The Asia‑Pacific (APAC) cybersecurity sector saw a notable slowdown in 2025, with investor appetite shifting from breadth to depth as funds and corporates pick fewer, more mature targets, according to data from Tracxn.
While the regional market has accumulated meaningful capital over the last several years, the 2025 picture is one of moderation: total capital raised in APAC reached US$8.35 billion to date, but annual inflows have decelerated sharply from the peak years.
Also Read: From fraud fighters to zero-trust builders: SEA’s cyber stars
Tracxn’s dataset shows funding peaked in 2021 (about US$1.7 billion that year) and has tapered since. In 2025, the region attracted US$185.2 million, representing a 27.7 per cent year‑on‑year decline from 2024. The number of rounds also contracted to 43, down 27.1 per cent year‑on‑year, suggesting investors applied far stricter filters on deal quality and go‑to‑market proof points.
The picture in APAC diverged from global trends: worldwide cybersecurity funding expanded to US$14.6 billion in 2025, a 41 per cent year‑on‑year uptick, even though the number of global rounds fell to 457 — a 13.5 per cent decline.
In short, the world pumped more capital into fewer, bigger bets; APAC pulled back.
Early‑stage resilience, late‑stage drought
Stage‑level analysis reveals a nuanced internal dynamic. Early‑stage investments (seed and Series A equivalents) accounted for the lion’s share of 2025 activity in APAC, with US$138.8 million deployed, up 15 per cent year‑on‑year. That suggests venture investors retained an appetite for early product‑market experiments in cybersecurity, provided founders could show rapid adoption or defensible data moats.
By contrast, seed rounds as a category declined 34 per cent year‑on‑year to US$25.1 million, and late‑stage funding collapsed to US$21 million, a 78 per cent year‑on‑year drop.
The late‑stage drought is particularly striking: it points to a scarcity of crossover and growth capital available for scaling cybersecurity companies in the region, forcing many to either seek offshore capital or stretch to profitability sooner.
Geography of capital: India dominates
India, Australia, and Singapore held the ground in APAC funding in 2025, with funding heavily concentrated in a handful of markets. India led the region with US$116 million raised, followed by Australia with US$32.1 million and Singapore with US$24 million.
Also Read: Why Flexxon thinks software-only cybersecurity is no longer enough
The Indian figure underscores the country’s accelerating enterprise digitisation and chronic security needs across finance, fintech, healthcare, and public‑sector projects. Australia’s placement reflects a robust security vendor scene and strong crossover investors, while Singapore continues to punch above its weight as a regional security hub, buoyed by a mature professional services base and government emphasis on cyber resilience.
Segment winners: application security and data protection surge
Segmental winners in 2025 point towards enterprise pain points being monetised through AI and automation. Application security software attracted US$46.1 million (a dramatic 922 per cent increase from US$4.5 million in 2024) driven by startups that combine automated offensive testing, attack surface management and AI‑assisted remediation.
India-based FireCompass, a continuous automated red‑teaming and attack surface management player, and Protectt.ai, focusing on mobile app and AI security, were among the most funded in this category.
Data security platforms also made a leap, securing US$43.1 million — up 130.5 per cent from US$18.7 million in 2024. Startups such as QuintessenceLabs, which brings quantum‑enhanced cybersecurity capabilities, and Pantherun, an Indian innovator with a patented data protection algorithm, drew significant investor interest. The surge in data security reflects enterprises’ strategic shift from perimeter defence to protecting the data and models that power digital services.
Website security software, previously neglected by investors in the region, recorded US$20 million in 2025 — all attributable to Kasada, the Sydney‑based anti‑bot and scraping defence firm, which closed a US$20 million Series C. That single transaction highlights a broader trend: focused, revenue‑generating point solutions with clear ROI on defence spend continue to attract concentrated capital.
Notable names: Kasada, FireCompass, CloudSEK and the long‑tail leaders
On a deal basis, 2025’s largest rounds in APAC were led by Kasada (US$20 million Series C), FireCompass (US$20 million Series B), and CloudSEK (US$19 million Series B). Kasada’s raise is emblematic of demand from large digital platforms for robust bot‑defence as attackers weaponise automation and cheap compute to scale attacks.
Looking at historical funding across the region, Tracxn shows Acronis as the most capitalised cybersecurity company to date, with US$658 million raised. That is followed by Cloudwalk (US$504 million) and Druva (US$475 million) — names that underscore the diverse paths to scale in APAC, from endpoint and backup solutions to AI and imaging companies with wider market ambitions.
What this means for 2026: higher quality, deeper enterprise integration
Tracxn’s outlook suggests 2026 will not be a return to the frothy, high‑round environment of 2019–2021, but rather a transition to healthier, more focused expansion.
Also Read: Singapore’s AI adoption surges, but data complexity raises security risks: Report
Several tailwinds support this: enterprises across APAC continue to digitise, regulatory pressure for cyber resilience is rising (particularly in finance and critical infrastructure), and the attack surface is ballooning with cloud, APIs and AI deployments.
Key areas to watch include:
- Application security and attack surface management: enterprises seek continuous, automated defences as software delivery accelerates.
- Data security platforms and model protection: the proliferation of AI systems creates new vectors that require both cryptographic and behavioural defences.
- Identity‑led architectures: zero‑trust and identity verification will remain top priorities as workforce and customer interactions decentralise.
- AI‑driven threat detection: startups that can reduce mean time to detect and respond by leveraging cross‑organisational telemetry will find receptive buyers.
Investors will gravitate towards companies that demonstrate product maturity, enterprise traction and clear paths to profitability or substantial annual recurring revenue. The late‑stage capital gap may persist unless crossover and growth funds re‑enter the market; absent that, promising founders will increasingly pursue strategic partnerships, M&A exits or US and European capital sources.
Regional implications: a proving ground for global players
For Southeast Asia, the 2025 data carries actionable lessons. Markets such as Singapore, Indonesia, and Malaysia are fertile testing grounds for identity, payments and cloud security products that can scale regionally. The rise of serial founders and the repatriation of talent from global hubs can accelerate build‑outs of enterprise‑grade vendors.
However, to emulate more mature ecosystems, APAC needs a stronger pipeline of later‑stage investors willing to finance scaling security firms across time zones and regulatory regimes.
The 2025 contraction is not a setback so much as a correction. Tracxn’s figures reveal that capital is not fleeing cybersecurity; it is being more deliberately allocated. The companies that win in 2026 will be those that turn the complexity of modern attack surfaces into repeatable, enterprise‑grade services with measurable ROI.
For those firms, APAC remains a vast market of unmet demand if they can prove they can deliver results at scale.
The post Global cybersecurity heats up, and APAC cools off appeared first on e27.