With 2023 now in full swing, the cybersecurity segment is well positioned for another robust year in terms of M&A and capital placement activity. The below transactions are continued evidence of the strong evidence that strategic buyers and financial sponsors have in the cybersecurity industry. As an example, the total transaction value for cybersecurity deals related to private equity groups and their portfolio companies increased from $9 billion in 2018 to $36.4 billion in 2021. While existing macroeconomic headwinds have presented some challenges, the Bundy Group team continues to be very optimistic about the growth of the cybersecurity segment and the M&A and capital activity tied to the segment.
Below are some relevant cybersecurity market trends to note as we progress in 2023:
- Remote Working Impact: As a result of the pandemic and employees working from home and utilizing unsecured networks, the potential for security issues has increased exponentially. For organizations, the IT team now must account not only for office-based network vulnerabilities but also for potential breaches on the employee’s home network or personal mobile device. Per IBM’s Security Annual Cost of a Data Breach report, the average cost of a breach to an organization was $1.07 million higher where remote work was a factor in causing it.
- Industry 4.0 Explosion: Industry 4.0 is the next phase of the Industrial Revolution, which involves billions of interconnected devices (i.e. the Internet of Things) that can exchange information and influence each other’s actions. While this automated economy has many upsides, there are also numerous challenges from an information security standpoint. With an estimated 31 billion interconnected devices by 2025, the ability for hackers and cybercriminals to infiltrate systems and influence operations, even down to the machine on the plant floor level, is incredibly high.
- Cybersecurity Business Valuation Levels: 2023 could be a year with greater uncertainty due to existing macroeconomic headwinds, including supply chain bottlenecks, torrid inflation, rising interest rates and the looming threat of a recession. A potential recessionary environment, coupled with higher costs of capital (i.e. driven by higher interest rates), could have downward pressure on cybersecurity valuations. Seasoned buyers are trying to take advantage of such opportunities to buy at lower valuations. To counter this possible value degradation, companies seeking to sell or raise capital can utilize the overabundance of cybersecurity buyers and a properly managed competitive process.
- Solid Mergers & Acquisitions Fundamentals: The cybersecurity segment M&A market continues to show a tremendous amount of activity. This is driven by several factors, including the growth profile of the cybersecurity segment, the numerous acquisition opportunities in the cybersecurity industry and the plethora of capital seeking to enter or expand in the cybersecurity market. As of year-to-date August 2022, there were 162 cybersecurity transactions totaling $34.9B in transaction value. There is no sign of any significant slowdown in this transaction momentum in 2023.
As we progress in 2023, the Bundy Group team continues to be very optimistic about the growth of the cybersecurity segment. Furthermore, we are frequently on the receiving end of calls from potential sellers contemplating exit and buyers that are aggressively seeking acquisitions. The fundamentals for the cybersecurity sector continue to be strong, and we are excited to be amid this M&A and capital placement wave.
February 2023 Mergers and Acquisitions
KnowBe4, Inc. (“KnowBe4”), the provider of the world’s largest security awareness training and simulated phishing platform, was acquired by Vista Equity Partners (“Vista”), a leading global investment firm focused exclusively on enterprise software, data and technology-enabled businesses, for $24.90 per share in cash. Learn more.
Almond acquires 100% of Amossys, a leading independent French company providing audit and consultancy services in the field of cyber-security, Cloud and Infrastructures. Founded in 2007, Amossys provides consultancy and expertise in the cybersecurity segment, enabling companies and public authorities to evaluate and improve the security level of their computer systems. Learn more.
OneSpan Inc. (NASDAQ: OSPN), the digital agreements security company, has agreed to acquire ProvenDB, an Australia-based startup that delivers secure storage and vaulting for documents based on blockchain technology, to provide an industry-leading trust model for high assurance contracts and documents. Learn more.
Thoma Bravo, the private equity and growth capital firm, announced that it would spend $1.8 billion CAD (~$1.34 billion) to acquire Magnet Forensics, a Waterloo-based company making software used by defense forces and businesses to investigate cybersecurity threats. Learn more.
Bitwarden, the leading open source password manager trusted by millions, has acquired Passwordless.dev, a European-based open source startup that enables developers to create passkeys and other forms of WebAuthn passwordless experiences quickly. Learn more.
Abacus Group, the leading provider of hosted IT services and solutions to alternative investment firms, has acquired two boutique cybersecurity consulting companies, Gotham Security and its parent company, GoVanguard, both of which have unparalleled track records of excellence in the cyber arena. Learn more.
