Cybersecurity in 2026: Consolidation, AI Identities, and the Great Regulation Debate.
Are we buying security to manage risk, or just to check a compliance box?
The ECA hosted this morning a webinar that tackled the toughest questions facing CISOs and security vendors today, inviting Carole Winqwist (GitGuardian), Zeina Zakhour (ATOS), Benjamin Leroux (aDvens) and Jean-Noël de Galzain (Wallix) to a multi-perspective roundtable discussion.
If you missed it, here is a quick breakdown of its main insights:
1. The Scale Problem is Real
Dominique shared a staggering stat from the Cybersecurity Mapping: 75% of European cybersecurity vendors have fewer than 50 employees. When you compare the revenues of the top 10 European vendors to the top 10 US giants, the ratio is a massive 10.5 to 1 in favour of the US.
2. We Need Consolidation, Not Just Mergers
In her keynote, Zeina argued that the issue isn’t our technical capability, it’s a fragmented market bound by national budgets and local procurement rules. To scale against global competitors, she stressed that we can’t just slap products together via basic mergers. Instead, Zeina called for building integrated ecosystems around three core “structuring layers”: Trust Infrastructure, Secure Systems, Cyber Resilience
3. True Resilience Must Be Collective
Building on the scale problem: True cyber resilience cannot be achieved in silos. Operating across multiple European borders, Benjamin emphasised that Europe must build its technological ecosystem collectively. Fragmented tools won’t save us; a unified European front will.
4. The Non-Human Identity Explosion
Managing identity isn’t just an HR onboarding task anymore. With AI agents and non-human entities (API keys, secrets, tokens) multiplying, Carole highlighted a massive gap: these identities lack a centralised owner and operate probabilistically, creating their own access rights and making a standard Zero Trust approach incredibly difficult to manage.
5. Regulation vs. Innovation
The panel drew a sharp contrast between how different markets approach security; Jean-Noël noted that European buyers are currently heavily driven by compliance mandates like NIS2 to build their security policies. Carole countered that over 70% of GitGuardian’s revenue comes from the US, where buyers adopt early tech based on immediate risk mitigation, not just waiting for laws to pass.
The Big Question: How can European cyber companies bridge the gap between being compliant and being genuinely innovative before the US or adversarial AI tech leaves us in the dust?
What’s your take, is regulation helping or hindering fast-paced cyber innovation? don’t miss out on discussions like this!
You can watch the replay by clicking on HERE.
To download the mapping
