Venture capital financing for cybersecurity firms was high throughout 2021, resulting in numerous new unicorns. Last year, and the first quarter of 2022, were also notable for the high number of cybersecurity mergers and acquisitions; and 2022 already looks set to be a new record year for M&A activity.
According to Progress Partners’ Market Report: Cybersecurity Q1 2022 (PDF), M&A activity leapt from $27.5 billion in 2020 to $70.4 billion in 2021. By the end of Q1 2022, it had already reached almost $27 billion.
Cybersecurity financing activity was similarly strong in 2021 at $25.6 billion (up from $11.1 billion in 2020). The latest figures, however, show a potential leveling or slight decline for the full year 2022, currently standing at $5.4 billion for Q1 2022.
It looks as if M&A investments are likely to continue, but VC financing may become trickier. SecurityWeek spoke with Eric Bell, managing director at Progress Partners, a Boston and New York-based investment and corporate advisory firm that works on both M&A and investment financing transactions. We wanted to understand why M&A and VC financing has been so high, and what is likely to happen in cybersecurity financing over the rest of 2022.
Bell explained that financing is still available, but the investors are becoming more cautious – and much of the investment activity in Q1 2022 was probably already in the pipeline from Q4 2021.
The first thing to understand is that there is no immediate or direct correlation between the disposable income in our own pockets and the money available to the international financiers. Personal income is rapidly hit by the immediate economy through inflation, but investor funds less so. “We’ve just been through an enormously long bull market,” said Bell, “and there’s tons of cash available – overall, there was more than $300 billion invested in private equity last year. The money is not going away, and we have new sources from sovereign wealth funds and government investments.”
The second thing is that companies have little choice but to increase their cybersecurity spend. While we can forgo that foreign holiday, corporations cannot forgo their cybersecurity spend. The COVID-induced work from home (WFH) and the new hybrid paradigm have dramatically increased companies’ threat surfaces, while the Russia/Ukraine war has increased the cyber threat from Russian speaking cyber gangs and Russian state actors. And governments are applying additional pressure through increased cybersecurity regulations.
The federal government is also increasing its cybersecurity budget in the US. “On March 28, the White House released its $5.8T FY2023 budget, which earmarked $22.1B for cybersecurity across Federal civilian and DoD agencies, a 12% increase from FY 2021 and the first time total Federal spending surpassed the $20B mark in the nation’s history,” notes the report. The FY2023 budget request includes roughly $10.9 billion for civilian cybersecurity-related activities
Fundamentally, the demand for cybersecurity products is high, and the finance to support new and existing security companies is available. But that doesn’t necessarily mean that investment funding will continue unaffected over the rest of the year.
“Where I see a little bit of a change in the market,” comments Bell, “is in the tone of the conversations I’ve been having with investors. They’re not as willing to enter companies at such high valuations. They are looking at current investments and doubling down on the winners and are not maybe deploying as much capital or risk at this moment into earlier stages or companies that don’t have proven track records.”
The implication is that the money is still available, but it will be harder for the new and unproven startups to access it because the investors are becoming more careful.
Strangely, part of the investors’ concern comes not from a lack of money, but because there has been too much money in the market. The investment formula is very simple: buy private companies, try to take them public, and sell them to others. The problem is, suggests Bell, “There’s too much money in the investors’ pockets, and they’re forcing themselves to find opportunity. And when you have that much money and you feel a lot of competition from thousands of other investors with billions of dollars on their balance sheet, inevitably you’re starting to build your portfolio with too much risk.”
He uses Tiger Global Management as an example – a major investment firm with strong representation in cyber. “In Q1 2022, they were down 36%,” said Bell. “That’s their worst performance ever, and follows eight or nine years of blowout growth. When you start to see funds that size with that much clout in the market, beginning to take some hits. I think it is a leading indicator for down the road – I do think the glut of money that has gone into private equity and venture capital is going to start slowing to some extent.”
This hasn’t caused panic among investors but attests to changing priorities. “They’re now talking about cleaning up – not cleaning out but cleaning up – their portfolios. They are trying to focus on integrating a lot of acquisitions they’ve already made.”
This suggests that for the rest of 2022, activity will focus on mergers and acquisitions, aligning two already proven technologies rather than betting heavily on a new one. Bell doesn’t believe that investment finance will come to a dramatic end, but that the investors will be more cautious. This will particularly affect the startups.
There are always new cybersecurity threats, and new companies with new technologies to combat those threats. Getting startup funding will become more difficult this year. “The investors will be asking if the company has real technology for the problem. They’ll be looking for a platform, experience and a demonstrable market. Then they’ll start running numbers, and may conclude that they could potentially exit at a particular value in the future. But in early venture capital stages, they’re really looking at the strength of the management team.”
As things stand after Q1 2022, Bell believes that M&A activity will continue, but that investment growth financing will be at more conservative levels. You can track Bell’s predictions by checking SecurityWeek’s regular M&A roundups and continuous funding reports.
Related: SecurityWeek Study: Over 430 Cybersecurity Mergers & Acquisitions Announced in 2021
Related: Cybersecurity M&A Roundup for April 1-15, 2022
Related: Cybersecurity M&A Roundup: 40 Deals Announced in March 2022
Related: Security Analytics Firm Securonix Scores $1 Billion+ Growth Investment