Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybersecurity Funding

Cybersecurity M&A Activity to Continue; Growth Funding to be More Conservative

 

 

Cybersecurity M&A Trends | 2022Venture capital financing for cybersecurity firms was high throughout 2021, resulting in numerous new unicorns. Last year, and the first quarter of 2022, were also notable for the high number of cybersecurity mergers and acquisitions; and 2022 already looks set to be a new record year for M&A activity.

According to Progress Partners’ Market Report: Cybersecurity Q1 2022 (PDF), M&A activity leapt from $27.5 billion in 2020 to $70.4 billion in 2021. By the end of Q1 2022, it had already reached almost $27 billion.

Cybersecurity financing activity was similarly strong in 2021 at $25.6 billion (up from $11.1 billion in 2020). The latest figures, however, show a potential leveling or slight decline for the full year 2022, currently standing at $5.4 billion for Q1 2022.

It looks as if M&A investments are likely to continue, but VC financing may become trickier. SecurityWeek spoke with Eric Bell, managing director at Progress Partners, a Boston and New York-based investment and corporate advisory firm that works on both M&A and investment financing transactions. We wanted to understand why M&A and VC financing has been so high, and what is likely to happen in cybersecurity financing over the rest of 2022.

Bell explained that financing is still available, but the investors are becoming more cautious – and much of the investment activity in Q1 2022 was probably already in the pipeline from Q4 2021.

The first thing to understand is that there is no immediate or direct correlation between the disposable income in our own pockets and the money available to the international financiers. Personal income is rapidly hit by the immediate economy through inflation, but investor funds less so. “We’ve just been through an enormously long bull market,” said Bell, “and there’s tons of cash available – overall, there was more than $300 billion invested in private equity last year. The money is not going away, and we have new sources from sovereign wealth funds and government investments.”

The second thing is that companies have little choice but to increase their cybersecurity spend. While we can forgo that foreign holiday, corporations cannot forgo their cybersecurity spend. The COVID-induced work from home (WFH) and the new hybrid paradigm have dramatically increased companies’ threat surfaces, while the Russia/Ukraine war has increased the cyber threat from Russian speaking cyber gangs and Russian state actors. And governments are applying additional pressure through increased cybersecurity regulations.

The federal government is also increasing its cybersecurity budget in the US. “On March 28, the White House released its $5.8T FY2023 budget, which earmarked $22.1B for cybersecurity across Federal civilian and DoD agencies, a 12% increase from FY 2021 and the first time total Federal spending surpassed the $20B mark in the nation’s history,” notes the report. The FY2023 budget request includes roughly $10.9 billion for civilian cybersecurity-related activities

Advertisement. Scroll to continue reading.

Fundamentally, the demand for cybersecurity products is high, and the finance to support new and existing security companies is available. But that doesn’t necessarily mean that investment funding will continue unaffected over the rest of the year.

“Where I see a little bit of a change in the market,” comments Bell, “is in the tone of the conversations I’ve been having with investors. They’re not as willing to enter companies at such high valuations. They are looking at current investments and doubling down on the winners and are not maybe deploying as much capital or risk at this moment into earlier stages or companies that don’t have proven track records.”

The implication is that the money is still available, but it will be harder for the new and unproven startups to access it because the investors are becoming more careful.

Strangely, part of the investors’ concern comes not from a lack of money, but because there has been too much money in the market. The investment formula is very simple: buy private companies, try to take them public, and sell them to others. The problem is, suggests Bell, “There’s too much money in the investors’ pockets, and they’re forcing themselves to find opportunity. And when you have that much money and you feel a lot of competition from thousands of other investors with billions of dollars on their balance sheet, inevitably you’re starting to build your portfolio with too much risk.”

He uses Tiger Global Management as an example – a major investment firm with strong representation in cyber. “In Q1 2022, they were down 36%,” said Bell. “That’s their worst performance ever, and follows eight or nine years of blowout growth. When you start to see funds that size with that much clout in the market, beginning to take some hits. I think it is a leading indicator for down the road – I do think the glut of money that has gone into private equity and venture capital is going to start slowing to some extent.”

This hasn’t caused panic among investors but attests to changing priorities. “They’re now talking about cleaning up – not cleaning out but cleaning up – their portfolios. They are trying to focus on integrating a lot of acquisitions they’ve already made.”

This suggests that for the rest of 2022, activity will focus on mergers and acquisitions, aligning two already proven technologies rather than betting heavily on a new one. Bell doesn’t believe that investment finance will come to a dramatic end, but that the investors will be more cautious. This will particularly affect the startups.

There are always new cybersecurity threats, and new companies with new technologies to combat those threats. Getting startup funding will become more difficult this year. “The investors will be asking if the company has real technology for the problem. They’ll be looking for a platform, experience and a demonstrable market. Then they’ll start running numbers, and may conclude that they could potentially exit at a particular value in the future. But in early venture capital stages, they’re really looking at the strength of the management team.”

As things stand after Q1 2022, Bell believes that M&A activity will continue, but that investment growth financing will be at more conservative levels. You can track Bell’s predictions by checking SecurityWeek’s regular M&A roundups and continuous funding reports.

Related: SecurityWeek Study: Over 430 Cybersecurity Mergers & Acquisitions Announced in 2021

Related: Cybersecurity M&A Roundup for April 1-15, 2022

Related: Cybersecurity M&A Roundup: 40 Deals Announced in March 2022

Related: Security Analytics Firm Securonix Scores $1 Billion+ Growth Investment

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.