Mergers & Acquisitions (M&A) activity in cybersecurity continues to cause uncertainty in the investment community as the market gives out mixed messages on the future growth of the sector. From the vertical perspective, the cybersecurity opportunity continues to show strong growth compared to the rest of the telecom and IT market as global enterprise clients continue to be challenged by the ever increasing cyber threats to their businesses, resulting in spend remaining stable under the current economic climate, with some industry experts predicting spend above $160 bn in 2023, and increasing above $280 bn by 2026.

However, GlobalData’s deals database highlights that in value, cybersecurity deal activity decreased previously by 98% in Q3 2022, compared to the previous year’s Q3 total of $7.7 bn. Similarly, deal volume also remained flat in Q3 2022, compared to Q3 in 2021, and was even lower by 33% in the same quarter in 2021. These trends indicate that although revenues amongst cybersecurity companies remain positive there are still investment reservations in cybersecurity due to the unsettling economic climate, and a possibility that cybersecurity stocks could follow in a similar fashion to telco stocks.

Investors continue to take more risk in strategically investing in cybersecurity

Taking into consideration cybersecurity investment trends, M&A in cybersecurity has picked up again in Q4 2022 to what they were in 2020. Recent investment examples include Simeio acquiring the identity and access management (IAM) player PathMaker, reinforcing the messaging that global players are making strategic investments in key high growth cybersecurity technology markets.

Other examples include German owned Veridos acquiring a stake in identity solutions provider NetSet Global Solutions, and US based Radiant Logic agreeing to acquire Brainwave, an analytics and governance company. These examples of investment deals are in addition to some of the larger acquisitions in 2022 which included Google’s acquisition of Mandiant for $5.4bn, and Nitro Bidco/Norton LifeLock’s merger of Avast for $9.06bn.

A focus on managed security service companies

From a technology perspective Google’s acquisition of Mandiant is interesting as there’s a real focus by hyperscalers and venture capitalists in acquiring managed security service companies in areas like extended detection and response (XDR) and cloud security. In Google’s case the acquisition advances the company’s security offerings for cloud environments through Mandiant’s Advantage SaaS platform. Other key technological cybersecurity investment areas would include targeting innovative companies bringing automation, analytics, and artificial intelligence to cybersecurity, driving converged network and cloud security built on zero trust frameworks, and investment in DevSecOps to name a few.

Lastly, the market has seen investments in early stage cybersecurity to remain stable, including for example a record $8.8bn raised in cybersecurity investments in 2021 in countries like Israel.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

However, as the market moves forward, investors will be looking for target companies that can demonstrate sustainable growth over longer investment periods to make them interesting acquisitions. Additionally, there will be a number of established early stage startups unable to secure additional levels of funding required. The most interesting of these companies could potentially be  targets for acquisition by some of the larger players looking to bring in capabilities in key product areas. In summary, investor success in cybersecurity over the next couple of years will be characterized by, (i) global players acquiring key product growth players like in the area of cloud security, IAM and XDR; and (ii) seasoned technology investment companies that can bring in the skills and knowhow to grow early stage start ups to a successful exit.