Operator note · Diligence

What private equity gets wrong about cyber TAM.

The addressable market a cybersecurity company can actually win is usually a fraction of the number on the slide. Knowing the difference is the whole game.


Almost every cybersecurity deck opens with a market chart pointing up and to the right. The category is growing, threats are multiplying, budgets are rising. All true, and almost never the point. The number that decides whether a deal works is not the size of the market. It is the slice of it this company can actually reach, win, and keep.

Top-down TAM hides three problems

Most TAM slides start with a giant analyst figure for "cybersecurity spend" and apply a friendly capture assumption. That math buries three things an operator looks for first. The first is buyer overlap: a workforce identity product and a privileged access product both live under the "identity" umbrella, but they are sold to different buyers on different cycles, and a dollar in one is not a dollar in the other. The second is displacement difficulty: in cyber, the incumbent is often "good enough," and ripping out a deployed control is expensive and risky for the customer, which makes a large nominal market functionally closed. The third is the services tail: a meaningful share of "market" is integration and managed work that does not scale like software and should be valued differently.

The market that matters is the winnable one

We start from the bottom. Who is the actual buyer, what do they already run, and what has to be true for them to switch? How long is the real sales cycle once you remove the deals that closed on a relationship? What is the renewal behavior when the champion leaves? Answer those and the addressable market usually compresses to something smaller, more specific, and far more useful for underwriting than the headline figure.

Why this is an operator read

You do not get to a winnable-market number from a research subscription. You get there from having carried the bag, lost the deals that looked certain, and watched a roadmap collide with what customers would actually pay for. That is the read we bring before the LOI, while the price still reflects the slide rather than the reality.

← Back to Insights

Considering a cyber investment?

Get an operator's read before the LOI.