Accenture Scoops Up Three OT Security Firms for $4.1B — Dragos, runZero, NetRise

A consulting giant buys "industrial security" outright

Here's the deal: Accenture announced it's acquiring three industrial cybersecurity firms at once for about $4.1 billion. The targets: Dragos, runZero, and NetRise. It takes a majority stake in Dragos (valued at ~$3.25B) and buys runZero and NetRise wholesale. Buying even one security firm is a big deal — bundling three to seize a specific domain, "operational technology (OT) security," in one stroke is something else.

First, what's "OT security"? The IT security we know protects information systems — laptops, servers, email. OT (Operational Technology) security is a different beast. It protects the machines and control systems that run the actual physical world — power grids, factory production lines, water-treatment plants, data centers. Breach those and it's not mere data leakage but physical catastrophe: blackouts, halted factories, paralyzed facilities. That's why it's central to national critical-infrastructure defense.

Why now? Accenture's stated rationale is telling. It explicitly cited "the age of AI-driven cyber threats and geopolitical risk." As AI agents autonomously access more systems, and those agents touch OT infrastructure without adequate control or visibility, security gaps explode. Accenture wants to claim the "governance layer" that closes that risk.

So here's what we're unpacking: what each firm is good at and why they're strong combined, why Accenture spent $4.1 billion to own OT security outright, and what the deal signals for "critical-infrastructure defense in the AI era." Four players and you've got it.

The players — Accenture, Dragos, runZero, NetRise

First, Accenture. A giant consulting and IT-services firm that helps companies and governments worldwide go digital. It's already a top player in cybersecurity services (consulting, managed operations), but until now it mostly sold "security done by people," not "its own security software." That's exactly the crux of this deal: Accenture, stuck in services, embraces software capability to leap into "OT security full stack."

Next, the eldest of the three, Dragos. A leader in industrial control systems (ICS) and OT threat detection. Its vendor-neutral platform specializes in detecting and responding to attacks targeting power, manufacturing, and energy facilities. In this deal Accenture takes only a majority stake in Dragos (valued ~$3.25B) and places runZero and NetRise under it — so Dragos becomes the integration hub.

Third, runZero. Strong in asset discovery and attack-surface analysis. In plain terms, its specialty is finding, without gaps, "what machines, devices, and systems are actually connected inside our facility." Notably, the founder is HD Moore — creator of the legendary security tool Metasploit. In security, "you can't protect what you don't know you have" is gospel, and runZero handles exactly that "build the inventory" job.

Fourth, NetRise. Specialized in firmware analysis and software supply-chain visibility. Firmware is low-level software buried deep in machines, and the vulnerabilities hidden there are usually invisible. NetRise surfaces the weak spots in that unseen layer. Put it together: find the assets (runZero) → see the deep vulnerabilities (NetRise) → detect and respond to threats (Dragos) — a three-stage stack. Combined, they run from OT exposure assessment all the way to threat response in one flow.

Tie the four together: a security-services leader (Accenture) buys three pieces at once — asset discovery (runZero), firmware analysis (NetRise), threat detection (Dragos) — to complete "OT security end-to-end" under one roof. That's the spine.

What the deal actually contains

Item	Detail
Announced	June 2026 (reported June 18–19)
Acquirer	Accenture
Total size	About $4.1–4.2 billion
Dragos	Majority stake (valued ~$3.25B)
runZero	Full acquisition (HD Moore-founded; asset discovery, attack surface)
NetRise	Full acquisition (firmware analysis, supply-chain visibility)
Integration	runZero and NetRise placed under Dragos
Combined ARR	~$208 million (as of June 2026)
Growth	~53% year over year
Expected close	August–September 2026
Rationale	"Critical-infrastructure defense in an age of AI-driven threats and geopolitical risk"

Start with "services to software." Accenture was already strong in the OT security services market (estimated ~$7 billion); this acquisition takes it into software too — a foothold into the larger OT cybersecurity market (estimated ~$27B in 2026, projected ~$59B by 2031). A firm that sold only consulting, now armed with "products you actually run," can bind customers far more tightly.

