Executive Summary
Analysis of the European cyber security market reveals a limited but strategically interesting selection of listed companies focusing on specialized niches. The search for public players in this segment is challenging, as innovative European market leaders such as Darktrace and Sophos have been acquired and delisted by well-funded US private equity firms in recent years.
This report identifies and analyzes three relevant, publicly traded European niche companies: the secunet Security Networks AG (Germany), the NCC Group plc (United Kingdom) and Yubico AB (Sweden). Each of these companies occupies a unique position in the market, which is characterized by specific business models and the regulatory and technological framework conditions in Europe. secunet benefits from its position as a reliable partner for government high-security solutions, the NCC Group from its diversification into professional services and software escrow, and Yubico from its pioneering role in the field of hardware-based authentication.
Market growth in Europe is largely driven by increasing cyberattacks, which are also fueled by geopolitical tensions, and by strong regulatory impulses such as the EU directives NIS2 and DORA. This creates a specific demand that differs from the primarily innovation-driven markets in the US.
The financial and strategic analysis shows that the companies are going through different phases of development. While secunet demonstrates robust and profitable growth, Yubico is in a challenging transition from a one-time sales to a recurring subscription model. The NCC Group is faced with the task of successfully implementing its strategic transformation to increase profitability. This dynamic provides a nuanced picture for investors exposed to the European cybersecurity sector.
Chapter 1: The European cybersecurity ecosystem - framework conditions and market dynamics
1.1 Market trends and growth drivers
The European cybersecurity market is in a phase of significant growth. The market size has been estimated at USD 63.12 billion in 2025 and is expected to grow to USD 105.45 billion by 2030, representing a compound annual growth rate (CAGR) of 10.81%.1 Other estimates see similar growth rates.2 This growth is driven by a number of interrelated factors resulting from both the changing threat landscape and the regulatory environment.
A key catalyst is the increasing frequency and sophistication of cyberattacks. In 2024, ransomware attacks on European organizations increased by 30%.1 These threats are often exacerbated by geopolitical tensions, as demonstrated by the Russia-Ukraine conflict, which has led to the weaponization of cyberattacks by state-sponsored actors.1 This escalating threat landscape is not just a passive phenomenon, but a direct cause of the growing demand for robust cybersecurity solutions. Businesses and public sector organizations are realizing that robust cyber defenses are no longer an optional IT expense, but a fundamental operational necessity.1 The causal chain is clear: geopolitical tensions are leading to an increase in sophisticated attacks, which in turn is leading to increased and mandatory investment in cyber defenses.
Within the market, the services segment is experiencing the fastest growth, with an expected CAGR of 13.8% by 2030.1 This indicates a shift from pure product sales to comprehensive solutions such as Managed Detection and Response (MDR), consulting services and outsourcing of day-to-day security operations. This trend is fueled by a significant shortage of qualified cybersecurity professionals in Europe, estimated at over 299,000 unfilled positions.1
1.2 Regulatory landscape and its impact
The dynamics of the European market are fundamentally different from those in the US, where demand is often driven by technological innovations such as zero trust or cloud solutions.4 In Europe, the main drivers of cybersecurity spending are the EU NIS2 and DORA (Digital Operational Resilience Act) directives.1 These regulations force companies, particularly in the financial sector (BFSI), to adhere to strict security standards and formalize the monitoring of service providers and the conduct of emergency drills.1
Strict compliance with these requirements is not just a cost factor for European cybersecurity companies, but a decisive competitive advantage. Companies that are positioned as reliable partners for managing governance, risk and compliance (GRC) requirements can build a stable and sustainable business model from this development. This creates a kind of "regulatory moat" that makes access more difficult for less specialized or international competitors and creates a specific market niche for EU-based and compliant providers.1
1.3 Definition of "niche" and selection criteria
For the purposes of this report, a "niche company" is defined as a company that focuses on a specific market segment or specialized technology that differentiates it from the broader offerings of global technology giants such as Cisco, IBM or Broadcom.2 The research therefore focuses on companies whose business models specialize in high-security government solutions, professional services or hardware authentication.
