An unprecedented surge in ransomware, software vulnerabilities and malign cyber activity against the private sector and critical infrastructure has led to a wave of private equity investment and merger activity in the cybersecurity industry.
Information technology providers sought to create secure environments for clients. Enterprise customers also demanded end-to-end security solutions capable of hunting down sophisticated malware, detecting software vulnerabilities and protecting sensitive employee data.
During the first quarter alone, the cybersecurity industry recorded 108 mergers and acquisitions, with a combined transaction volume of $29 billion, according to Progress Partners, a merchant bank with offices in Boston and New York.
“Cybersecurity is a unique segment where technology must constantly evolve to combat new adversaries and attack methods,” Eric Bell, managing director at Progress Partners said via email. “It does not follow a typical technology maturity cycle.”
M&A activity in the sector is expected to hit a record pace for the second consecutive year, after reaching $70.4 billion in 2021, according to a market report from Progress Partners.
Data on the cybersecurity market shows deep investor demand, with $5.4 billion raised across 249 transactions in the sector.
Some of the nation’s top IT and cloud services providers drove much of the M&A activity. They have invested heavily in acquiring smaller rivals and investing in new capabilities for their internal security services, in part to protect the integrity of their software platforms and cloud services customers.
“Our mission continues to focus on helping customers defend their growing digital estate against increasing cyberthreats,” a Microsoft spokesperson said via email. “Acquisitions have helped provide Microsoft with broader visibility into security by helping to reduce risk, prevent security breaches and ensure compliance.”
Microsoft said acquisitions have helped provide a more comprehensive view of threats targeting their business and a better understanding of vulnerable internet-facing assets.
Alphabet CEO Sundar Pichai, speaking during Alphabet’s quarterly conference call with analysts on Tuesday, said cybersecurity has been a particular focus for the company.
The company has been on a major acquisition binge in recent months, starting with the $500 million deal in January to acquire Siemplify, a provider of security orchestration, automation and response technology. The SOAR technology from Siemplify had long been a missing piece from Chronicle, which serves as the main threat detection and response platform under Google Cloud’s security business, according to Forrester Analyst Allie Mellen.
When reported negotiations between Mandiant and rival Microsoft failed to materialize, that left an opening for Google to fill its incident response portfolio gap.
“We obviously are excited about our purchase of Mandiant, which I think will help us serve customers deeper as well,” Pichai said during the call.
Congress and federal regulators have placed additional scrutiny on the IT sector in recent years amid concerns about the growing power of the industry’s biggest technology firms.
The DOJ earlier this month sent Mandiant and Google a request for additional documents related to their deal, according to filings with the Securities and Exchange Commission. The companies said they would promptly reply and are cooperating with regulators to complete deal, which is expected later this year.
Microsoft has embraced its ability to offer a comprehensive security platform as one of its main selling points to enterprise customers in recent years. During the company’s fiscal second-quarter earnings call in January, CEO Satya Nadella said security-related revenue was up 45% to $15 billion from year-ago figures.
Microsoft has 785,000 security customers, up 50% year-over-year, Nadella said during the fiscal third-quarter call on Tuesday. He said companies including Citrix, Domino’s Pizza, Heineken and others were using Microsoft to protect their multicloud infrastructure.
Gaps to fill
Security acquisitions have been the focus of numerous companies in the IT space in recent months.
IBM in November agreed to buy ReaQta, a move to expand its threat detection and response capabilities. As part of the agreement, IBM expanded its extended detection and response capabilities through its QRadar XDR suite.
In February, the Wall Street Journal reported Cisco had made an offer of more than $20 billion for Splunk, a provider of data monitoring and security software. A spokesperson for Splunk said the company does not comment on rumor or speculation and Cisco did not respond to a request for comment on the talks.
SentinelOne entered an agreement in March to buy Attivo Networks in a deal valued at $616.5 million in cash and stock. The acquisition will combine Attivo Networks’ identity protection and response technology, which focuses on credential theft and lateral movement, with SentinelOne’s autonomous XDR platform.
“I think the bigger issue these days is combining multiple solutions into security platforms can help customers,” said Peter Firstbrook, research VP at Gartner. “There is increasing demand from enterprise security buyers for consolidated products that are integrated and work well together.”
Firstbrook cites data showing 70% of enterprise security buyers are trying to consolidate the number of vendors and products they purchase.
Venture capital investments in cloud security have accelerated in recent years, reaching $6.2 billion in 2021, compared with $2.6 billion in 2020, according to Gartner data.
Cloud-native application protection platforms have emerged as a leading area of growth in terms of venture capital spending. The U.S. has 97 distinct cloud security firms, according to Gartner, however Israel and China lead the space with 25 and 12 cloud security firms respectively.
“Public companies buy innovative companies that fill gaps in their current offerings to [provide] innovative solutions,” Alberto Yepez, co-founder and managing director at Forgepoint Capital.
Customers are looking to add new security features to existing product suites, for example secure service edge (SSE) or XDR, according to Brendan Burke, senior emerging technology analyst at Pitchbook.
“Recent customer-led waves of acquisition include secure software-defined wide area networking, XDR log ingestion and privileged access control of employee workstations,” Burke said. “Leading vendors compete to acquire the most outstanding technology assets in these categories and in some cases pay significant premiums to win.”