[ad_1]

Regardless of cataclysmic modifications affecting different elements of the economic system, 2020 and 2021 have been excellent years for the cybersecurity business. The safety sector noticed 178 strategic merger and acquisition (M&A) offers in 2020, and 238 offers within the first three quarters of 2021 alone.
Many giant enterprises and personal fairness (PE) companies now interact in high-volume programmatic acquisitions of cybersecurity corporations. Thoma Bravo alone owns 25 safety corporations. Even amongst smaller safety distributors, constant M&A acquisition of key applied sciences and expertise is a confirmed technique for development.
In the meantime, new investments proceed to pour in. The first half of 2021 broke all data with $11.5 billion in enterprise capital funding going into cybersecurity startups. Six new cybersecurity “unicorns” — corporations price $1 billion or extra in valuation — have been born in 2020, and 9 extra originated in 2021.
What’s driving such high-volume M&A and funding exercise within the cybersecurity sector?
Most different IT sectors attain some type of expertise maturity and statis after a decade or so. However the cybersecurity sector is exclusive in that the expertise can by no means grow to be mature as a result of adversaries are all the time evolving. Incumbent safety distributors should proceed to reply, and M&A acquisition is without doubt one of the methods they keep on the forefront of the innovation curve. VCs and PEs that see this exit potential proceed to gasoline new startups.
In my work, I see each the sell-side and the buy-side of the M&A market. Listed below are 5 structural traits that drive M&A exercise in cybersecurity.
1. Greater than a decade of VC and PE investments has created a bounty of safety startups. Stroll the aisles on the RSA Convention and you may see them. Many of those funded startups are basically constructed for acquisition, in that they’re extra centered on growing “options” than turning into absolutely baked corporations.
What which means: The funding glut and proliferation is driving business consolidation through M&A.
2. Incumbent enterprise safety corporations are feeling Wall Road stress to fortify their positions in a fragmented market. The safety market continues to be extremely fragmented. Incumbents are buying startups that provide orchestration and automation applied sciences to assist them construct out true safety platforms (versus baskets of disparate applied sciences). They’re additionally trying to purchase startups centered on securing rising areas corresponding to cloud providers, Web of Issues, and Kubernetes/containers. This month’s announcement that Google acquired Siemplify’s SOAR (safety orchestration, automation and response) expertise for cloud environments is an ideal instance.
What which means: Corporations that innovate safety for rising areas, and corporations that automate disparate safety features, will proceed to get acquired.
3. Publicly traded safety corporations want to indicate predictable and recurring income. These corporations use M&A to accumulate present buyer bases and future income streams, which in flip creates investor confidence and secure inventory costs for them.
What which means: Excessive-margin software-as-a-service corporations that may show future income development are significantly enticing M&A targets.
4. Cybersecurity impacts each sector. Identical to vitality prices creep into each side of our economic system, safety is now an issue that almost each firm should take care of. We’re seeing cybersecurity M&A offers coming from firms in adjoining sectors like telco, aerospace, and vitality which are buying cybersecurity expertise to handle their operations.
What which means: Safety startups can search for M&A exit alternatives amongst non-software corporations that have to construct (or purchase) in-house safety experience.
5. PE companies are having fun with the M&A velocity. PE companies want to roll up safety corporations for an eventual flip or IPO. Investcorp just lately acquired Avira for $180 million and flipped it eight months later to NortonLifeLock for double the value — $360 million. Thoma Bravo has acquired a portfolio of 25+ brand-name safety companies, together with Barracuda, McAfee, and Sophos.
What which means: Your cybersecurity startup ought to have a look at PE companies’ present portfolio holdings to see for those who can present a lacking piece to a roll-up expertise stack.
Structural drivers within the cybersecurity sector be certain that new startups will proceed to get funded and incumbent gamers will proceed to accumulate recent safety applied sciences and expertise through M&A. Repeatedly evolving adversaries and threats basically assure a necessity for area of interest applied sciences, and this market dynamic is a win for each sell-side and buy-side. M&A is a driver of innovation and creator of worth within the cybersecurity sector, and a constant programmatic M&A method is a confirmed formulation for development and success.
[ad_2]