It is important to clarify the status of two former European market leaders that are no longer listed on the stock exchange:
- Darktrace: The UK company, a pioneer in AI-powered cybersecurity with its "self-learning AI" 10, was acquired by US private equity firm Thoma Bravo for USD 5.3 billion in October 2024 and delisted from the London Stock Exchange.12
- Sophos: Another well-known British provider specializing in endpoint security was also acquired by Thoma Bravo back in March 2020 and delisted from the stock exchange.14
The repeated takeover of prominent European players by the same US investment firm illustrates a key market dynamic: innovative European technology companies are attractive takeover targets for well-funded investors, which reduces the number of publicly traded companies in the European technology sector. This report focuses on the remaining independent players listed on European stock exchanges.
The niche companies that are analyzed in detail later in the report:
secunet Security Networks AG; $YSN (-1.01%)
Germany
High security solutions for the public sector
NCC Group plc; $NCC (-1.18%)
United Kingdom
Professional services & software escrow
Yubico AB; $ACQ SPAC (+2.11%)
Sweden
Hardware-based authentication
Chapter 2: Analysis of listed niche companies in Europe
2.1 secunet Security Networks AG (Germany)
Company profile & niche:
secunet is a leading German cyber security company and is considered the IT security partner of the Federal Republic of Germany. The company serves a critical niche by providing highly secure software and hardware solutions for customers with particularly sensitive data, including government agencies, ministries, police and defense sectors. The company's success is based not only on its technological solutions, but also on its status as a reliable national partner. The geopolitical situation and the increasing need for sovereign, trustworthy solutions that do not come from foreign providers create a gap in the market that global, often US-based companies cannot fill. This protects secunet from direct international competition in its core segment.
Financial performance & outlook:
The company recorded a strong financial performance in the first half of 2025. Revenue increased by 19% to € 171.7 million and EBIT improved remarkably from € 1.4 million to € 7.2 million.16 This momentum is a strong indicator of the robust business strategy and high demand in the target market. The company has maintained its forecast for the year with sales of EUR 425 million and an EBIT margin of between 9.5% and 11.5%.16
Share performance:
The market's confidence in the business model is reflected in the share performance. In the last 52 weeks, the secunet share achieved a return of 89.0%, outperforming the benchmark index by 62.0%.
2.2 NCC Group plc (United Kingdom)
Company profile & niche:
NCC Group plc is a UK-based global cyber security and software resilience company listed on the London Stock Exchange. NCC Group's niche lies in the provision of comprehensive professional services such as penetration testing, incident response and compliance consultancy, complemented by its software escrow business. This enables companies to protect their software assets and minimize legal risks.
Financial performance & strategic change:
The report for the first half of the 2025 financial year shows a mixed financial picture. While revenue in the Software Escrow segment (Escode) increased by 1.8% on a constant currency basis, the core business area of cyber security recorded a decline of 5%. The company is undergoing a strategic change to move away from a pure volume strategy in the cyber security segment and instead focus on "strategic customer relationships". The management expects that this change will lead to a slight decline in sales in the short term, but should improve profitability and the quality of customer relationships in the long term. The decline in sales is therefore a direct, short-term result of the strategic realignment and not necessarily an indicator of declining demand.
2.3 Yubico AB (Sweden)
Company profile & niche:
Yubico AB is a pioneer in the field of hardware-based authentication and is listed on Nasdaq Stockholm. The company's YubiKey products offer a physical form of multi-factor authentication (MFA), which is considered one of the most secure methods of securing digital identities. The company's niche lies in providing highly secure, easy-to-use hardware solutions for businesses and consumers.
Financial performance & business model transition:
The quarterly report for Q2 2025 shows a complex financial situation that marks the company in a crucial transition. Net sales decreased by almost 19% year-on-year to SEK 499 million. At the same time, bookings for the newly launched subscription model (YubiKey-as-a-Service) increased by 41%. This apparent discrepancy can be attributed to the strategic transformation of the business model. Yubico is moving away from one-off hardware sales towards a recurring subscription business. This change inevitably leads to a short-term decline in revenue, as income is now spread over the term of the subscriptions. The true strength of the company therefore lies not in its declining quarterly revenue, but in the strong growth of its subscription-based revenue base, which provides a more stable and valuable foundation for future business development.
Chapter 3: Status of former European market leaders - acquisitions and the consequences for the market
3.1 Darktrace (United Kingdom)
Darktrace was an innovative player in the European cybersecurity market, listed on the London Stock Exchange. The business model was based on an AI-powered "Enterprise Immune System" technology that uses machine learning to learn the normal "behavioral pattern" of a network to detect unknown threats in real time. This pioneering work positioned Darktrace as a key player in the European technology market.
