ServiceNow has intensified its acquisition strategy in 2025, signalling a decisive shift toward expanding its artificial intelligence and cybersecurity capabilities through large scale deals. The enterprise software company recently announced an agreement to acquire cybersecurity firm Armis in a transaction valued at $7.75 billion in cash, marking the largest acquisition in ServiceNow’s history and capping a year in which its total deal activity crossed $12 billion.
The acquisition reflects ServiceNow’s growing focus on embedding security deeper into its workflow automation platform as enterprises increasingly contend with complex digital environments and rising cyber risks. Armis specialises in cyber exposure management, offering visibility and protection across connected devices including operational technology, internet of things infrastructure and unmanaged assets. These areas have gained importance as organisations deploy more distributed systems and adopt AI driven processes at scale.
ServiceNow said the Armis transaction is expected to close in the second half of 2026, subject to regulatory approvals and customary closing conditions. The company plans to fund the deal using a combination of cash reserves and debt. Once completed, Armis will be integrated into ServiceNow’s platform to strengthen security operations, risk management and automated remediation capabilities.
The Armis deal is part of a broader acquisition push that has defined ServiceNow’s strategy this year. Earlier in 2025, the company acquired AI startup Moveworks in a transaction valued at approximately $2.8 billion, aimed at strengthening conversational AI and enterprise automation. Additional acquisitions and strategic investments across data governance, identity security and analytics have further expanded ServiceNow’s technology stack.
Industry observers note that the scale and pace of ServiceNow’s deal making this year represent a notable shift from its earlier growth strategy, which leaned more heavily on organic expansion and smaller bolt on acquisitions. The current approach bears similarities to acquisition driven strategies pursued by large enterprise software firms during periods of platform transformation.
Chief Executive Officer Bill McDermott, who previously led SAP, has been closely associated with this expansionary phase. Under his leadership, ServiceNow has increasingly positioned itself as a central operating system for digital enterprises, integrating workflows across IT, security, customer service and business operations. The recent acquisitions suggest a deliberate effort to accelerate that vision by bringing in specialised technologies rather than building them entirely in house.
ServiceNow’s leadership has framed the Armis acquisition as a strategic move aligned with the rise of AI powered enterprise systems. As organisations deploy autonomous agents and intelligent workflows, the company has emphasised the need for stronger governance, real time visibility and proactive security controls. Executives have said that cybersecurity can no longer operate as a standalone function and must be embedded into operational workflows to keep pace with evolving threats.
However, the aggressive acquisition strategy has drawn mixed reactions from investors. ServiceNow’s stock experienced periods of volatility following reports of the Armis deal and earlier transactions, reflecting concerns about execution risk, integration challenges and capital allocation. Some investors have questioned whether reliance on large acquisitions could divert focus from organic product innovation or pressure margins in the near term.
Analysts tracking the enterprise software sector have pointed out that while acquisitions can accelerate capability building and expand addressable markets, they also introduce complexity. Integrating large teams, aligning product roadmaps and retaining talent are critical factors that can influence whether such deals deliver long term value. The size of the Armis transaction, in particular, raises expectations around successful integration and measurable impact on ServiceNow’s security offerings.
At the same time, industry trends support the strategic rationale behind the move. Spending on cybersecurity continues to rise as enterprises confront increasing attack surfaces driven by cloud adoption, remote work and connected devices. The convergence of AI, automation and security has become a key theme in enterprise technology, with vendors competing to offer unified platforms rather than fragmented tools.
ServiceNow, founded in 2004, has built its reputation on simplifying complex workflows through cloud based software. Over the past decade, the company has steadily expanded beyond IT service management into areas such as customer experience, human resources and operations. The recent acquisitions indicate a further evolution toward becoming a comprehensive digital platform that combines workflow automation with intelligence and security.
The acquisition of Moveworks earlier this year underscored ServiceNow’s ambition to enhance user interaction through AI driven assistants, while deals in identity and data governance reinforced its push into trust and compliance. Together with Armis, these acquisitions suggest a strategy focused on creating an integrated environment where automation, intelligence and security operate together.
As ServiceNow moves into 2026, attention will likely remain on how effectively the company integrates its recent acquisitions and translates them into sustained growth. The success of its expanded strategy will depend on execution, customer adoption and the ability to balance innovation with scale. For now, ServiceNow’s deal making signals a clear intent to play a larger role in shaping the future of AI enabled enterprise operations.