Mergers and acquisitions (M&A) activity and cybersecurity investments picked up again in the fourth quarter after a somewhat sharp decline in the third quarter. The activity put the sector on track to end the year better than many expected, with overall funding outpacing his 2020 pace (albeit down from 2021). ).
Momentum Cyber Managing Partner Eric McAlpine said: “Cybersecurity is still a very active market compared to the historical levels of the last decade.”
McAlpine said Momentum tracked a total of 37 M&A deals from the fourth quarter through November. This compares to a total of 50 acquisitions in Q4 2021.
“M&A activity in the cybersecurity services market continues to be stronger than in any other sector of the industry,” he says. In fact, his 2021 and 2022 year-to-date M&A volume in cybersecurity services tops the combined volume of the last five years.
First and foremost, McAlpine says M&A activity in cybersecurity will continue to gain momentum in 2023 as startups face challenges to raise more capital, run out of money, or revise down valuation expectations. expected to continue. He predicts a “major shift in investor mindset, moving away from growth at all costs to funding profitable growth.”
M&A activity picks up momentum after slowdown in Q3
Two major cybersecurity acquisitions in October had a huge impact on overall deal volume in the fourth quarter of this year. One of which is his $4.6 billion acquisition of KnowBe4 by Vista Equity Partners on October 12th. Vista, like many other private equity (PE) companies, plans to make publicly traded KnowBe4 a private company once the acquisition is complete.
Another major deal in the fourth quarter was the October 11th all-cash purchase of ForgeRock by PE giant Thoma Bravo for $2.3 billion.
But that’s not to say there weren’t other significant deals during the quarter. As an example, McAlpine cites Palo Alto Networks’ acquisition of Cider Security for his $195 million in November. Proofpoint acquired Illusive in his December for an undisclosed sum. 1Password acquired Passage in November for an unknown amount.
More M&A money moved through the cybersecurity sector in the first three weeks of October alone than in the entire third quarter, according to figures tracked by S&P Global Market Intelligence.
“Between Oct. 1 and Oct. 24, cybersecurity acquirers disclosed nine deals totaling $6.9 billion in deal value,” the analyst firm said in a recent market report. said in In contrast, total deal value for all publicly disclosed M&A deals in the third quarter was just $3.06 billion, down more than 75% from $13.77 billion in the same period in 2022, according to S&P Global Markets. Intelligence said.
Meanwhile, the fourth quarter of 2022 also saw significant fundraising activity in the cybersecurity sector. A notable example is Arctic Wolf’s $401 million convertible bond issuance in October. Drata said he raised a $200 million Series C funding round in December, bringing the company’s valuation to his $2 billion. Also, his $120 million pre-IPO funding round at Versa Networks, led by BlackRock.
IT-Harvest Chief Research Analyst Richard Stiennon said: “While this is less than last year’s $24 billion, it is 60% above 2020’s record funding.”
Stiennon said the numbers for the year in which disasters were predicted aren’t all that bad.
There were nearly 20 disclosed cybersecurity funding rounds in the last three months of 2022, according to IT-Harvest’s tally. He got $410 million in growth capital for NetSPI. Akeyless raised his $65 million in secret management technology.
By the end of November, managed security service providers were the most active sector for M&A deals, according to data tracked by Momentum. risk and compliance. security consulting and services segment; Risk and compliance were the most active funding deals during the same period. Identity and access management. application security; network and infrastructure security;
The impact of industry activity on enterprise security teams
Devo CEO Marc van Zadelhoff expects the cybersecurity market to weather a potential downturn better than other sectors.
“In the second half of 2022, security was the last industry to observe a slowdown in spending, let alone IT spending,” he says. “By mid-2023, we believe security will be the first industry to emerge from recession given the surge in data and threats and the need for a strong security posture.”
Security teams, however, need to prove their worth and deliver immediate ROI, says van Zadelhoff. “Now is the time to lay the foundation for cybersecurity investments and for security decision makers to learn the words of her CFO and practice her cyber pitch.”
At the same time, some say a prolonged recession, or the threat of one, could curb security spending and bring about another shift in the industry next year and in the near term. They advocate for enterprise security teams to be aware of the potential impact of these changes and to be prepared.
For example, security teams should demonstrate a measurable return on investment and be prepared to do more with less in situations where the organization may be looking to reduce security spending. said Richard Caralli, Senior Cybersecurity Advisor at Axio.
This is in anticipation of a slowdown in core spending on technology acquisitions in 2023. This could lead to shrinkage of certain cybersecurity sectors and increase the potential for consolidation and acquisition activity.
“At that point, we can expect the technology involved in these activities to need to be reassessed,” says Caralli.
The fact that CISOs and those responsible for purchasing decisions are increasingly demanding more integrated platforms could be another driver of fundraising activity in the cybersecurity sector in 2023.
Hank Thomas, CEO of Strategic Cyber Ventures, said: “Too many vendors chasing the same dollar with comparable technology. PE firms and other late-stage investors are looking to bring in larger players to act as anchors for roll-ups and bolt-on acquisitions. A more comprehensive, less costly, efficient and effective security platform.”