The world of cybersecurity never stands still, and recent developments demonstrate once again just how dynamic and globally interconnected this market is. On 15 May 2025, the Californian company Proofpoint, a leading provider in the field of cloud security, announced the acquisition of the German specialist Hornetsecurity. With a purchase price of over one billion US dollars, this transaction marks Proofpoint’s largest acquisition to date. On the one hand, the sum alone demonstrates what a milestone this purchase represents for Proofpoint and the success story seen in the German company from Hanover. However, the far-reaching consequences for the European and international security market, and German customers in particular, are likely to be just as immense.
Who is Hornetsecurity?
Hornetsecurity has been a major player in the field of email security and cloud backup for years. With its ‘365 Total Protection’ product, the company offers comprehensive security solutions for Microsoft 365 and other platforms. In addition to spam and malware filtering, the offering also includes online training for employees on topics such as phishing and social engineering – a key component of today’s security awareness. The management team led by founder and CEO Daniel Hofmann will remain on board following the acquisition to drive the further development of the products. With around 700 employees at locations in the US, Spain, and South America, Hornetsecurity has a strong foundation from which to further expand its position in the European market.
What does the acquisition mean for Proofpoint?
Proofpoint, founded in 2002 by Netscape’s Chief Technology Officer Eric Hahn, has been owned by the private equity firm Thoma Bravo since 2021. The company aims to strengthen its market position in the areas of cloud security and Managed Service Providers (MSPs). Through the acquisition of Hornetsecurity, Proofpoint gains direct access to European SMEs and thousands of MSPs – a strategically important expansion. Sumit Dhawan, CEO of Proofpoint, emphasised that the acquisition helps to consolidate fragmented security tools into a unified platform. The aim: to increase efficiency and provide a higher level of protection for customers worldwide.
What does the acquisition mean for german companies and customers?
As strategically sound as the acquisition may be from a global economic perspective, it raises specific questions for German companies – particularly regarding to data protection, compliance and data sovereignty.
This is because, as a US company, Proofpoint is subject to the CLOUD Act. This allows US authorities to access data under certain conditions – even if it is physically stored in the EU. For German companies, this represents a potential weakening of GDPR compliance and internal compliance guidelines. This can significantly undermine trust in digital processes and outsourced security solutions. Customers are therefore advised to carry out a risk assessment and determine for themselves whether the use of Hornetsecurity can continue to align with their security strategy.
Furthermore, the takeover demonstrates that even established European providers such as Hornetsecurity – hitherto a stalwart in the security market – are increasingly coming under US influence. Europe’s digital sovereignty is thus being put to the test. And wouldn’t it make strategic sense and be promising for German companies to establish their own independence, particularly now with the new US administration?
What should customers do now?
Hornetsecurity’s customers in particular, but also other companies, should use this development as an opportunity to explore genuine alternatives from Germany. For those who wish to safeguard their data sovereignty and rely on GDPR-compliant solutions, it is worth taking a look at independent providers from Germany – with no ties to US companies.
Between opportunity and risk: What the Hornetsecurity takeover means for German companies
The takeover of Hornetsecurity by Proofpoint is a clear signal of the internationalisation of the IT security industry. It opens new technological possibilities, but also raises legitimate questions regarding European data sovereignty and regulation. German companies should therefore seize the opportunities offered by globalisation, whilst not losing sight of the risks.