Oct 6, 2018

In hot cybersecurity market, acquisitions crowd out IPOs

Photo: Philippe Huguen/AFP/Getty Images

The market for cybersecurity startups is bubbling, but more of these new firms are choosing to sell out to larger companies than to grow into major independent players.

Between the lines: As a result, the big winners in cybersecurity investing right now tend to be founders and early-stage investors rather than larger venture capital and private equity (PE) firms.

There's strong interest from private equity firms: "Every color of private equity — VC, growth, and buyout — is chasing cybersecurity," says Kristjan Kornmayer, director of M&A Advisory Services with the Chertoff Group, a global security advisory firm. "But it’s especially tough for the big buyout shops. There are not enough mature, scaled opportunities to put real money to work."

  • Private equity firms often have large minimum investment amounts, but companies "get snapped up before reaching any significant size to be of interest to private equity," Kornmayer said.
  • Some PE firms are so interested in investing in cybersecurity firms, they're lowering their minimum investment expectations to get in the game before companies get acquired. "We are seeing some funds revisit their minimum equity checks to accommodate the realities of this market’s structure," Kornmayer tells Axios.

By the numbers: In the general market, PE firms normally invest a minimum of $100 million in a company. But in the cybersecurity market, PE firms' average investment, not their minimum, is approximately $80 million, per data PitchBook shared with Axios.

Driving the market: Cybersecurity firms are often formed to quickly meet and beat new threats as they emerge, and bigger firms are prone to snatching them up to show they are prepared to meet threats better than their competitors. "On the early stage side, corporate buyers are looking to add new technology capabilities as soon as the company proves itself," Kornmayer said.

The other side: The fast pace of acquisition is also rooted in how hard it is to make a cybersecurity solution that's relevant. RSA Security CTO Dr. Zulfikar Ramzan tells Axios that cybersecurity startups often end up "stumbling":

They haven’t been able to prove out they can do a proper go-to-market...By then their investors have sort of run out of patience and steam and they say 'Okay, we’re done, let's wind it down and sell the company for whatever we can get.'
— Dr. Zulfikar Ramzan, RSA Security's CTO

The bottom line: The pace of the market doesn't appear to be slowing anytime soon.

  • The cybersecurity M&A market is active and getting more active. Already in the first half of 2018 there were 101 M&As in the cybersecurity market, which is well on track to surpass the number of M&As that took place in all of last year, 178, per Momentum Cyber, a cybersecurity advisory firm.
  • Just this year, for example, cybersecurity firm Splunk has already acquired Phantom at $350 million and VictorOps at $120 million, and Palo Alto Networks has acquired Evident.io at $300 million and Secdo at $90 million.

What's next: PE firms are still hungry to invest in cybersecurity businesses — despite having to shift their expectations. "The industry’s size and growth justify the enthusiasm. We are talking about an $87 billion market growing 12% per year — that’s not easy to find," Kornmayer said.

Go deeper

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 932,605 — Total deaths: 46,809 — Total recoveries: 193,177Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 213,372 — Total deaths: 4,757 — Total recoveries: 8,474Map.
  3. Business updates: Very small businesses are bearing the brunt of the coronavirus job crisis.
  4. World update: Spain’s confirmed cases surpassed 100,000, and the nation saw its biggest daily death toll so far. More than 500 people were reported dead within the last 24 hours in the U.K., per Johns Hopkins.
  5. State updates: Florida and Pennsylvania are the latest states to issue stay-at-home orders — Michigan has more than 9,000 confirmed cases, an increase of 1,200 and 78 new deaths in 24 hours.
  6. Stock market updates: Stocks closed more than 4% lower on Wednesday, continuing a volatile stretch for the stock market amid the coronavirus outbreak.
  7. What should I do? Answers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

World coronavirus updates: Spain's health care system overloaded

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens and confirmed plus presumptive cases from the CDC

Two planes with protective equipment arrived to restock Spain’s overloaded public health system on Wednesday as confirmed cases surpassed 100,000 and the nation saw its biggest death toll so far, Reuters reports.

The big picture: COVID-19 cases surged past 900,000 and the global death toll surpassed 45,000 early Wednesday, per Johns Hopkins data. Italy has reported more than 12,000 deaths.

Go deeperArrowUpdated 2 hours ago - Health

FBI sees record number of gun background checks amid coronavirus

Guns on display at a store in Manassas, Va. Photo: Yasin Ozturk / Anadolu Agency via Getty

The FBI processed a record 3.7 million gun background checks in March — more than any month previously reported, according to the agency's latest data.

Driving the news: The spike's timing suggests it may be driven at least in part by the coronavirus.