Cybersecurity’s insulation from macro turbulence
While the pull-back and turbulence in the public market have been top of mind for many, our view and the consensus from our conversations with other market participants is that private financing and M&A valuations for cybersecurity companies have been, and are likely to continue to be, less impacted. - Continued strong demand for cybersecurity solutions underpins a strong growth outlook, both near-term and long-term, providing support for continued strong valuations. Given the threat landscape, growing attack surface area and economic / reputational damage of breaches, cybersecurity spending is likely to continue increasing across all segments (SMB to enterprise) as a critical area of IT spend. Significant capital will likely continue to need to be deployed, whether it be in venture capital / private equity dry powder following strong fundraising activity, or from the balance sheets of a well-funded strategic acquirers whose desire to augment organic growth and continue expanding product and service capabilities will likely drive a healthy amount of M&A.
Premium cybersecurity companies will likely continue to attract premium valuations
In our view, cybersecurity companies performing well are likely to continue garnering premium valuations. We’ve observed rapid growth continuing to be the primary valuation driver, though in recent conversations with investors capital efficiency has been an increasingly important area of focus. Gone for now are the days of growth at all costs. There is also likely to be increasing divergence in valuations between tier “A” and non-tier “A” companies, with the bar to achieve premium valuations being raised.
Continued convergence of software and services models
We’ve observed cybersecurity companies continue to diversify their capabilities and blur the lines between pure-play models. For example, we saw CrowdStrike as forward thinking in its approach. Palo Alto Network’s acquisition of Crypsis [1] was an early example of this trend from an M&A perspective. More recent transactions include Google’s acquisition of Mandiant [2], Thales’ acquisition of both S21Sec and Excellium [3] and HelpSystems’ acquisition of AlertLogic [4]. From our conversations, product-oriented companies specific areas of services M&A interest include:
- managed services to bundle with software sales;
- threat intelligence to enhance the threat detection capabilities of existing software products; and
- incident response, offensive penetration testing and other highly specialized services to better address niche cases and supplement lead generation
Service providers have also expressed interest in product-oriented technology tuck-in acquisitions to enhance and differentiate offerings. We believe security automation, orchestration, and response (SOAR) and other automation capabilities continue to be of interest for services providers to enhance scalability and expand margins. Recent examples of services companies adding technology via M&A include Reliaquest’s acquisition of Digital Shadows [5], Kroll’s acquisition of both Crisp [6] and Resolver [7], BlueVoyant’s acquisition of 202 Group [8] and eSentire’s acquisition of CyFIR [9].
Increased interest in Identity
Increasingly viewed as the first line of cyber defense, we are seeing identity security continue to be a key area of interest for the market. Beyond IAM and PAM capabilities, companies have expressed growing interest in gaining via acquisition identity-as-a-service / managed identity capabilities as well as abstraction layers to integrate identity into broader security offerings.