ProArch, a global IT consulting and services organization, announced the acquisition of Trum & Associates (Trum), a data protection company with a deep understanding of regulatory compliance headquartered in Destin, Florida. Learn more.
SailPoint Technologies, Inc., a leader in enterprise identity security, has acquired SecZetta, a leading provider of third-party identity risk solutions. With nearly half of today’s enterprises comprised of non-employees, organizations need to factor this growing group of identities into their approach to identity security. Learn more.
Cerberus Cyber Sentinel Corporation (NASDAQ: CISO), an industry leader as a managed cybersecurity and compliance provider, based in Scottsdale, Ariz., has signed a definitive agreement for the acquisition of RAN Security, a cybersecurity company with headquarters in Buenos Aires, Argentina and offices in Chile, Peru, Bolivia and Paraguay. Learn more.
NetSPI, the leader in enterprise penetration testing and attack surface management, acquired nVisium to further scale its offensive security solutions and address heightened demand for human-delivered penetration testing. nVisium will support NetSPI’s continued efforts to deliver strategic security testing solutions to enterprises. Learn more.
Simeio, the leading provider of specialized identity and access management (IAM) services in the cybersecurity industry, has announced the acquisition of Texas-based PathMaker Group (PMG) – a leader in identity management services and solutions. Learn more.
CMIT Solutions LLC (“CMIT”), a leading IT Managed Service Provider (MSP) franchisor, announced the transition of ownership from Craftsman Capital to HKW, a middle-market private equity firm focused on growth companies in the U.S. and Canada. The move is part of CMIT’s aggressive strategy to double systemwide revenue to $200 million by 2028. Learn more.
Tetra Tech, Inc. (NASDAQ: TTEK), a leading provider of high-end consulting and engineering services, has acquired Amyx,Inc., a premier enterprise technology services, cybersecurity, and management consulting firm based in Reston, Virginia. Learn more.
ATSG, a leading global, tech-enabled managed services and solutions company, acquired Xentaurs, LLC, a modern Cybersecurity company providing Consulting, Design, Implementation and Managed Detection & Response (MDR) services. Learn more.
Proofpoint Inc., a leading cybersecurity and compliance company, has entered into a definitive agreement to acquire Illusive, a leader and pioneer in Identity Threat Detection and Response (ITDR). The acquisition is expected to close by January 2023, subject to customary closing conditions. Learn more.
AlgoSec, a global cybersecurity leader in securing application connectivity, has acquired Prevasio, a SaaS cloud-native application protection platform (CNAPP) that includes an agentless cloud security posture management (CSPM) platform, anti-malware scan, vulnerability assessment and dynamic analysis for containers. Learn more.
Acrisure, a fast-growing fintech leader that operates a top-10 global insurance broker and the largest independent Real Estate Services company in America, has acquired Homefield IT as part of its Cyber Services division. Learn more.
Toronto-based global cyber insurtech, BOXX Insurance, announced the acquisition of Templarbit, a cyber threat intelligence platform that makes it simpler for businesses to stay ahead of digital threats. Learn more.
Open Systems, a leading provider of next-gen managed detection and response (MDR) services and winner of the 2022 Microsoft Security MSSP Partner of the Year award, announced its acquisition of Tiberium, a U.K.-based provider of highly automated managed security services based on Microsoft security solutions. Learn more.
CloudWave, the expert in healthcare data security, announced the company has acquired Sensato Cybersecurity. Sensato, a managed cybersecurity services company focused on protecting healthcare providers from ransomware events and other cybersecurity threats. Learn more.
C3 Integrated Solutions, a full-service IT provider specializing in cloud-based solutions including Microsoft 365 GCC High, and Steel Root, a cybersecurity services provider specializing in Cybersecurity Maturity Model Certification (CMMC) compliance, have merged to provide defense contractors end-to-end managed services that streamline the technical and administrative burden of regulatory compliance. Learn more.
Palo Alto Networks® (NASDAQ: PANW), the global cybersecurity leader, has signed a definitive agreement to acquire Cider Security (Cider), a pioneer in application security (AppSec) and software supply chain security. Learn more.
Splunk has acquired TwinWave Security, a cyber security startup with unique technology that automatically follows and analyzes complex attack chains that would otherwise require cumbersome manual workflows for security analysts. Learn more.
Bundy Group is a boutique investment bank that specializes in representing cybersecurity, automation and Internet of Things organizations in business sales, capital raises and acquisitions. Over the past 33 years, Bundy Group has advised and closed on over 250 transactions, which includes numerous automation-related transactions. You can learn more at www.bundygroup.com or by contacting Clint Bundy at firstname.lastname@example.org.