Cybersecurity M&A Activity Continues to Accelerate Despite a Challenged Macro Environment
Cybersecurity m&a activity continues to accelerate despite a challenging macro environment. Bundy Group Managing Director Clint Bundy discusses why in a recent podcast interview with Industrial Cybersecurity Pulse.
Strategic buyers are looking for stability, profitability and growth. Financial sponsors are sitting on trillions in dry powder that will get put to work when valuations and opportunities align.
M&A headwinds including capital market discipline, early stage investor caution and lender conservatism are influencing valuations in the cybersecurity space. The industry’s continued growth, however, is attracting aggressive buyers, financial sponsors and private equity investors.
Strategic buyers represent the majority of M&A activity in the cybersecurity sector and can be publicly traded, privately held, management owned or financial sponsor-owned. These are companies looking to acquire a platform in the cybersecurity sector with the goal of growing revenue, capabilities and organizational infrastructure before selling.
Nonsecurity strategic buyers are also active in the cybersecurity M&A market and can be motivated by a variety of factors including competitive pressure, a desire to strengthen client trust and the opportunity to enhance their revenue-generating product stacks. For example, a cloud provider may want to offer internal security services or an IT service provider might seek a zero-trust solution to support their business model. Nonsecurity strategic buyers account for a smaller share of M&A activity but can be the source of significant add-on acquisitions.
While M&A activity has slowed as investors have taken a more cautious approach to risk, the cybersecurity market continues to attract significant interest. Strategic buyers, private equity groups and other financial sponsors all see the tremendous growth opportunities in this market as justification to pay premium valuations for cybersecurity-oriented companies.
For example, Sidley recently advised Palo Alto Networks on its acquisition of The Crypsis Group a leading incident response and digital forensics consulting firm and KKR NGT and one of its portfolio companies on their growth investment in ReliaQuest an advanced cybersecurity-managed service and intelligence company for global enterprises.
Investors are also continuing to make substantial investments in the cybersecurity space this year with total venture funding reaching just under $10 billion through Q3 according to IT-Harvest. This is significantly lower than the record-setting year of 2021 but still impressive given the collapse of Silicon Valley Bank and overall pullback in early-stage VC fundraising.
Strategic buyers are companies that already operate in the cybersecurity space and are looking to expand their capabilities or enter new markets. They may be publicly traded, private equity backed, management or founder owned. Financial sponsors are investment groups that seek platform acquisitions in an industry with the goal of growing those assets through organic and inorganic means to achieve a strong return for their investors.
For example, in March, Hewlett Packard Enterprise announced it would acquire security service edge (SSE) provider Axis Security to provide unified networking and security as-a-service. The addition of Axis’ Atmos platform will complement HPE’s one-stop-shop cyber risk management and data protection offerings for cloud, edge and on-premise environments.
For add-on acquisitions to be successful, the acquired company’s technology and capabilities must be complementary and offer synergies to the platform’s existing portfolio. This can be accomplished through a combination of revenue and cost synergies. It also can be a function of geographic expansion or a shift from a one-trick pony to a full suite of cybersecurity services.
After a long run of accommodating capital markets for cybersecurity firms at all stages of development, the darkening economic environment is leading to new discipline among debt and equity providers. Combined with rising interest rates, fears of recession, mass tech layoffs and corporate acquirer conservatism, the new economic conditions are creating a risky backdrop for M&A activity in the sector.
Post-merger integration is a critical phase of M&A where acquiring firms must conduct comprehensive security assessments and integrate systems. These assessments should include a review of managerial processes, tools and technology, and information security risks across the acquired firm’s environment.
The acquiring company should also assess the target firm’s willingness to remediate identified vulnerabilities. A clean bill of health concerning cybersecurity can make an acquisition more attractive and ensure a smoother transition period. For this reason, a robust risk management platform is a vital tool for companies looking to maximize value in the M&A market.