Second, the figures — $208M combined ARR at 53% growth — are telling. Spending $4.1B on a bundle with $208M of revenue looks pricey by simple revenue multiple. But factor in 53% high growth and an OT security market exploding in size, and Accenture bought not "today's revenue" but "future market dominance." In growth markets, buying late costs more.

Third, citing AI as the rationale captures the moment. Accenture framed "AI agents accessing OT" as the risk. The more autonomous AI proliferates, the more security holes appear in the physical infrastructure those agents touch — making governance over "who accesses what" essential. This acquisition is a bet that "in the AI era, OT security is mandatory, not optional."

Who gains what

Start with Accenture. First, completing the full stack — services (consulting, operations) plus software (detection, analysis, discovery) means one company delivers "OT security end to end." Customers no longer juggle multiple vendors, and Accenture binds them deeper. Second, claiming a high-growth market — with OT security projected to more than double to $59B by 2031, Accenture secured the core tech and talent early. Third, getting ahead of the new demand for AI-era security governance.

The three acquired firms gain too. Dragos, runZero, and NetRise were each strong in one slice of OT security but struggled to sell a "complete solution" alone. Riding Accenture's vast distribution and global customer base, their tech can reach far more infrastructure. For talent like runZero's HD Moore, the picture of their tech defending power grids and factories worldwide is appealing. Between staying a small specialist and becoming a giant's core weapon, they chose the latter.

The unexpected variable is rival OT security firms and customers. Rivals now face an integrated player suddenly backed by a giant consultancy — uncomfortable. Customers who run infrastructure (utilities, manufacturers, data centers) might welcome having their options consolidated, or might balk at "vendor lock-in." The old tug-of-war between integrated convenience and independence repeats here too.

Net: short-term, both Accenture (full stack, market grab) and the three firms (riding a vast channel) come out positive. But whether the three firms' tech merges smoothly inside Accenture is only knowable after integration — with the usual M&A maladies of talent flight and integration delay riding along.

Precedents — wins and losses

"A giant IT/consulting firm buys security specialists" is a common pattern in cybersecurity. The winning logic is clear: security is deep and fast-changing, hard to keep up with via in-house build alone. Buying proven tech, teams, and customers wholesale slashes time. Especially in OT, which demands deep industrial domain knowledge, "acquire the capability" is often rational. Accenture bundling three firms runs exactly that logic.

But study the failures for fairness. Security M&A's chronic diseases are "integration failure" and "talent flight." If the core engineers of a pricey acquisition quit, worn down by a giant's bureaucracy, you bought a shell, not the tech. Especially when an individual's reputation and skill — like runZero's HD Moore — is a large part of company value, whether that person stays or leaves can decide the deal. Spending $4.1B doesn't automatically deliver $4.1B of value.

Another balanced view: the difficulty of merging three firms into one. Dragos, runZero, and NetRise have different cultures, products, and tech stacks. Weaving them into an "OT security full stack" smoothly takes substantial work, and the process can expose product overlaps and clashes. "The three pieces fit perfectly on a diagram" and "they actually run as one product" are different things.

So the balanced conclusion: the direction ("services + software full stack") and the logic ("AI-era OT security demand") are genuinely persuasive, but $4.1B of real value is decided by integration execution and retaining key talent. Security M&A's lesson: a good acquisition is completed not by the contract, but by the one-to-two years after the merger.

Competitors' counter-play

Will rivals sit still? First counter: matching acquisitions from other IT-services and security giants. With OT security now a clear battleground, rivals will buy similar industrial-security startups or build their own capability to answer back. An arms race among integrated players over the big "AI-era infrastructure defense" pie kicks off.

