Translation of the original article published in Les Échos on April 19, 2025: “Cybersécurité : «La consolidation, clé d’avenir du marché européen»”
Les Échos is one of France’s most respected financial and economic newspapers, often compared to The Financial Times in the UK or Handelsblatt in Germany. It provides in-depth analysis on business, policy, and innovation across sectors. This article, authored by Dominique Tessier of the European Champions Alliance, explores the critical role of consolidation in scaling Europe’s cybersecurity sector.
Cybersecurity: “Consolidation, the Key to the Future of the European Market”
As digital threats multiply, Europe’s unique pool of start-ups and scale-ups remains underutilized. According to Dominique Tessier, unity is strength—consolidation and cooperation are the development levers for a ‘Made in Europe’ market.
What Europe Still Lacks
What Europe still lacks is a collective reflex: one that encourages building alliances, thinking in terms of markets rather than silos, and aiming for European scale from the very first funding round.
As of today, Europe has 828 young companies across 24 countries, offering full-spectrum threat coverage (1). This promising ecosystem has the capacity to address advanced challenges (zero-day, OT, phishing, AI, etc.). It represents a viable alternative to American giants, with an approach rooted in values like privacy protection—through the GDPR—and regulatory compliance.
However, the sector is still dominated by small companies, 77% of which are start-ups. The top 10 European vendors generate €2.8 billion in revenue, while their American counterparts reach $33.5 billion. Scaling is essential: Europe has the building blocks but needs to construct the house.
Market Fragmentation
From the user perspective, clients are not seeking “the latest never-before-seen feature,” but integrated solutions that are easy to deploy and manage. While they appreciate and want to maintain healthy competition that fosters innovation, they are less inclined to “manage 25 niche vendors.” In contrast, American players offer more integrated solutions with broader functional coverage, connected to other standard tools such as cloud offerings.
Some users are aware that opting for these players risks vendor lock-in, data migration abroad, and funding American jobs. They are therefore more likely to turn to European vendors—provided these offer simpler, integrated, and comprehensive solutions.
Consolidation doesn’t mean uniformity; it means scaling efforts—pooling R&D, structuring the offering, coordinating sales.
The Publisher’s Challenge
For vendors, cybersecurity is a field that demands constant R&D investment due to ever-evolving threats. Staying too small condemns a vendor to either become a tech prey or to struggle and eventually fade out. On top of that, there are marketing, partnership-building, and other efforts needed to capture the market.
One solution is to form technical alliances to ensure product interoperability, something customers appreciate. However, complementary solutions only succeed if backed by coordinated commercial approaches and a converging business strategy, including cross-training of sales teams.
That’s where consolidation steps in: it doesn’t oppose interoperability—it amplifies and strengthens it.
Toward European Consolidation
Let’s be honest: the word “consolidation” can be frightening. But the goal is not to replicate the American oligopoly model—it’s to create several European champions capable of also conquering international markets. Consolidation isn’t uniformization, but rather a scale-up of collective efforts: pooling R&D, structuring offerings, coordinating sales.
Users—and integrators who act as intermediaries—will be at the heart of this momentum: by testing, purchasing, and referencing European solutions, they create a leverage effect that shapes supply based on their needs for integrated solutions.
The Role of Institutions
European institutions also have a role to play: aware of the risks of dependency—such as illegal data transfers and vulnerability to technology blackmail—they must support regulations with real industrial policy: public procurement, trusted cloud solutions, certifications, and European labels. They must also implement the “28th regime” project (2), a single legal framework for SMEs that removes administrative barriers and facilitates internationalization of vendors.
Financing and Sovereignty
A shared public and private financial will in Europe is also necessary, as emphasized in the Draghi report. It’s striking how often a European investor, seeing a cybersecurity vendor reach a growth milestone, is forced to find an American investor to buy their shares. In Europe, we now know how to promote start-ups, but we still struggle to fund scale-ups: European savings fund early-stage risk, but so far, it’s American investors who reap the rewards of major successes!
A Sovereignty Issue
In a word, consolidation is not an end in itself—it’s a path toward strategic autonomy, helping cybersecurity players grow more efficiently and allowing users to ensure the long-term sustainability of their information systems.
Europe does not lack talent or technologies. What it still lacks is a collective reflex—one that encourages building alliances, thinking in terms of markets rather than silos, and aiming for European scale from the first funding round.
We need consolidation, yes—but not blind concentration. We need sovereign, controlled consolidation, driven by on-the-ground actors with political support. It’s no longer time to complain—it’s time to act.
(1) European Cybersecurity Mapping 2025, European Champions Alliance.
(2) The “28th” because it would be valid in all 27 EU member states.
Dominique Tessier is Head of the Cybersecurity Focus Group at the European Champions Alliance.
