Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Funding/M&A

SecurityWeek Analysis: Cybersecurity M&A Dropping, Over 400 Deals Announced in 2023

An analysis conducted by SecurityWeek shows that 413 cybersecurity-related mergers and acquisitions were announced in 2023.

Cybersecurity M&A 2024

An analysis conducted by SecurityWeek shows that more than 400 cybersecurity-related mergers and acquisitions were announced in 2023, with a drop seen in both volume and disclosed deal value.

In 2023, SecurityWeek tracked a total of 413 M&A deals, which represents an 8% drop compared to 2022. In 2023, we started tracking deals involving pure-play cybersecurity companies separately and found that 243 transactions involved such firms. 

A majority of the M&A deals seen in 2023 involved North American companies, followed by Europe and Asia. The number of deals involving companies located in North America has dropped significantly compared to last year, from 369 to 273. 

On the other hand, there has been an increase in the number of deals involving companies located in Asia, from 29 to 50, and Oceania, from 18 to 26. This increase was mainly driven by Israel and Australia, which overtook Canada and Germany for the third and fourth places.

The United States continues to lead in terms of number of deals, but there was a drop of nearly 100 acquisitions in 2023 compared to 2022 — from 358 to 262. The UK continues to be second, with 48 acquisitions, fewer than the 61 tracked in 2022. 

Ireland and Sweden stand out in this year’s report. Irish companies were involved in 18 M&A deals and Swedish firms in 15 deals — the numbers have doubled in both cases compared to 2022. The number of deals involving companies based in the United Arab Emirates have also doubled, from 4 to 8.

Financial details are known for 58 of the 413 deals announced in 2023, for a total disclosed value of roughly $50.4 billion. Financial information was made public for 41 deals involving pure-play cybersecurity companies, for a total disclosed value of $14.3 billion. 

There were six deals valued at over $1 billion, four of which involved companies offering only cybersecurity solutions. These include Thales acquiring Imperva ($3.6 billion), TPG acquiring Forcepoint ($2.5 billion), Francisco Partners acquiring Sumo Logic ($1.7 billion), and Thoma Bravo acquiring Magnet Forensics ($1.3 billion).

Another noteworthy deal is Cisco’s acquisition of Splunk for $28 billion. While Cisco and Splunk are not pure-play cybersecurity firms, cybersecurity is the focus of the deal. 

Of the 20 mergers and acquisitions in the range of $100 million – $1 billion, 15 involved pure cybersecurity companies.  

In comparison, in 2022, financial details of the transaction were made public in 62 cases for a total of $63 billion in disclosed deal value. Ten deals exceeded the $1 billion mark, including six involving pure cybersecurity firms for a total disclosed value of $26 billion. 

Advertisement. Scroll to continue reading.

SecurityWeek’s data shows that 155 deals involved managed security solutions providers (MSSPs). This includes product distributors and companies that offer other products and services in addition to cybersecurity. Only 37 of the MSSPs are pure cybersecurity providers.

While it’s important to keep track of these transactions as they play a significant role in the cybersecurity industry, we are currently tracking them separately in an effort to get a better view of the other categories.   

Last year saw 68 deals involving companies that offer governance, risk management and compliance (GRC) solutions and services, 10 deals more compared to 2022. This category also includes audit, assessment, vulnerability management, penetration testing, attack surface management, and cyber insurance firms. 

Identity and network security have remained on the second and third positions, with 40 deals each, roughly the same number of deals as in 2022. 

Private equity companies announced 37 acquisitions last year, including two dozen involving companies that only offer cybersecurity solutions. Financial details were disclosed for 13 transactions, with a total value of $17.1 billion. The number of deals involving investment firms doubled compared to the previous year. 

Government contractors were also involved in 37 deals in 2023. One-third of these transactions targeted pure-play cybersecurity firms. 

Data protection dropped from the fourth position in 2022 to the eighth position in 2023, and cloud and container firm deals dropped from sixth to tenth place. Application security also dropped, from the seventh to the eleventh position. 

There has also been a significant decrease in the number of deals involving organizations that offer training. 

Incident response, on the other hand, has been increasing, driven by companies wanting to expand their capabilities and private equity firms seeing this segment as a good investment opportunity. For the purpose of this analysis, incident response also includes SOAR, SIEM, SOC, and forensics.

Nine deals involved companies providing industrial cybersecurity solutions, and three deals involved special purpose acquisition companies (SPACs) in 2023. 

The ‘specialized’ category, which in 2023 had 28 deals, is for companies that provide highly focused cybersecurity services. This can include blockchain, quantum, payment, PR, healthcare, hardware, certification, and automotive firms.  

Monthly summaries of cybersecurity H1 2023 M&A deals: January, February, March, April, May, June, July, August, September, October, November, December

Methodology: The data was collected through news distribution services, Google searches and pitches from PR companies. The data includes companies that issued press releases announcing or mentioning acquisitions, as well as deals that have been privately reported to SecurityWeek. All deals that had a cybersecurity component have been taken into account for this study. Mergers and acquisitions that did not have an English-language announcement may not be included. The data could also include some deals that may have not been completed after they were announced. 

The GRC category includes governance, compliance, risk management, audit, assessment, vulnerability management, penetration testing, attack surface management, and cyber insurance. Network security includes endpoint security, MDR, XDR, NDR, and SASE. Identity includes IAM, PAM, secure access, authentication, and authorization. Incident response includes SOAR, SIEM, SOC, and forensics. ‘Other (specialized)’ includes hardware, blockchain, quantum, payment, healthcare, PR, education, certification, design, workforce, communications, and automotive. Data protection includes encryption/cryptography, VPN, privacy and backup. MSSP includes cybersecurity solution distributors and companies that do not develop their own products or solutions.

Related: Cybersecurity Funding Dropped 40% in 2023: Analysis

Related: SecurityWeek Study: Over 430 Cybersecurity Mergers & Acquisitions Announced in 2021

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cyber Insurance

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Funding/M&A

Thirty-five cybersecurity-related M&A deals were announced in February 2023

Funding/M&A

Forty-one cybersecurity-related M&A deals were announced in March 2023.

Funding/M&A

Forty cybersecurity-related M&A deals were announced in January 2023.