Investment and deal activity

Elevated and uncertain interest rates have increased the cost of capital[i], and in our view, reduced the appetite for risk and put a dampener on transaction activity over the past several quarters, relative to the peak activity levels experienced in 2021 and early 2022[ii]. We believe this impacted venture capital, private equity, and strategic M&A transaction volumes.

Differences in valuation expectations between buyers and investors on the one hand, and companies looking to raise capital or be acquired on the other hand, have resulted in lower transaction volumes. Many companies that raised capital near the peak did so at valuation levels that may have proved unsustainable given the macroeconomic changes and company-specific performance. Some companies have continued stellar performance and have differentiated in-demand technology and capabilities. These companies have been able to transact at attractive valuation levels, recent examples including Wiz’s $1B Series E[iii], and Coro’s $100m Series D[iv]. We have seen other companies run out of runway and have had to transact, in some cases at a valuation level equal to or below that of their prior capital raise. We are seeing flat and down rounds becoming more common, accounting for a record 32% of deals in Q1 2024[v]. We have observed a larger cohort of companies in the middle who have raised enough capital and/or have cut their burn rates to extend runway, giving them more time for company performance to improve, to ‘grow into’ their prior valuation, and for macroeconomic conditions to improve. This middle cohort has, in our view, largely been on the sidelines recently, with transactions delayed.

Flush capital markets from late 2020 to early 2022 resulted in many cybersecurity companies being formed, launching solutions, and scaling their go-to-market functions. During this time, Chief Information Security Officers and other corporate buyers of cybersecurity tools were accelerating their spending in the category. While cybersecurity spending remains strong, growth has decelerated, and competition has increased. As a result, organic growth has been more difficult to achieve for many, but not all, cybersecurity companies. At the same time, growth capital has been harder to come by and investors have increasingly turned their attention to capital efficiency - either profitability or a clear path to profitability. Companies without the growth rates to justify their burn rates and the ability to attract capital from new investors have been forced to cut back spending, these spending cuts can jeopardize innovation and growth risking a downward spiral. While these dynamics post a difficult path to navigate for many management teams, those performing well increasingly stand out and garner investor interest in a crowded market.

Source: Pitchbook, 451 Research, S&P Global Market Intelligence, company press releases, news publications and other public sources announced between 01/01/19 and 01/03/24

Source: Pitchbook, 451 Research, S&P Global Market Intelligence,  company press releases, news publications and other public sources announced between 01/01/19 and 01/03/24

 

Large strategics, vendor consolidation strategies and efficiencies driving M&A

Despite market headwinds, large strategics are continuing to pursue M&A and in some cases have convinced targets to transact with highly attractive valuations, seen recently with Akamai’s acquisition of Noname[vi], Armis’ acquisition of Silk Security[vii], Palo Alto’s acquisition of both Talon and Dig[viii] [ix], and Crowdstrike’s acquisition of both Flow and Bionic[x] [xi].

Corporate buyers of cybersecurity software tools are increasingly interested in pursuing vendor consolidation strategies. This has led large cybersecurity vendors to pursue ‘platformization’ strategies to satisfy the requirements of their customers. In many cases, these strategics have turned to M&A to quickly fill gaps in and extend their portfolio offerings.

We continue to hear from large strategics that they are interested in data security and cloud security acquisitions. We are increasingly hearing and seeing interest in security operations acquisitions. Along with Cisco’s acquisition of Splunk, security information and event management (SIEM) providers Exabeam and LogRhythm recently announced their planned merger[xii] and Palo Alto announced its acquisition of IBM’s QRadar assets[xiii]. While the dominant cybersecurity software M&A strategy continues to be “paying up” for best-in-class technology to enhance existing offerings and leverage existing go-to-market assets, we are increasingly seeing an interest in acquiring companies that may not be performing as well but are available for lower multiples.

