Cybersecurity In Mergers & Acquisitions
Cybersecurity – what is happening?
The cybersecurity sector remains fast-moving, and continually subject to change in products, services and market approaches. The government published the National Cyber Strategy in December 2021, which lays out how the government will ensure that the UK continues to flourish as a leading, responsible and democratic cyber power. There are an estimated 1,838 active firms within the UK that provide cybersecurity products and services and the estimated annual revenue for 2021 within the sector reached £10.1 billion (£1.1 billion of this is derived from micro and small cyber firms that attribute to 81% of the active firms).
Almost two thirds of UK organisations are increasing their cybersecurity budgets in 2022, which is hardly surprising when we take into consideration the new norm of working from home and hybrid working because of the pandemic. In fact, 67% of companies have been impacted by more successful cyberattacks since the pandemic. As quickly as businesses reimagined their workplaces, cybercriminals have reimagined their ways of stealing data. Therefore, staying astute in terms of having a vigilant approach to vulnerability management with cybersecurity is more important than ever.
M&A within Telecoms, media and technology (TMT)
As we all know, telecoms, media and technology (TMT) is one of the more attractive sectors in M&A. Cybersecurity is one of the most lucrative yet challenging subsectors within TMT M&A. Although opinions are divided, many feel that cyber is more attractive than other sub-sectors such as cloud tech and data analytics.
Companies across all sectors have had to invest in their digital transformation to support hybrid, remote and agile working. This has led to increased demand for the services of technology providers and increased M&A activity. Companies that provide the underlying software or services continue to grow quickly and fuel M&A activity.
Notable transactions within the cybersecurity space include the merger of consumer security-focused giants NortonLifeLock and Avast, private equity group Symphony Technology Group’s eye-watering $1.2billion acquisition and subsequent merger of McAfee Enterprise and FireEye. August Equity backed Integrity360 acquired Caretower, a smaller managed cybersecurity specialist. KBS Corporate have also completed a number of deals within the sector including the sale of SARN Technologies to Razorblue, the sale of Wavehill IT to Network Communications Group. Even more excitingly, KBS are currently overseeing the sale of a cyber security company to a large private equity owned business that is due to complete in the coming weeks.
Whilst many areas of cyber security remain very fragmented, it is expected that private equity investors will continue to seek in areas of cyber security that are not the focus of investors in public markets (for example, email security specialists Proofpoint and Mimecast were acquired by private equity groups Thoma Bravo and Permira, respectively, in 2021). The private equity groups hope to increase the value of these businesses and take them public again in a couple of years.
Environmental, social and corporate governance (ESG) within Cyber deals
Sustainability is a key focus for operators across all industries and cybersecurity is no exception to this. Acquirers, investors and operators alike are highly focused on their environmental, social and corporate governance strategies to satisfy expectations of investors, regulators and consumers. ESG priorities will no doubt be a more increasingly common theme in due diligence processes; therefore, deals that have a positive ESG impact will have a far higher chance of approval from investment committees and shareholders. Things like initiative measurements in terms of carbon footprint reduction and higher digital inclusion are key points that can make or break a deal.