Cybersecurity investment and deal activity

We expect cybersecurity M&A and capital raise activity to increase in late 2023 and into 2024. Following a frenzy of activity in 2021 and early 2022, we have observed transaction volumes decrease significantly in the past 18 months. Rising interest rates, recession risk, public market choppiness and company-specific performance all contributed. While companies with strong growth, compelling technology and/or operating in attractive segments, have continued to transact at premium valuation levels, others with the ability to do so have elected to delay transaction processes until market conditions improve. We are starting to see signs of improvement and expect the pent-up demand for M&A and private capital raise transactions to drive an uptick in activity.

Though the bar has been raised and there is increasing focus on capital-efficient growth versus growth at all costs, we expect the best-performing companies to continue to attract premium valuations. Notably, there were significantly more transaction announcements the week of Black Hat than the week of the RSA Conference in April, indicating that market sentiment has already started to show improvement in Q3 versus Q2.

Mixed business environment

While cybersecurity spending in corporate IT budgets has held up relatively well, we have seen some continued challenges in the new business environment. Cybersecurity remains a priority area of spending given the threat of activity, level of sophistication, highly publicized breaches and increasing Board-level recognition of the criticality of improving cybersecurity posture. That said, some cybersecurity companies have seen a slowdown in new business wins this year as customers have faced internal budget pressures. Companies we’ve spoken with have noted elongated sales cycles as well as longer and more burdensome new vendor approval processes.

In contrast, companies with highly differentiated solutions that solve urgent problems, as well as those that enable vendor consolidation and cost savings have been performing well. We have also seen several examples of companies with channel-first go to market strategies continue rapid and capital-efficient growth, which has been increasingly important.


Increasing incorporation of artificial intelligence in cybersecurity

Applications of artificial intelligence (AI) in cybersecurity continued to be a pervasive and an exciting topic of discussion at Black Hat. From use in defensive tools and governance of AI systems to use by the attackers themselves, the use cases for AI in cybersecurity are both broad and deep. We expect continued rapid innovation in this area, with companies continuing to incorporate AI techniques into their product development roadmaps as well as new stand-alone products focused on AI security governance.

While there is some over-use of marketing buzzwords to sift through, we also expect companies with unique AI capabilities that resonate with customers to generate significant investment interest from the investor community as well as acquisition interest from larger strategics.


Final thoughts and opportunities

The current macroeconomic and M&A / private capital markets environment has opened a window of opportunity for cybersecurity companies with strong financial performance to consider a capital raise and / or strategic acquisition. Strong venture capital and private equity fundraising over the past several years – paired with lower transaction volumes over the past 18 months – has created record levels of dry powder that investors are eager to put to work. Earlier this year we saw investors increase their proactive, outbound efforts to identify companies performing well, fill their deal pipelines and get ahead of formal transaction processes. Consistent with some of our own clients’ processes, we are now also hearing that investors are gearing up for formal processes that they expect to be launched in the next few months.

Overall sentiment is that market activity should increase significantly after Labor Day, with transactions completed later in 2023 and into 2024.


To discuss any of the themes discussed, get in touch with the US cybersecurity team here >


This article has been prepared solely for information purposes and is not intended to function as a “research report.” In particular, this means that it is not intended, nor does it contain sufficient information, to make a recommendation as to the advisability of investment in, or the value of, any security.   Additionally, this article does not constitute or form part of, and should not be construed as, an offer to sell, or a solicitation of any offer to buy, or any recommendation with respect to, any securities. You should not base any investment decision on this article; any investment involves risks, including the risk of loss, and you should not invest without speaking to a financial advisor. For additional important information regarding this article, please see our insights and publications disclaimer.