Cybersecurity M&A Bonanza Shows No Signs of Slowing

Cybersecurity M&A Bonanza Shows No Signs of Slowing

The pandemic, inflation, and a bevy of other sources of macroeconomic uncertainty have caused some tech investors to slow down their investments in mergers and acquisitions. But cybersecurity M&A remains white hot, with no signs of cooling off. While the 2022 market correction has had some negative effects on tech stocks, many cybersecurity businesses have maintained values well above average, and M&A deals continue to outpace those of most other sectors.

In the first quarter, there was a 26.3% year over year increase in M&A activity—in spite of a hot market in 2021. In fact, the last time there was a decline was 2019, and then the drop was slight—just 2.9% compared to 2018.

The key factors driving the M&A frenzy in cybersecurity include:

  • Increased understanding of the value of M&A for all businesses. The cost of a single cyber breach for a typical business is well into the millions, making cybersecurity investments incredibly important.
  • The transition to digital platforms during the COVID-19 crisis. This has made an even stronger case for tighter cybersecurity. People can be personally impacted by cyber breaches in unprecedented ways, especially now that so many children spend significant time on digital platforms for school and other activities.
  • Consolidation and innovation. Cybersecurity firms are in greater demand than ever before. This drives innovation. It has also helped consolidate the market, building progressively larger and more powerful players. Small start-ups often hope to cash out and get absorbed into the big players, which means there’s great value in starting a cybersecurity firm. At both ends of the market, growth is significant.
  • Increased public awareness of cyber crime. With increased awareness comes an increased willingness to purchase cybersecurity products, driving private equity’s interest in cybersecurity firms. With more and more high-profile cybersecurity breaches, the case for increased investment essentially makes itself.
  • Acquiring talent. The global market has at least 2 million unfilled cybersecurity roles. It’s an employees’ market, and that means that companies are eager to buy up talent wherever they can find it. Many recent acquisitions have sought primarily to bring in new talent.

The first quarter of 2022, it’s worth noting, did see fewer overall deals. This is due in large part to consolidation driving down the total number of deals that are possible. But total deal dollar volume increased significantly. As access to talent continues to be a problem, deal values may rise. Multiples, too, are extremely high. Cybersecurity M&A multiples averaged 11.6x EBTIDA during the first quarter. That’s a small decline from 2021, but remains significantly higher than the 3.3x average multiple we’re seeing in the broader tech sector, data from 451 shows.

So who’s acquiring these cybersecurity firms? Anyone who can get their hands on them. It’s often other cybersecurity companies hoping to widen their reach, access valuable IP, or increase their talent pool. PE continues to show interest in cybersecurity, too. As consolidation increases, so too will the role of larger businesses in the cybersecurity M&A bonanza.