Cybersecurity Growth Investment Flat, M&A Activity Strong for 2022

Global markets have suffered following the first Covid-19 pandemic and the Russian invasion of Ukraine – but sales of cybersecurity software have remained strong. VC investment in cybersecurity has adapted to the world economy rather than stalled.

Progress Partner’s Market Report: Cybersecurity Q2 2022 (PDF) points out that VC and PE investment has remained flat at $5.4 billion (across fewer deals), M&A activity has been strong with 118 deals worth nearly $89 billion. This could be distorted by the Broadcom acquisition of VMWare for $69.2 billion ($61 billion in cash and stock, along with $8 billion assumption of debt).

Technology in general has suffered in the current economy, with (says the report), “barren IPO markets, weak post-IPO performance, rising interest rates, and ongoing global supply chain issues.” But not the cybersecurity software market. “Cyberattacks are on the rise, cybersecurity companies must continuously innovate, and investors/buyers will continue to invest in cybersecurity as new addressable markets emerge and opportunities arise.”

The combined effect of these somewhat conflicting pressures leads Progress to predict continued, if fluctuating, cybersecurity investment and M&A activity for the rest of 2022. However, while investment will continue, it doesn’t mean that the overall market is thriving – revenue multiples for cybersecurity stocks hit a two-year low.

“With midterm elections in November, continued rate hikes, and no near-term solution to supply chain challenges on the horizon, we anticipate continued market volatility for the remainder of the year,” warns Progress.

Investment has remained flat in Q2, with the total invested ($5.4 billion) almost the same as that for Q1. This puts the potential total for 2022 at slightly less than that for 2021 ($25.6 billion), but already close to the total for 2020 ($11.1 billion). 

Some cybersecurity sectors are currently performing better than others. Application security garnered 12% of the investment funds, data protection came second with 8%, and threat and vulnerability management accrued 7%.

M&A activity has remained strong. Despite the macroeconomics, finance firms have more than a trillion dollars of ‘dry powder’ that they must put somewhere. In many cases, merging two proven companies is considered less a risk than betting on the future of a possibly unproven young firm. This is typified by the acquisition of VMWare by Broadcom for $69.2 billion, and Progress expects the M&A market to remain strong for 2022.

One new area that Progress is monitoring is quantum computing. It notes that state investment is very different across the world, with China and the EU having announced funding of $22 billion for their quantum programs. Far behind is the US ($1.3 billion) and the UK ($!.2 billion). Private investment in quantum computing expanded after 2017, and includes a $1.5 billion Series D round raised by SandboxAQ (spun out of Alphabet and led by former Google CEO Eric Schmidt) in March 2020.

Surprisingly slow, however, has been investment in post quantum cryptography, despite the urgency apparent from NIST’s rapid progress in its post quantum cryptography competition. “Given the newfound interest in the space, government directives and high-profile investments in quantum computing, we anticipate investor interest and funding into companies focusing on cryptographic and encryption use cases will grow in the coming years,” notes Progress.

Related: Over 230 Cybersecurity M&A Deals Announced in First Half of 2022

Related: Cybersecurity M&A Activity to Continue; Growth Funding to be More Conservative

Related: How a VC Chooses Which Cybersecurity Startups to Fund in Challenging Times

Related: QuSecure Scores Post-Quantum Cybersecurity Contract Worth More Than $100M Annually