalone cyber fund size for the strategy is publicly verified.
Yes, on both sides of the table. It invests directly, leading a $15 million Series A into RevEng.AI, and it acts as an LP in cyber-active funds like OTB Ventures. It is a 1 billion euro-plus fund with 24 Allied nations as backers, and it frames much of its activity around cyber and dual-use defence technology. For a European founder, it can show up either as a direct check or as the institutional money standing behind your venture investor.
Continental European cyber startups raised $1.33 billion in 2025, up 81 percent from $734 million, per Return on Security, which is the same source and scope used in the global VC companion piece for cross-site consistency. You will also see broader figures around 2.7 billion euros across 266 deals, but those use a wider scope that folds in growth and PE rounds. The numbers disagree because each tracker defines a cyber company and a countable round differently, so always check the scope before comparing two totals.
They put mandatory demand on a dated schedule, which is what investors like to underwrite. NIS2 pulls essential and important entities into security obligations, DORA became applicable to financial entities in January 2025 with its first enforcement cycle in 2026, and the Cyber Resilience Act came into force in December 2024 with reporting obligations from September 2026 and main obligations from December 2027. Each deadline manufactures buyers who have to spend, which is why so much European cyber capital is framed around compliance and sovereignty rather than a pure features race.
Keensight Capital is building a secure-network roll-up around Nomios, adding Dionach in 2024 and Intragen in 2025. Bregal Milestone combined TitanHQ and Redstor into CyberSentriq, an MSP-focused platform, in 2025. Verdane produced the standout exit, taking Hornetsecurity to Proofpoint for $1.8 billion in December 2025. Main Capital bought French encryption vendor PRIM'X, and EQT took a majority of Acronis at a $3.5 billion-plus valuation, with a dual-HQ caveat on the European label. Tikehau Ace Capital anchors the dedicated cyber PE end.