In April 2024, Darktrace announced that it had agreed to be acquired by US private equity firm Thoma Bravo in a deal valued at USD 5.3 billion. The acquisition was completed in October 2024 and the company was delisted from the stock exchange. The acquisition of one of Europe's most innovative and fastest-growing companies demonstrates a key market dynamic: successful and leading European technology companies are attractive acquisition targets for well-funded US investors seeking access to cutting-edge technologies and new markets. This reduces the number of available investment opportunities in the European public tech sector.
3.2 Sophos (United Kingdom)
Sophos was a prominent provider of endpoint security and cyber resilience solutions and was also listed on the London Stock Exchange. The company was acquired by Thoma Bravo in March 2020 and delisted. Since the acquisition, Sophos has continued its expansion strategy as a private company, as demonstrated by the acquisition of US company Secureworks for USD 859 million in 2025. The repeated acquisition of well-known European players by the same US investor underlines the dynamics of the shakeout and the erosion of the European stock market segment in this sector.
Chapter 4: Comparative analysis and outlook for investors
4.1 Comparison of strengths, weaknesses and market positioning
Each of the companies analyzed has a unique profile that is derived directly from its niche positioning.
- secunet: The company is strongly anchored in the public sector and critical infrastructure. Its dependence on German government business provides stability and a "regulatory moat" that protects it from international competitors, but could limit the pace of growth on a global scale.
- NCC Group: The company's strength lies in its diversification into professional services and software escrow. However, the current strategic shift carries the risk of short-term financial losses before the potential long-term benefits materialize in the form of improved margins and customer relationships.
- Yubico: As a pioneer in hardware-based authentication, the company has a strong brand name and a technological leadership position. The biggest challenge is to successfully manage the transition to a subscription-based business model, which will lead to revenue pressure in the short term but promises a more stable and better valued revenue stream in the long term.
4.2 Conclusion and outlook for investors
The choice of listed niche companies in the European cyber security sector is limited, but the remaining players offer interesting profiles. Dynamic market consolidation, driven by takeovers by US investors, is eroding the European public tech landscape, making the remaining companies particularly relevant for investors looking to invest directly in European technology.
secunet represents a robust and proven investment opportunity that benefits from stable business with the German state and EU regulatory requirements. The company has proven its ability to deliver profitable growth. Yubico, on the other hand, offers an investment opportunity with higher risk and greater potential. The short-term decline in sales is an inevitable consequence of the strategically important transition to a recurring revenue model. In the long term, this change could create a much more stable and valuable base. The NCC Group must prove that its strategic turnaround is successful in order to regain investor confidence and improve profitability.
For investors, a differentiated view is essential, taking into account the respective niche positioning, the strategic direction and the specific risks and opportunities of each company.
List of relevant but non-European cyber security companies
The global cybersecurity market is dominated by a number of large companies, mostly listed on US stock exchanges. Although these companies are not the subject of this report, they are relevant to understanding the broader market environment:
- Palo Alto Networks Inc (WKN: A1JZ0Q): Leading provider of network security platforms.
- Fortinet Inc (WKN: A0YEFE): Network security specialist.
- CrowdStrike Holdings Inc (WKN: A2PK2R): Market leader in cloud-based endpoint protection.
- Zscaler Inc (WKN: A2PSFR): Market leader in zero trust and cloud security.
- Cyber-Ark Software Ltd (WKN: A12CPP): Specialist in enterprise IT security and a leader in identity security.
- Okta Inc (WKN: A2DNKR): Pioneer in identity and access management.
- Check Point Software Ltd (WKN: 901638): Provider of cloud-based security platforms.8
- Datadog Inc (WKN: A2PSFR): Monitoring service for cloud applications.
