The Bundy Group, an investment bank and advisory firm, provides regular updates on mergers & acquisitions and capital placement activity in the cybersecurity market. After a busy year in the cybersecurity sector, I wanted to provide observations on activities and trends occurring in this rapidly evolving industry. The foundation for my feedback includes:
Current Bundy Group client engagements in which our team is advising technology, automation and cybersecurity organizations in sales and capital raises.
The numerous conversations we have each week with owners, executives, strategic buyers, financial sponsors (i.e., private equity groups and family offices) and other industry professionals.
Bundy Group’s attendance at, and involvement with, technology-, automation- and cybersecurity-related conferences.
Continual tracking of mergers & acquisitions (M&A) and capital placement activity in the cybersecurity market (see Bundy Group’s prior articles in Industrial Cybersecurity Pulse and Control Engineering Magazine).
Four cybersecurity mergers & acquisitions observations
- An overabundance of buyers in the cybersecurity sector: Consolidation and investment in the cybersecurity sector continue at a torrid pace. Furthermore, the “secret is out” about this attractive market, which is luring buyers of all types. The result is that there is significantly more buyer demand than supply of available acquisition opportunities in the cybersecurity sector.
- Valuation multiples hold strong: While buyers are in the business of acquiring solid companies at low valuations, they can pay — and are paying — seller-friendly valuation multiples. That being said, buyers only pay high multiples for cybersecurity businesses when they are forced to do so under the threat of competitive pressure. In a recent cybersecurity-related client engagement that Bundy Group managed, we were able to push numerous buyers to adjust their valuations higher relative to their original offers. This demonstrated the value of a competitive sale process on behalf of a highly attractive cybersecurity company.
- Automation and cybersecurity are Intertwined: Automation solutions firms, which include systems integrators, software providers and manufacturers, are feeling pressure from clients to incorporate cybersecurity solutions in conjunction with their automation offerings. With such trends as information technology/operational technology (IT/OT) convergence and the acceleration of edge computing, it is critical for security measures to be included with automation solutions. Furthermore, because the cybersecurity sector is a growth market, an automation firm that can also deliver cybersecurity solutions can expect to see a positive impact on its valuation.
- The largest global consulting players are the cybersecurity heavyweights: Branded international consulting firms are also the largest cybersecurity players. This includes Deloitte, Ernst &Young (EY), PricewaterhouseCoopers (PwC) and KPMG, also known as the Big Four. These are the four largest security consulting firms. In addition, these professional services groups are highly focused on growth by acquisition. As listed in the below transactions, Deloitte recently acquired Australian-based Hacktive, a boutique cyber consultancy firm, its third transaction in as many months.
Increased investment in cybersecurity
As we finish out 2022 and begin 2023, the Bundy Group team is witnessing numerous positive fundamentals that will continue to impact cybersecurity companies. The 2023 Gartner CIO and Technology Executive Survey, which gathered data from more than 2,000 CIO respondents around the world, reported that, of these respondents, 66% planned to increase their investment in cybersecurity. The executives and shareholders that are affiliated with these organizations should monitor these trends. The result of these market activities could be enormous value creation opportunities for cybersecurity organizations.
November 2022 cybersecurity mergers & acquisitions
HUMAN Security, Inc. (formerly White Ops) — the global leader in safeguarding enterprises from digital attacks with modern defense — announced the acquisition of clean.io, the industry leader in protection against malvertising and e-commerce fraud. Learn more.
Passage, a leader in modern authentication technology, is joining the 1Password team to help accelerate the adoption of passkeys for developers, businesses, and their customers. Learn more.
11:11 Systems (“11:11”), a managed infrastructure solutions provider, announced the completion of both the acquisition of Sungard Availability Services’ (“Sungard AS”) Recovery Services business and Sungard AS Cloud and Managed Services (CMS) business. Learn more.
Intel 471, the premier provider of cyber threat intelligence for leading intelligence, security and fraud teams across the globe, announced the acquisition of SpiderFoot, a best-in-class provider of open-source intelligence, attack surface management and digital investigations. Learn more.