Within managed services, a desire to drive efficiencies with both scale and technology has contributed to deal activity. Many companies with managed services offerings have raised capital to finance rapid organic growth and achievement of scale. Increasingly these players are also turning to M&A to supplement organic growth - see DeepSeas’ acquisition in December of fellow managed detection and response provider GreyCastle[xiv] - add capabilities that can be cross-sold to their client base – see BlueVoyant’s acquisition of risk management provider Conquest[xv] - and increase their operational efficiencies with proprietary technology – see Arctic Wolf’s acquisition of security orchestration, automation and response provider Revelstoke[xvi].

Consolidation, internationalization and platformization

We believe 2024 will be about consolidation, internationalization, and platformization, driven by demands for full-service cyber businesses. Given the amount of dry powder that investors need to deploy and the multiple drivers of strategic M&A interest, we expect deal activity to rebound in the near-to medium term with improvements in macroeconomic conditions. The arms race between attackers and defenders, a need to finance continued technology innovation, opportunities to recapitalize companies with tired investor bases, and the advantages of scale in both go-to market motions and operational efficiency all contribute to the logic of transactions across venture, growth, buyout and strategic M&A.

To discuss the themes and trends explored in this article in more detail, or for more information on the Cybersecurity sector, please get in touch with our US Cybersecurity team >

 


This article has been prepared solely for information purposes and is not intended to function as a “research report.” In particular, this means that it is not intended, nor does it contain sufficient information, to make a recommendation as to the advisability of investment in, or the value of, any security.   

Any link or reference to a third-party website contained in this article does not constitute an endorsement of any third-party content published on such website.

Additionally, this article does not constitute or form part of, and should not be construed as, an offer to sell, or a solicitation of any offer to buy, or any recommendation with respect to, any securities. You should not base any investment decision on this article; any investment involves risks, including the risk of loss, and you should not invest without speaking to a financial advisor. 

For additional important information regarding this article, please see insights and publications disclaimer.

 

References

[i] https://www.ft.com/content/8b4a5df6-7f6d-480f-8d20-55793854c37e

[ii] Pitchbook, 451 Research, S&P Global Market Intelligence,  company press releases, news publications and other public sources announced between 01/01/19 and 01/03/24

[iii] https://techcrunch.com/2024/05/07/wiz-raises-1b-at-12b-valuation-expanding-through-acquisitions/?guccounter=1

[iv] https://techcrunch.com/2024/03/28/coro-smb-security-series-d/?guccounter=1

[v] https://www.cooleygo.com/data/#5thbox

[vi] https://www.akamai.com/newsroom/press-release/akamai-announces-intent-to-acquire-api-security-company-noname

[vii] https://www.armis.com/newsroom/press/armis-acquires-silk-security-to-incorporate-best-in-class-security-prioritization-and-remediation-into-armis-centrix/

[viii] https://www.paloaltonetworks.com/company/press/2023/palo-alto-networks-completes-acquisition-of-dig-security

[ix] https://investors.paloaltonetworks.com/news-releases/news-release-details/palo-alto-networksr-closes-talon-cyber-security-acquisition-and

[x] https://www.crowdstrike.com/blog/crowdstrike-to-expand-cloud-security-leadership-with-bionic-acquisition/

[xi] https://www.crowdstrike.com/press-releases/crowdstrike-to-acquire-flow-security-and-expand-cloud-security-leadership-with-dspm/

[xii] https://logrhythm.com/press-releases/logrhythm-and-exabeam-announce-intent-to-merge/

[xiii] https://newsroom.ibm.com/2024-05-15-Palo-Alto-Networks-and-IBM-to-Jointly-Provide-AI-powered-Security-Offerings-IBM-to-Deliver-Security-Consulting-Services-Across-Palo-Alto-Networks-Security-Platforms

[xiv] https://www.deepseas.com/deepseas-acquires-greycastle-security-third-acquisition-in-12-months-will-bolster-professional-services/

[xv] https://www.bluevoyant.com/press-releases/bluevoyant-acquires-conquest-cyber

[xvi] https://arcticwolf.com/resources/press-releases/arctic-wolf-announces-intent-to-acquire-revelstoke/