Skip to content

A Wave of M&A in Cybersecurity

by on May 1, 2014

Wave of M&AThis post is a portion of my article published in Cyber Defense Magazine’s March Newsletter. You can read it in its entirety here:

History indicates that as we come off a very deep recession we can expect a wave of acquisitions. There have been some big deals announced recently: Facebook buys WhatsApp, Google buys Nest, and Lenovo buys Motorola.

One of the first things many companies cut during rough times is research and development. The other is marketing. When both these budgets get cut, it tends to put companies behind when it comes to investing for the future. When the economy improves companies need to catch up on innovation. Companies also need to get their brand and products back into the public mind-share. Acquisitions are a way to do both these things. Strategic and targeted acquisitions help companies get back some of the time they lost due to budget cuts during tough times.

Growing Market

Global demand for information security technology is growing at a robust 9% compounded annually, says Gartner research director Lawrence Pingree.  By 2016, Gartner anticipates that global spending on information security systems will soar to $85 billion, up from an estimated $65.7 billion this year.

As a result there is renewed interest in cybersecurity in Silicon Valley.

VC Investment

Over the last year, venture capitalists, angels, and private equity investors poured over $1.4 billion into the security market across 239 deals. Year-over-year (YoY) funding has jumped 29% behind a massive Q1’13, which saw 10 companies receive funding rounds over $10 million including AirWatch, WhiteHat Security and Nok Nok Labs. In fact, the most notable deal of the year may be the $154 MM capital raise by AirWatch led by Insight Ventures.  Meanwhile, YoY deal growth in the security space hit 19% behind a surge in deal activity in 2013.

This investment level is up substantially from approximately $1 billion in 2011 and some $500 million in 2010.

Investment Chart

Investment in Cybersecurity

Early-stage funding for the sector soared by almost 60% last year to $244 million worldwide, according to data from research group PrivCo. The number of deals rose even faster, up more than 100% YoY to more than one a week.


The average valuation for each VC round raised last year rose by 41%to $31.5 million, after an increase of 26%from 2011 to 2012.

The valuation of these cybersecurity companies may also be rising in anticipation of a deal-making boom.  Most of the new startups are expected to eventually be snapped up by the larger technology companies.

According to SunTrust Robinson Humphrey, there were 22 M&A deals in 2013 and 7 so far in Q1 at an average enterprise value/revenue (EV/Revenues) multiple of 9.9x.  This compares very favorably to current market conditions that demonstrate multiples of enterprise value to 2014 expected revenues (EV/2014E Revenues) in the following segments of:

  • Security Suite: 2.4x
  • Authentication: 2.6x
  • Firewall/UTM: 6.1x

Will the acquisitions to be made in the cybersecurity industry deliver the deal valuations we have seen recently in other areas, like Facebook’s acquisition of WhatsApp?  Not likely.  Cybersecurity is a relatively stable industry especially when compared to social media.  Its growth is less and the risk is less.  The window of opportunity is greater.  As a result, the valuations are less astronomical.

Fragmented Industry

The cybersecurity industry is a fragmented one.  A fragmented industry is an industry in which no single enterprise has large enough share of the market to be able to influence the industry’s direction.  While Symantec and McAfee are the two biggest players in the industry no one would claim that they’re able to influence the direction of cybersecurity.  In fact, because of their own situations they’re more followers than they are leaders.  Many smaller vendors have carved out a market niche where they deliver a unique product or specialized service.  This creates an opportunity for one of the other players to implement an acquisitive growth strategy that will position it to dominate the industry, like Cisco Systems did in the 1990s.

Maybe the reason there hasn’t been a Cisco-like company in cybersecurity has more to do with the mentality of companies in the industry than it does with the business model itself.  The model, after all, is centered on a time-to-market mentality as the lynch pin for success.  Because of the increasing variety of threats, development cycles should be less than 18 months.  The fragmented cybersecurity market illustrates that the bigger companies find that time frame challenging and smaller companies are the ones best suited to deliver quickly.

Wave of M&A

Can we expect increased M&A activity?  Absolutely.  Investment is flowing to start-up and early stage companies.  The IPO market has improved.  The economy is improving and companies need to accelerate their growth and catch up on historically under- funded R&D.  We will see the traditional companies making acquisitions but we will also see companies outside of the cybersecurity market making acquisitions in the security space as security becomes a bigger issue for everyone.


If you’re wondering how you build a company that you can sell for a premium in a few years, contact me to discuss the Valuation Amplification Process.

I also invite you to download the white paper and learn How to Quickly Increase Your Valuation – A Proven 5 Step Process.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: