Your browser is no longer supported. Please upgrade your browser to improve your experience.

Cybersecurity defies current macroeconomic headwinds, with M&A activity predicted to surpass pre-Covid levels

October 12, 2022 | News

The cybersecurity sector is leading the way for M&A and fundraising activity in 2022, says tech-focused investment bank ICON Corporate Finance, with deal activity for Q1-Q3 up 60% compared to 2020 for M&A and +22% for fundraising.

Revealed in ICON’s latest Cybersecurity report, the sector is proving recession-proof and remains a vital growth area, defying current troubling macroeconomic headwinds. Enterprises recognise that they must continue investing in cyber defences regardless to protect against an increasingly sophisticated threat landscape, and as a result of significant geopolitical and economic uncertainty. This in turn continues to drive M&A and fundraising deal activity. ICON’s report investigates the fundamentals behind why this is the case.

Key insights: 

  • The first three quarters of 2022 recorded 353 cybersecurity M&A deals, with a total value of $125 billion. As a result, the sector is on track to surpass pre-Covid levels
  • Vendor platform consolidation, largely backed by Private Equity, is a major driver behind the sustained deal activity
  • Fundraising activity remained in line with long-term trends: $15.4bn of VC money was invested in the sector globally across 572 deals Q1-Q3
  • After an 18-month-long bull run, public cybersecurity stocks have reset at lower levels but continue trading at a significant premium compared to the broader tech market. Growth is the main valuation driver: The top quartile is trading at 8.6x revenues, with growth at +34.4% 21-22E (3.6x revenues, and +6.1% growth, respectively, for the bottom quartile)
  • Recent downgrades in valuations have led to a large number of take-private transactions – most recently, Vista Equity offered to acquire KnowBe4 at a valuation of $4.22 bn, which represents a valuation premium of nearly 39% to KnowBe4’s prior closing price on Sep 16
  • ICON predicts that consolidation will continue at pace as trade and Private Equity acquirers are ready to capitalise on the extraordinary market opportunity

Protecting mission-critical data, applications and infrastructure remains a board-level investment priority for public and private organisations. The report highlights that from 2020 to 2022, average data breach costs surged 13% to $4.35m. Financial institutions became a particular target, with malware attacks doubling in H1 2022 and ransomware attacks increasing by 243% against financial targets.

Report author Florian Depner, Director of ICON Corporate Finance, explains: “In our report, we ask the key question: Is the cybersecurity sector and related deal activity recession-proof?

“The answer, in short, is a strong yes. Enterprises recognise that they must continue hardening their security defences to keep above water in the arms race between good and bad. Cybersecurity is mission-critical and companies have no choice but to keep investing given the uplift in malicious activity, and state backed attacks. Consequently, capital will continue to flow into the sector, which in turn spurs M&A and fundraising activity.”

Florian Depner added: “We believe that cybersecurity deal activity, both in the US and Europe, will be fuelled by Private Equity, providing a more attractive exit alternative to existing shareholders than the IPO route, as demonstrated by KKR’s acquisition of diversified enterprise security specialist Barracuda for $3.9bn in April 2022.

“We also anticipate that Private Equity will continue injecting much needed growth fuel into later-stage scale-up companies; a trend demonstrated by the BlackRock-backed $250m investment in Swiss-based storage management and personal backup services provider Acronis. These factors, combined with Private Equity backing buy-and-build strategies and vendor platform consolidation, and the fact that the three-year cyber security index for public sector stocks rose 61.5%, while NASDAQ rose just 35.5%, makes cybersecurity players undeniably desirable. That’s creating a buoyant market for cybersecurity deals and investment.”

To read the full report, click here.

Recent ICON deals include advising on the acquisition of ForePaaS by OVHCloud, the European leader in cloud computing; securing growth funding for global software company TimeXTender from growth equity investor Monterro; and acting for Cloud Direct on its strategic investment from Crayon Group.