Second, differentiation by pure-play OT security firms. Giants like Accenture are powerful but heavy, colored by consulting. So specialists pitching "we're vendor-neutral, lighter, more tailored to a specific industry" have room in the gaps — selling an "independent alternative" especially to customers who don't want Accenture lock-in.

Third, entry by cloud/platform giants. Microsoft, Google, and Amazon push security as a core feature of their cloud ecosystems. As OT data increasingly links to the cloud, if they pitch "unified defense from IT to OT inside our cloud," the picture gets complicated. It could become consulting-based full stack (Accenture) vs. cloud-based full stack (Big Tech).

And don't forget the evolution of AI agents themselves. Accenture framed "AI threatens OT," but the reverse — "AI defends OT" — is also growing fast. As security agents that auto-detect and respond mature, the center of gravity of defense shifts too. So this war isn't only human vs. human — it spills into "attacking AI vs. defending AI." Accenture's acquisition isn't the end of the game — it's an opening shot in the long contest over who defends AI-era infrastructure, and how.

So what actually changes — by who you are

If you're a security engineer/developer. Watch the rising value of OT security talent. As the $4.1B deal shows, expertise in industrial control systems, firmware, and asset discovery only gets scarcer. Unlike general IT security, it demands physical-infrastructure domain knowledge, raising the entry barrier. In an era of AI accessing OT, the ability to "control and audit agent access" becomes a core skill.

If you're an infrastructure/manufacturing decision-maker. The lesson: OT security is no longer an IT-security afterthought. Breach a power grid or production line and you get physical paralysis, not data leakage — and the risk grows with more AI agents. The key is to view "what's connected (asset discovery), where it's vulnerable (firmware analysis), who's accessing it (governance)" in an integrated way. And decide "buy an integrated solution (à la Accenture) vs. assemble independently" weighing lock-in risk too.

If you're a general observer. The significance: AI is starting to shake security beyond the digital, into the physical world. Cybersecurity used to be "protecting data"; now the front line extends to "systems that run the real world" — power, factories, facilities. The more AI agents autonomously handle, the more "who controls those agents, and how" becomes a central societal question.

One line across all three: cybersecurity's center of gravity is moving from "defending information systems" to "defending the physical infrastructure that AI touches." Accenture's $4.1B bet is the signal — and the real value shows up in whether the three firms, merged into one, actually make critical infrastructure safer.

🥄 Three Things You're Probably Wondering

— Is OT security really that different from IT security? Decisively. IT security protects data and information systems — breach it and you get leaks and hacks. OT security protects "control systems that run the physical world" — power grids, factories, water plants — and breach it and you get blackouts and production stoppages. Domain knowledge and response methods differ entirely. Accenture bought the three firms bundled, not separately, precisely because OT needs "asset discovery + vulnerability + detection" as one flow.

— $4.1B for $208M of revenue? Isn't that overpriced? By simple revenue multiple, it does look steep. But weigh two things: the 53% high growth, and the forecast that OT security more than doubles to $59B by 2031. Accenture bought "future market dominance," not "today's revenue" — and in growth markets, buying late costs more. Whether the bet pays off, of course, is only knowable after integration.

— It says they bought it because of AI — what's the connection? As AI agents autonomously access more systems, and those agents touch OT like power grids and factories without adequate control, security holes multiply — making governance over "who accesses what" essential. Accenture saw that demand early and grabbed an OT security full stack. Whether that's marketing rationale or a genuinely imminent threat will be answered by how fast AI agents actually spread.

References

• Accenture to Strengthen Critical Infrastructure Defense with End-to-End Cybersecurity Platform — Accenture Newsroom
• Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push — SecurityWeek
• Accenture to buy Dragos, runZero, and NetRise in $4.2 billion cybersecurity deal — Help Net Security
• Accenture shells out $4.18B on three companies in big industrial cybersecurity push — CyberScoop
• Dragos and Accenture: A New Chapter for OT Security — Dragos

Numbers and criteria are as of announcement and may change.