security

Security Alert: Cybersecurity Startup M&A On Pace For Weakest … – Crunchbase News


With the IPO pipeline still thawing, M&A may seem like a good alternative — especially in a difficult funding environment.

However, this year has proven to be a difficult one for any VC-backed startup looking for an M&A exit.

The first seven months of the year saw only 34 cyber startups get acquired, putting dealmaking at its slowest pace since 2017 — which witnessed only 52 startups get bought the entire year — according to Crunchbase data.

M&A dealmaking in cybersecurity hit a high in 2021, when 123 VC-backed companies were bought, per Crunchbase. That number fell about a third last year to only 82 such deals. This year’s pace represents another 25% decline.

“It’s not surprising,” said Umesh Padval, a venture partner at Thomvest Ventures who specializes in cyber, cloud infrastructure and generative AI. “There are macro trends right now creating terrible headwinds for dealmaking.”

Those headwinds include rising interest rates throughout the last year-plus, geopolitical tensions and an uneasy economy which has caused some companies to rein in their IT and cybersecurity spending.

Few big deals

With those headwinds blowing, not many large deals were made in the first half of the year.

The largest deal in the first six months was Hewlett Packard Enterprise announcing it would acquire cloud security provider Axis Security for $500 million in March. Later that same month, Cisco said it would buy cloud security platform Lightspin for $200 million.

Although the pace of dealmaking has not picked up thus far in the third quarter — only five deals have been made public — the size of a few deals may show a changing pattern.

In July, France-based tech firm Thales Group announced it was buying application security giant Imperva for $3.6 billion. Perhaps more importantly,  earlier this month Check Point Software said it would buy cloud-based security solutions provider Perimeter 81 for $490 million — less than half the $1 billion valuation it received last year after its Series C.

That last deal could be an indication some startups are willing to come down from valuations garnered during the heights of the venture market. Investors have said since last year that being stuck on those valuations would hinder the pace of dealmaking.

Startups have not needed to come off those valuations since so many were able to raise large amounts of cash the past few years, thus allowing them time to try to wait out the current market cuts to valuations.

However, that runway may be coming to an end.

“It takes time for that money to dry out of the system,” Padval said. “It takes about 15 to 18 months. That’s why I think toward the end of the year you will see things really pick up.”

While there has been hesitation from acquirers, investors and entrepreneurs concerning dealmaking in the first part of the year, that slowly is eroding, said Alberto Yépez, co-founder and managing director at Forgepoint Capital which specializes in cybersecurity and infrastructure software investments.

Readers Also Like:  Canada probing reports that B.C.-based company's drone tech ended up in Russia, Blair says - CBC.ca

“Despite the slow start, we have seen a shift around the midyear point,” he said. “I predict there will be a heavy drive toward M&A in Q4 and throughout 2024 — a higher volume of transactions at lower transaction values. It is now more of a buyers’ market.”

Aside from strategics, Yépez said, private equity firms are out shopping and many of them were very active on the sidelines of the BlackHat show last week in Las Vegas.

Window shopping

Whether it’s PE or strategic buyers, there likely are several areas of cybersecurity that could be appealing.

Cloud security already saw some big deals this year, and most investors expect that to continue.

Then there is the ever-present hype around AI — which also will play a role in cyber.

Padval said he expects to see growing interest in cybersecurity as it relates to AI — meaning security protecting AI modeling as well as AI being used in software applications.

Supply chain security, fraud detection solutions, and sign-on and verification technologies also could see more deals in the coming months, he added.

Other areas prime for consolidation likely include identity and DevOps, while other subsectors like data security, software supply chain, SMB security and, of course, AI seem set for innovation, Yépez said.

He added next-generation identity and access management platforms — an area which includes Forgepoint portfolio companies such as 1Kosmos and Ermetic — also could see significant growth.

However, how much the market picks back up will undoubtedly depend on those sky-high valuations of 2021 finally coming back to be more in tune with the new reality.

Readers Also Like:  AI Is on the World's Mind. Is the UN the Place to Figure Out What to ... - U.S. News & World Report

“Valuations have become more rational in the market as the tourist investors driving higher valuations in 2021 and 2022 have gone home,” Yépez said.

Methodology

Cybersecurity is defined by the industries of network security, cloud security and cybersecurity in the Crunchbase data set.

Related Crunchbase Pro query

Illustration: Dom Guzman


Stay up to date with recent funding rounds, acquisitions, and more with the
Crunchbase Daily.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.