What are typical cybersecurity deal sizes by customer segment?

Cybersecurity deal sizes vary dramatically by customer segment and product category. The pattern is consistent across major vendor public reporting (CrowdStrike, Palo Alto Networks, Zscaler, SentinelOne 2024 earnings calls plus RepVue 2024 deal-size benchmarks). SMB deals ($5,000 to $50,000 ARR) involve simpler products, shorter sales cycles (2 to 6 weeks), and fewer stakeholders. A typical 100-person company might spend roughly $10,000 per year on endpoint protection, $8,000 on email security, $12,000 to $18,000 on compliance automation (Vanta or Drata), and $5,000 to $15,000 on password management and SSO.

Mid-market deals ($50,000 to $250,000 ARR) involve more complex requirements, formal evaluation cycles, 3 to 6 month sales cycles, and multiple stakeholders (CISO or VP of Security, VP of IT, CFO, sometimes Legal). A typical 2,000-person company might spend $80,000 to $150,000 per year on SIEM, $60,000 to $120,000 on endpoint detection, $50,000 to $100,000 on identity and access management, $30,000 to $60,000 on vulnerability management, and $40,000 to $100,000 on cloud security posture management. Procurement runs through a defined vendor management process at this segment, with security architecture review boards often gating approval.

Enterprise deals ($250,000 to $2,000,000 plus ARR) involve multi-product platform purchases, extensive proof-of-concept testing (typically 4 to 12 week POCs), legal review, third-party risk assessment, and 6 to 12 plus month sales cycles. A Fortune 500 company with 50,000 employees might spend $800,000 to $2,500,000 per year on a next-gen SIEM platform (Splunk Enterprise Security, Microsoft Sentinel, Sumo Logic, Devo), $500,000 to $1,500,000 on endpoint protection across the full estate (CrowdStrike Falcon, SentinelOne Singularity, Microsoft Defender for Endpoint), $300,000 to $800,000 on cloud security posture management (Wiz, Palo Alto Prisma Cloud, Lacework), and $200,000 to $600,000 on identity governance (SailPoint, Saviynt, Okta Identity Governance).

Strategic and Global 100 deals reach extreme sizes. A single platform purchase combining SIEM, SOAR, EDR, cloud security, and identity at the largest enterprises (Fortune 50 financial services, Fortune 50 healthcare, Big 4 tech) reaches $5,000,000 to $25,000,000 plus annual recurring revenue. Per CrowdStrike fiscal 2025 reporting, the company tracks 250 plus customers spending over $1M annual recurring revenue with a growing cohort over $10M. Per Palo Alto Networks fiscal 2024 reporting, the company tracks its NGS ARR metric covering newer platform products at substantially higher deal sizes than legacy-product averages. Sales reps managing these strategic accounts (Strategic Account Director, Global Account Manager) carry $3M to $10M quotas and earn $400,000 to $1.2M OTE.

Pricing structures common in cybersecurity. Per-endpoint pricing (CrowdStrike Falcon at roughly $5 to $20 per endpoint per month depending on bundle, SentinelOne Singularity at similar ranges). Per-user pricing (Okta Workforce Identity at $2 to $15 per user per month). Per-data-volume pricing (Splunk historically at high per-GB-per-day ingest rates, now shifting to workload-pricing). Per-cloud-account pricing (Wiz and Lacework run roughly $10,000 to $40,000 per AWS or Azure account annually depending on scale). Module-based pricing (Palo Alto Prisma Cloud with separate modules for CSPM, CWPP, IAM Security, Data Security). Term commitments produce discounts: 1-year list, 2-year roughly 8 to 15 percent discount, 3-year roughly 15 to 25 percent discount, with pre-payment producing additional 3 to 8 percent.

Platform consolidation drives larger average deal sizes. Per the SANS 2024 Security Operations Survey, 70 plus percent of CISOs report active platform consolidation initiatives intended to reduce tool sprawl from 50 to 80 vendors down to 15 to 30. Per Palo Alto Networks public commentary, customers spending more than $1M with Palo Alto increased substantially in fiscal 2024. CrowdStrike Falcon Module ARR distribution shifted from majority-EDR to multi-module across the install base. This trend favors enterprise reps who can manage complex multi-product deals with multiple stakeholders.

Channel and partner-influenced deals. Roughly 50 to 70 percent of cybersecurity enterprise deals involve a value-added reseller (CDW, SHI, Optiv, World Wide Technology, Insight, Presidio) or a global systems integrator (Deloitte, Accenture, IBM, Wipro, Tata Consultancy Services). Channel mark-up runs 8 to 22 percent typical. Channel deal registration is required at most cybersecurity vendors to prevent partner conflict; AEs must manage partner relationships actively to keep deals registered to their accounts.

Compensation implications by segment. SMB AEs typically earn $130,000 to $180,000 OTE on $600,000 to $1,200,000 ARR quotas. Mid-market AEs earn $180,000 to $280,000 OTE on $1,000,000 to $1,800,000 quotas. Enterprise AEs earn $230,000 to $400,000 OTE on $1,500,000 to $3,500,000 quotas. Strategic and Global Account Directors at the largest cybersecurity vendors earn $400,000 to $1.2M OTE on $3M to $10M quotas with overachievement accelerators reaching 2x to 3x variable comp. DecipherU's cybersecurity sales career guides cover deal management by segment, sample deal structures, and the negotiation strategies that close at each segment.