October 2022 cybersecurity transactions
OPSWAT, a leading provider of critical infrastructure protection cybersecurity solutions, has acquired all assets of FileScan.IO, a free next-gen malware analysis platform with a focus on Indicators of Compromise extraction and related threat intelligence data. Learn more.
DMI, a global leader in digital transformation services, has acquired the Ambit Group LLC (“Ambit”), a leading provider of data analytics, cybersecurity and mission support services to the U.S. government. Learn more.
CyberRisk Alliance (CRA), a business intelligence company serving the cybersecurity sector, has acquired Cyber Security Summit (CSS) and TECHEXPO Top Secret, a leading provider of premium thought leadership and networking events for C-level leaders in cybersecurity and technology. Learn more.
J.S. Held, a Jericho, New York-based specialized global consulting firm, has acquired TBG Security, a cybersecurity consultancy that provides offensive and defensive cyber consulting services. Learn more.
NINJIO, a cybersecurity awareness company that leads the industry in customer satisfaction, has acquired DCOYA, an advanced behavior-centric cybersecurity solutions provider. Learn more.
Managed security service provider (MSSP) Security7 Networks announced it has joined Integris, a fast-growing national IT managed service provider (MSP). As a fully integrated team, Integris is now able to expand its existing talent base and enhance cybersecurity offerings to clients nationwide. Learn more.
KnowBe4, Inc. (the “Company” or “KnowBe4”) (Nasdaq: KNBE), the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has entered into a definitive agreement to be acquired by Vista Equity Partners (“Vista”) in an all-cash transaction valued at approximately $4.6 billion on an equity value basis. Learn more.
Email and brand protection provider Red Sift announced it has acquired attack surface management (ASM) provider Hardenize, after Red Sift raised $54 million in Series B funding earlier this year in an attempt to include email under the banner of the attack surface. Learn more.
ForgeRock (NYSE: FORG), a global digital identity leader, announced that it has entered into a definitive agreement to be acquired by Thoma Bravo, a leading software investment firm, for $23.25 per share, in an all-cash transaction valued at approximately $2.3 billion. Learn more.
Allurity has acquired the leading Danish service provider CSIS, taking yet another leap toward its goal of becoming Europe’s preferred provider of tech-enabled cybersecurity services. Learn more.
Deloitte Australia is acquiring Australia-based cybersecurity consultancy Hacktive in an effort to expand its managed security services offering and the capabilities of its Cyber Intelligence Centre. Learn more.
iC Consult Group, the world’s leading managed services and consulting company in the field of Identity & Access Management (IAM), has completed the acquisition of Kapstone Technologies LLC, a global provider of identity and security services. Learn more.
Infinigate Group, the pan-European value-added distributor (VAD) of cybersecurity solutions announced its merger with Dubai-based Starlink, the market-leading VAD in cybersecurity, secure cloud and secure networking in the Middle East and Africa. Learn more.
ASGN Incorporated (NYSE: ASGN), a leading provider of IT services and solutions, including technology and creative digital marketing across the commercial and government sectors, announced that it has acquired Iron Vine Security, a leading cybersecurity company that designs, implements and executes cybersecurity programs for federal customers. Learn more.
Kocho, UK-based provider of cybersecurity, identity, cloud transformation and managed services, announced that it has acquired Surrey-headquartered Mobliciti, the award-winning managed service provider (MSP) specializing in enterprise mobility, security and wireless connectivity solutions. Learn more.
Bundy Group, a CFE Media and Technology content partner, is a boutique investment bank that specializes in representing cybersecurity, automation and Internet of Things organizations in business sales, capital raises, and mergers & acquisitions. Over the past 33 years, Bundy Group has advised and closed on more than 250 transactions, which include numerous automation-related transactions. You can learn more at www.bundygroup.com or by contacting Clint Bundy at firstname.lastname@example.org.