How Technology Is Changing How We Treat Cybersecurity M&A

Cybersecurity M&A activity increases in 2020

As companies are moving their data from on-premise to hybrid cloud solutions, there is a change in the way data is getting stored — the modifications in data storage rise to vulnerabilities in data security. Cyber-attacks remain to be one of the common severe threats to enterprises in all industries, with their number and complications increasing speedily. The changing nature of data storage will lead to cybersecurity M&A of some of the higher-performing startups and midsized cybersecurity companies. As per Capgemini, 69% of companies believe Artificial Intelligence (AI) will be essential to counter cyberattacks.

Vendors making the best use of AI in their products will be the most sought-after future M&A targets. There are indications apparent as buyers take a keen interest in assets that apply behavioral analytics technology in their cybersecurity solutions, especially in network and endpoint security, as well as anti-malware software. This trend will stay as AI technology develops and becomes an indispensable part of cybersecurity solutions across the board.

Digitalization, increasing regulations, and new technologies have started to increase the number of cybersecurity acquisitions over the last two years. Traditionally cybersecurity firms focused on endpoint security. The endpoint security protected the computers and servers owned by the customer. As customers move their data to centralized cloud servers that are hosted by third party providers like Amazon and Microsoft, there is a need for the new technology to protect the data. This technology shift created focused cloud tools in the cybersecurity business. Companies that have built robust offerings are winning the market share.

Cybersecurity works on a shared responsibility model where the cloud host gives its firewall. However, businesses are accountable for the transfer of data and intellectual property as it moves in and out of the cloud infrastructure. The hybrid- and multi-cloud services moreover obscures this shared model. In hybrid and multi-cloud services, a company may wish to retain some operations on-premises or transfer data linking two separate cloud providers.

Large corporations such as Intel have invested in midsize cybersecurity companies. Palo Alto Networks lately bought two companies as it is looking to extend its cloud security offerings.

Most of these acquisitions involved small private firms. In the future, the deal activity will include midsize public cybersecurity companies, especially whose valuations are below $5 billion.

Cybersecurity M&A summary

Deal flow in the cybersecurity segment is steady since 2015. Notwithstanding a drop in transaction volume contrasted to 2018, the forecasted size for 2H2019 implies that 2019 did not see the cybersecurity business lose any momentum. Deal volume in H2 2019 depicts a 15% increase compared to that of H2 2017.

M&A activity will rise in the cybersecurity business, and many legacy companies will experience consolidation. Valuations in the cybersecurity are notably reliable. EV/S multiples have always traded around 5x – substantially above estimates of about 3x EV/S seen on the broader enterprise software. 

Broadcom acquisition of Symantec

Legacy security corporation Symantec tried to overhaul its strategy for the current cloud-based business. However, it grappled with achieving following its 2016 takeover of Blue Coat Systems, leading Symantec itself to shift to an M&A target. Broadcom, in August, agreed to buy Symantec’s enterprise security shop for $10.70 billion. Broadcom’s milestone purchase of Symantec turned the highest ever deal in the cybersecurity area.

Symantec endured difficult times before the acquisition, undergoing a string of leadership transitions, handling an SEC probe, and fighting to reach earnings targets. Moreover, the enterprise segment sustained from inefficiencies, estimating for nearly 50% of revenues but making only 20% of operating profit.

Broadcom’s thrust into enterprise software presents a part in the transaction. Broadcom will approach Symantec as a financial investment rather than a strategic one. There are lots of potentials for Broadcom to expand Symantec’s bottom line by decreasing costs and employing cost synergies with its current enterprise software purchases.

These tactics would further boost Symantec’s competitive edge in a more congested market and dodge the outcome met by McAfee. In 2010, Intel got McAfee with the purpose of inserting McAfee technology into its firmware. Nevertheless, the strategy demonstrated failure, driving to the ultimate divestiture of a majority stake in McAfee to TPG Capital at a much discount.

Private equity activity in cybersecurity M&A

Private equity companies have channeled notable plunge into cybersecurity, with an emphasis on larger, more traditional targets. Thoma Bravo is driving financial buyers for a while, paying nearly $9.5 billion over the last 30 months on some of the most critical cybersecurity transactions ever read. After its $1.6 billion acquisition of Barracuda Networks in 2017, Thoma Bravo was inquisitive in taking Symantec. When Broadcom assumed Symantec’s enterprise security assets, Thoma Bravo turned its regard to Symantec’s British rival, Sophos, making it private for $3.8 billion in the second-largest transaction of 2019. Thoma Bravo paid $7.40 per share in cash, indicating that shareholders will get a 37.1% premium over the last closing price. 

At 68%, over two-thirds of cybersecurity targets acquired in the closing 30 months were located in North America, underscoring North American supremacy in the space. European companies deemed for 23% of all cybersecurity targets and were principally acquired by representatives from the same region, with 65% of European firms bought by European acquirers. Of the remaining 9% of cybersecurity targets based outside, nearly half have their headquarters in Israel, which explains the country’s dominance in cybersecurity. 

Next steps – cybersecurity M&A

Cyberattacks will remain to be one of the most severe perils for businesses in all industries. The amount of attacks, as well as their intricacy, is increasing rapidly, and cybersecurity vendors must move swiftly to shield them against cyberattacks and keep up the pace.



Leave a Reply