The Cyber Security Investment Boom Continues

Despite big economic problems elsewhere, 2020 and 2021 were very good years for the cyber security industry, with 178 strategic merger and acquisition (M&A) deals in 2020, and 223 deals in the first three quarters of 2021 alone. 

Venture capital financing for cyber security firms has also been very high, resulting in a number of 'unicorns' - a company with an investment valuation of more than one billion dollars. 

According to Progress Partners’ Market Report: Cybersecurity Q1 2022, M&A activity leapt from $27.5 billion in 2020 to $70.4 billion in 2021 and by the end of the first quarter of 2022, it had reached almost $27 billion, on track to exceed previous years.

In the first quarter of 2022 has been remarkable for the high number of cyber security M&A transactions and right now deals are mostly being driven by large corporations in telecoms, aerospace and energy acquiring cyber security technology to strengthen their core operations. 

Larger firms are looking to expand their capabilities. 

• Google made  its largest acquisition in  a decade, paying  $5.4 billion in cash for Mandiant, a company that specialises in tracking the activities of hackers and cyber spies, best known for uncovering the SolarWinds hack in 2020.

• Recorded Future’s recent acquisition of SecurityTrails is one example, adding attack surface monitoring technology to Recorded Future’s existing capabilities.

However,  the latest M&A figures suggest  a levelling  off for the full year 2022 and sources suggest that while M&A activity will continue, access to VC financing may become more difficult as investors respond to a number of risk factors: 

• The COVID-induced work from home (WFH) and the new hybrid working paradigm have dramatically increased companies’ threat surfaces.

• Russia's attempted invasion of Ukraine war has increased the cyber threat from both Russian speaking cyber criminals and Russian state actors.

• Governments worldwide are applying pressure through increased mandatory cyber security regulations.

While demand for cyber security products will remain high and the finance to support new and existing security companies is available, the pace of investment funding may slow over the next few months, due to these perceived risk factors.

The implication is that the money is still available, but that it will be harder for the new and unproven startups to access it because the investors are becoming more risk-averse.

Part of VC investors’ caution might  be because there has been too much money chasing a simple investment formula - buy private companies, to take them public and sell them to others - risking 'dumb deals'. The rest of 2022, activity is more likely to focus on M&A that consolidates proven technologies rather than betting heavily on new ones. Getting startup funding will become more difficult for the rest of 2022.

As new cyber security threats emerge, new companies with new technologies will be created to combat those threats. The fundamental growth in the sector will ensure that startups will be funded and incumbent players will continue to acquire fresh security technologies and talent via M&A. 

As things stand after Q1 2022, M&A activity will continue, but investment growth financing will be at a more cautious level. 

Progress Partners:   ARN      Forbes:    Security Week:    TechAdvisor:   Dark Reading:  

You Might Also Read: 

Software Industry Mergers and Acquisitions 2022: