Cybersecurity M&A Activity Driven by Increasing Cyber Threats and Selective Buyers

Cybersecurity M&A Activity Continues

As our lives become more digital, cyber threats increase. Threat actors seek to infiltrate computer systems for financial gain, extortion, political or social motives (known as hacktivism), or simply vandalism.

Cyber due diligence is essential for both sides of a M&A transaction. A clean bill of health regarding cybersecurity improves valuations and helps facilitate a smoother, more efficient M&A process.

Market Conditions

A robust pipeline of high-quality cybersecurity companies continues to fuel deal activity. In addition, buyers have demonstrated increased selectivity in their acquisition pursuits, focusing on high-quality targets that are positioned for growth and have proven, repeatable revenue and recurring EBITDA performance.

For seasoned strategic buyers and private equity acquirers looking to deepen their cyber capabilities, add-on acquisitions provide an attractive opportunity to achieve scale. Recent examples include a $200 million Series C financing round announced in November at Drata; a $120 million pre-IPO funding round by BlackRock in Versa Networks; and a $65 million funding round for secret management technology provider Akeyless.

As part of the due diligence process, buyers should consider quantifying the financial impact of a cybersecurity breach during the integration phase. This includes a thorough assessment of tangible costs such as regulatory fines and penalties, as well as intangible costs such as business disruption and loss of reputation. These quantifications should be included in the purchase price allocation and integration budget.

Strategic Buyers

For strategic buyers that already have operations in the cybersecurity space, or technology-driven firms seeking to add cybersecurity capabilities, this is an ideal time to pursue add-on acquisitions. These can be a low risk way to grow revenue, client base, management bench depth, and organizational infrastructure.

With IPO activity still stalled and venture capital investors looking for quicker exits, this has created an opportunity for large, well-capitalized acquirers to acquire at reasonable valuations. And, this is especially true for companies in high-growth areas such as zero trust solutions, software supply chain security and sign-on verification technologies.

Whether an owner is thinking of selling now or in the future, it’s important for them to stay current on market trends and buyer behavior so they can cultivate a strong business that will command top dollar in an M&A transaction. To do so, it’s critical that owners understand the steps involved in preparing a business for sale and valuation metrics.

Financial Sponsors

Investor interest remains high as evidenced by the number of cybersecurity-related IPOs (including Motorola Solutions’ acquisition of situational awareness and video provider Qognify) that hit the market this year. According to IT-Harvest, investors poured $7.5 billion into the sector through mid-September, though investments in API security and email security remain relatively small by comparison.

A resurgence in financial sponsor M&A activity is also expected to drive more buyers to the cybersecurity space. As financial sponsors look to invest in platforms with recurring revenue and continuous client service demands, the industry provides a good fit for these buyer profiles.

In addition, many of the cybersecurity firms that are experiencing strong M&A activity are demonstrating consistent profitability and growth. These fundamentals are attractive to financial sponsors and will help ensure a successful exit when the time comes for seller to put their business on the block.

Add-On Acquisitions

Strategic buyers, including financial sponsors and management-led firms, are actively looking to expand their cybersecurity capabilities through add-on acquisitions. This can take the form of new proprietary software/technology platforms, technology services, added clients and talent bench depth.

For example, threat detection and response firm CrowdStrike is acquiring Stacksi, an AI-powered platform that automates the process of responding to security questionnaires in the B2B sales cycle. The move is expected to streamline and accelerate the M&A transaction process.

Other examples include cloud security platform provider XM Cyber’s acquisition of exposure management solutions provider Confluera to enhance its continuous vulnerability and penetration testing platform. Hewlett Packard Enterprise (HPE) acquired secure access service edge (SASE) firm Axis Security to incorporate its Atmos offering into its unified network and security as-a-service platform.

Zero-trust data security firm Rubrik is acquiring Laminar, a platform that provides visibility into the status of an organization’s cloud infrastructure and reveals risky configurations and misconfigurations of sensitive data. This helps reduce audit and compliance costs, as well as enable improved security posture.

Press on to know more