Over the past six years, total annual M&A deal value in information security has rocketed higher by $13.5bn.
This explosive growth is fueled by three key trends:
- Businesses are embracing digitalization at record levels.
- The number of attacks is increasing.
- New regulations, such as the EU’s General Data Protection Regulation and the California Consumer Privacy Act, have made compliance a prickly proposition.
History of Security M&A
The rise of infosec M&A is nothing new; the trend actually dates back to 2002.
From 2002-2004 marked the first wave of infosec mergers and acquisitions. This period averaged 50 deals per year.
The second wave, 2005-2013, saw an average of 76 deals per year – a significant increase, but dwarfed by the third wave (2014-present), which has seen, on average, 128 deals per year and has been >50% more active than the second wave.
What is notable about the third wave?
First, a few more numbers.
In 2018 there were 128 total deals, a number exceeded only in 2015, when there were 133 total deals. The total value of deals in 2018 was $14.9bn – the second-highest in history, trailing only 2016, when the value of deals came to $15.3bn.
Of particular note now is the extent to which private equity has become involved. Whereas PE firms accounted for just three deals in 2010, they made 41 deals in 2018 – more than one-third of all transactions!
Additionally, there have been multiple cases in which PE firms have acquiesced to paying sky-high multiples. For instance, Thoma Bravo paid 7.6x revenue for CA Veracode, and Pamplona Capital paid 7.3x revenue for Cofense. As a result, it remains to be seen just how large the return will be for PE’s big bet on the security industry.
Identity & Access Management
M&A activity is up across the entire industry, but in identity & access management (IAM), deal volume has been pronounced. This subsector led the way with 35 deals in 2018, the most notable of all being Cisco’s purchase of Duo Security for $2.35bn in October.
2019 is shaping up to be the most active ever in infosec M&A history.
I think we should expect strategic acquirers to continue to home in on attractive IAM targets. As the zero-trust paradigm gains tractions, it will likely cause network security and IAM to converge.
In large part, this is because it has become a more complicated problem now than ever before for an enterprise to ensure that the people accessing its most precious resources are the right people.
In order to solve this problem, deal activity among IAM targets should continue to accelerate.
Security M&A Trends this Year
Thus far in 2019, there has been a drop off in private equity activity, with only two transactions so far. Deals by strategic acquirers account for 32 of the total 34 deals made in the first quarter.
But once again, infosec is one of the most active sectors for tech M&A. As the year progresses, it will be very exciting to see whether the sector is able to set a record for deal volume. On pace for nearly 140 transactions this year, 2019 is shaping up to be the most active ever in infosec M&A history.
Do you have your finger on the pulse of tech trends? Join the 451 Alliance for exclusive research content on industry-wide IT advancements. Do I qualify?