As global economic conditions and geopolitical tensions affect business activities, the cybersecurity sector shows promise for growth and consolidation in merger and acquisition deals.
In 2024, the business landscape has been marked by significant unpredictability, influenced primarily by global economic conditions, elections in key nations, and increased geopolitical tensions. These factors have notably affected merger and acquisition (M&A) activities across various sectors, including cybersecurity. Stuart Pilgrim, Head of Cybersecurity M&A at KPMG UK, informed Infosecurity Magazine about the challenges facing M&A activities in 2024, stating, “With elections in the US and UK having now taken place, we are seeing more signs of activity and expecting this to continue into 2025.”
Despite the prevailing uncertainty, the cybersecurity sector remains highly fragmented, populated by numerous small businesses, which positions it well for consolidation. Analysts have identified key drivers for M&A activity this year, including a resurgence in private equity investments, a trend particularly pronounced following a quieter 2023. Mark Smith, Director at Houlihan Lokey’s Technology Group, elaborated on this resurgence, attributing it to increased confidence, significant funds available for investment, and the perception of cybersecurity as a high-growth and resilient market. He pointed out Thoma Bravo’s notable $5.3 billion acquisition of UK-based Darktrace in October 2024 as a prime example of this trend.
Smith also noted another driver is the increasing necessity for large cybersecurity firms to broaden their service offerings. This has led organisations to seek integrated solutions that reduce reliance on multiple vendors. Noteworthy transactions include Sophos’ planned acquisition of SecureWorks for $859 million and CyberArk’s $1.54 billion acquisition of Venafi, reflecting this growing trend towards comprehensive cybersecurity solutions. There is also particular interest in companies that provide Managed Detection and Response (MDR) services and Security Operations Centers (SOCs), as these can effectively monitor, detect, and respond to cyber threats.
Investors have shown a keen inclination towards building scalable cybersecurity platforms. According to Smith, “Investors are keen to build pure-play cybersecurity platforms of scale.” Pilgrim concurred, emphasising the appeal of “as-a-service” models, which provide recurring revenue and enhance customer retention.
As for predictions for 2025, both Pilgrim and Smith expect ongoing growth in cybersecurity M&A activity. They are forecasting a concentrated effort by strategic acquirers to invest in next-generation technologies, including artificial intelligence (AI) and automation, which could enhance productivity and help mitigate the perennial cyber skills gap. Pilgrim commented, “We may see a push towards investing in AI and automation capabilities, particularly for businesses who are running a SOC.”
The completion of some high-profile M&A deals in 2024 underscores these trends:
-
Cisco’s $28 billion acquisition of Splunk: Finalised on March 18, this acquisition is noted as Cisco’s largest ever, reflecting significant strategic intent in the cybersecurity domain.
-
Thoma Bravo’s acquisition of Darktrace for $5.3 billion: The deal, completed on October 1, is designed to fortify Darktrace’s growth as an independent entity specialising in AI-driven cybersecurity solutions.
-
Mastercard’s $2.65 billion deal for Recorded Future: Announced on September 12, this acquisition enhances Mastercard’s cybersecurity framework by integrating threat intelligence capabilities.
-
CyberArk’s acquisition of Venafi for $1.54 billion: Also finalised on October 1, this transaction aims to develop comprehensive machine identity solutions.
-
Permira’s $1.3 billion investment in BioCatch: Announced on September 9, this acquisition focuses on enhancing digital fraud detection technology, underlining the critical need for advanced biometric solutions.
Overall, the cybersecurity landscape in 2024 demonstrates significant activity despite the challenging economic backdrop. With numerous high-value deals occurring, the industry is viewed as a prime area for long-term investment and consolidation, setting the stage for further developments in 2025 and beyond.
Source: Noah Wire Services
- https://www.capstonepartners.com/insights/article-cybersecurity-ma-update/ – Corroborates the resurgence in cybersecurity M&A activity in 2024, driven by increased cyberattacks and integration of AI and ML technologies.
- https://www.crn.com/news/security/2024/10-key-cybersecurity-startup-acquisitions-in-2024-q3-q4 – Details key cybersecurity M&A deals in 2024, including Sophos’ planned acquisition of SecureWorks and other significant transactions, highlighting the trend towards comprehensive cybersecurity solutions.
- https://www.crn.com/news/security/2024/10-key-cybersecurity-startup-acquisitions-in-2024-q3-q4 – Provides examples of major acquisitions such as Palo Alto Networks buying IBM’s QRadar SaaS business and Fortinet’s acquisition of Lacework, supporting the trend of consolidation in the cybersecurity sector.
- https://solganick.com/cybersecurity-mergers-update-q3-2024/ – Discusses the improved M&A transaction activity in Q3 2024, the dominance of strategic buyers, and the focus on sub-sectors like Security Operations, Data Protection, and Risk Management.
- https://solganick.com/cybersecurity-mergers-update-q3-2024/ – Highlights the valuation multiples for publicly-traded cybersecurity companies and the increasing interest in data resilience and backup due to ransomware attacks.
- https://www.capstonepartners.com/insights/article-cybersecurity-ma-update/ – Mentions the strong public company valuations and stock price growth of companies like Check Point Software and CyberArk Software, reflecting optimistic sentiment about demand in the cybersecurity market.
- https://www.crn.com/news/security/2024/10-key-cybersecurity-startup-acquisitions-in-2024-q3-q4 – Details the acquisition of Noetic Cyber by Rapid7, focusing on cyber asset attack surface management (CAASM), which aligns with the trend of enhancing cybersecurity capabilities through M&A.
- https://solganick.com/cybersecurity-mergers-update-q3-2024/ – Predicts healthier M&A activity over the next 12 months due to ongoing consolidation across several cybersecurity sub-sectors and the potential impact of further interest rate cuts.
- https://www.capstonepartners.com/insights/article-cybersecurity-ma-update/ – Mentions the IPO of Rubrik, which exemplifies the strength of sector trends despite operating at a net loss, indicating strong investor confidence in cybersecurity companies.
- https://www.crn.com/news/security/2024/10-key-cybersecurity-startup-acquisitions-in-2024-q3-q4 – Highlights the focus on data security, SaaS security, identity management, cloud security, and attack surface management in recent cybersecurity startup acquisitions.
- https://solganick.com/cybersecurity-mergers-update-q3-2024/ – Emphasizes the appeal of ‘as-a-service’ models for recurring revenue and customer retention, aligning with the predictions for ongoing growth in cybersecurity M&A activity.
Automate Your Business
You are one step away from removing your bottlenecks, automating your business and getting your time back. It’s like hiring 3 staff members – minus the headache, minus the pensions, minus the sick pay!
Schedule a free automation consultation
Automate Your Business
You are one step away from removing your bottlenecks, automating your business and getting your time back. It’s like hiring 3 staff members – minus the headache, minus the pensions, minus the sick pay!
Schedule a free automation consultation
Automate Your Business
You are one step away from removing your bottlenecks, automating your business and getting your time back. It’s like hiring 3 staff members – minus the headache, minus the pensions, minus the sick pay!