References
Europe Cybersecurity Market Size, Share, Analysis, Trends - Mordor Intelligence, accessed September 1, 2025, https://www.mordorintelligence.com/industry-reports/europe-cybersecurity-market
Europe Cyber Security Market Size & Outlook, 2024-2030, accessed September 1, 2025, https://www.grandviewresearch.com/horizon/outlook/cyber-security-market/europe
Europe Cybersecurity Market Size, Competitors & Forecast, accessed September 1, 2025, https://www.researchandmarkets.com/report/europe-it-security-market
Cybersecurity Stocks: The Best Picks for 2025 - Investing.com, accessed September 1, 2025, https://de.investing.com/academy/stock-picks/cybersecurity-aktien-2025/
Best Cybersecurity Stocks & Funds of 2025 | The Motley Fool, accessed September 1, 2025, https://www.fool.com/investing/stock-market/market-sectors/information-technology/cybersecurity-stocks/
ENISA NIS360 2024 report: A comprehensive look at cybersecurity maturity and criticality of NIS2 sectors, accessed September 1, 2025, https://www.enisa.europa.eu/news/enisa-nis360-2024-report
Relevant information for our investors - secunet Security Networks AG, accessed September 1, 2025, https://www.secunet.com/en/about-us/investors
Cybersecurity | Cybersecurity Stocks | finanzen.net, accessed September 1, 2025, https://www.finanzen.net/anlagetrends/cybersecurity
The best cybersecurity stocks - justETF, accessed September 1, 2025, https://www.justetf.com/en/how-to-stocks/cyber-security-stocks/
Top AI Cyber Security Company | About Darktrace, accessed September 1, 2025, https://www.darktrace.com/company
Cyber AI: Augment your security team and stop novel threats - Darktrace, accessed September 1, 2025, https://www.darktrace.com/cyber-ai
Darktrace announces formal completion of its acquisition by Thoma Bravo, accessed September 1, 2025, https://www.darktrace.com/news/darktrace-announces-formal-completion-of-its-acquisition-by-thoma-bravo
Darktrace | Jefferies.com, accessed September 1, 2025, https://www.jefferies.com/emea-case-studies/darktrace/
Sophos - Wikipedia, accessed September 1, 2025, https://en.wikipedia.org/wiki/Sophos
Sophos Completes Secureworks Acquisition, accessed September 1, 2025, https://www.sophos.com/en-us/press/press-releases/2025/02/sophos-completes-secureworks-acquisition
Secunet Security Networks AG Reports Half-Year Growth and Maintains Yearly Forecast, accessed on September 1, 2025, https://www.webdisclosure.com/article/secunet-security-networks-ag-reports-half-year-growth-and-maintains-yearly-forecast-B09ZNgGeKnC
Secunet Security Networks Share: Real-time Price & Analysis (727650 | YSN), accessed on September 1, 2025, https://aktie.traderfox.com/visualizations/DE0007276503/LS/secunet-security-networks-ag
NCC Group plc - AnnualReports.com, accessed September 1, 2025, https://www.annualreports.com/Company/ncc-group-plc
Network Penetration Testing Services - NCC Group, accessed September 1, 2025, https://www.nccgroup.com/technical-assurance/network-infrastructure-architecture-container-security/network-penetration-testing-services/
Penetration Testing Services | NCC Group, accessed September 1, 2025, https://www.nccgroup.com/technical-assurance/penetration-testing-services/
NCC Group plc Unaudited interim results for the period ended March 31, 2025, accessed September 1, 2025, https://www.nccgroupplc.com/media/nqfb2xsl/ncc_group_rns_h1_fy25.pdf
The share - Yubico Investor Relations, accessed September 1, 2025, https://investors.yubico.com/en/investors/the-share/
Revenue model - Yubico Investor Relations, accessed September 1, 2025, https://investors.yubico.com/en/what-we-do/revenue-model/
Business model - Yubico Investor Relations, accessed September 1, 2025, https://investors.yubico.com/en/what-we-do/business-model/
Yubico AB Investor Relations - Alpha Spread, accessed September 1, 2025, https://www.alphaspread.com/security/sto/yubico/investor-relations
Darktrace: Pioneering AI in the Cyber Security Space - Summit Partners, accessed September 1, 2025, https://www.summitpartners.com/resources/darktrace-pioneering-ai-in-the-cyber-security-space
Darktrace to See Continued Revenue Momentum, Slower Customer Acquisition Rate, accessed September 1, 2025, https://visiblealpha.com/data-snapshot/darktrace-to-see-continued-revenue-momentum-slower-customer-acquisition-rate/
Sophos Group PLC (LON:SOPH) - Share Price - Intelligent Investor, accessed September 1, 2025, https://www.intelligentinvestor.com.au/shares/lon-soph/sophos-group-plc/share-price
