Cybersecurity Acquisitions, Mergers Heat Up After Pandemic-Prompted Pause
More acquisitions could occur before any possible federal tax increases.
![Mergers acquisitions m&a goldfish crackers Mergers acquisitions m&a goldfish crackers](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt981da5ac5f4518db/65241c586868b4321c3c7d3d/Mergers-Acquisitions-MA-goldfish-crackers-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
Private equity firm Thoma Bravo is shelling out a whopping $12.3 billion for Proofpoint.
“As ransomware attacks have become daily headline news around the world, the world’s largest private equity firms have identified an enormous total available market for a wide range of cybersecurity services, from assessments to penetration testing, to managed detection and response (MDR),” said the CFA’s John Holland. “Bain Capital, Carlyle Group, KKR, Silver Lake Partners, and Vista Equity have jumped into the cybersecurity industry with acquisitions.”
Cloud-native security is a particularly active part of cybersecurity M&A, Holland said.
“Over the past few years, businesses have been racing to migrate applications to Azure, AWS, Google Cloud, and the myriad of private cloud hosting companies without fully comprehending the cybersecurity risks of the public cloud, private cloud, hybrid cloud and the Kubernetes/container technology that enables fluid migrations between these various cloud platforms,” he said. “Let me cite two acquisitions in this space in Q2 2021. In Q2 2021, Bain Capital and Crosspoint Capital acquired ExtraHop, a cloud-native network detection and response solutions provider. Also in Q2 2021, there was an interesting merger of AWS advanced consulting partner Zuggand with Cyber Security Works, a company that provides vulnerability management as a service.”
In late July, CDW acquired Focal Point Data Risk, a provider of cybersecurity services with customers across a diverse set of industries. CDW said adding Focal Point’s array of security consulting, customer workforce skills development and professional services capabilities expands its services portfolio and enhances its ability to address risks posed by malicious cyber threats and cyber workforce shortages, while helping customers successfully navigate shifting data protection laws.
In April, cybersecurity provider Coalfire acquired Neuralys, a cloud-based penetration testing management platform. Neuralys’ platform streamlines visibility, vulnerability aggregation, asset management and reporting to enforce organizational accountability and to implement mitigation strategies. In late 2019, Coalfire entered into a partnership with Neuralys to align its product roadmap with the company’s well-established pen testing services portfolio.
In June, Deloitte acquired Terbium Labs, a digital risk protection solution provider that identifies illicit use of sensitive data online. Also that month, Deloitte acquired CloudQuest, a cloud security posture management (CSPM) provider.
And last month, Deloitte announced its acquisitions of TransientX and Sentek Global.
In May, Fidelis Cybersecurity acquired CloudPassage. CloudPassage is a provider of cloud security and compliance services. Fidelis said the acquisition enhances its extended detection and response (XDR) platform to include cloud security and compliance.
In May, Forcepoint acquired Cyberinc, a provider of remote browser isolation (RBI) technology. It will integrate Cyberinc‘s Smart Isolation capabilities into its secure access service edge (SASE) infrastructure.
Also in June, Forcepoint announced it is acquiring U.K.-based Deep Secure to expand its portfolio for securing governments and critical infrastructure organizations.
In June, Pondurance, a provider of managed detection and response (MDR) services, announced the acquisition of advisory and assessment services provider Bearing Cybersecurity. Pondurance will integrate Bearing Cybersecurity’s flagship cloud-based platform, MyCyberScorecard, into its portfolio of advisory and managed services solutions.
In June, Evergreen Services Group, a family of managed IT services companies, announced it is acquiring VirtualArmour, a global MSSP. In VirtualArmour, Evergreen sees the opportunity to enhance its capabilities in the cybersecurity services market that is complementary to its portfolio of MSPs.
In April, global IT services firm Wipro acquired Australia-based Ampion, a provider of cybersecurity, DevOp and engineering services. Wipro said the acquisition is important to its new operating model emphasizing strategic investments in focus geographies, proximity to customers, agility, scale and localization.
In April, global IT services firm Wipro acquired Australia-based Ampion, a provider of cybersecurity, DevOp and engineering services. Wipro said the acquisition is important to its new operating model emphasizing strategic investments in focus geographies, proximity to customers, agility, scale and localization.
Cybersecurity mergers and acquisitions (M&A) rebounded after grinding to a halt during most of 2020 due to the COVID-19 pandemic.
That’s according to the latest Corporate Finance Associates (CFA) quarterly report on M&A in the technology services industry. CFA’s investment banking team reviewed the M&A activity of the largest technology services businesses and highlighted the key acquired technologies.
Keep up with the latest channel-impacting mergers and acquisitions in our M&A roundup. |
CFA’s John Holland
John Holland is the CFA’s managing director.
“The pandemic shocked the capital markets in March and April of 2020,” he said. “The pandemic caused the suspension or collapse of M&A deals at the time.”
Cybersecurity M&A Peaked in Q1
Cybersecurity acquisitions peaked during the first quarter of this year as many stalled deals finally crossed the finish line. The volume of M&A deals during the second quarter returned to a high, but not extraordinary level.
“Factors on both the sell-side and the buy-side are fueling the current frenzied pace of M&A activity,” Holland said. “As long as interest rates remain relatively low, acquirers will reap a relatively high return on investment from acquisitions.”
Meanwhile, many owners of privately held businesses expect the Biden administration to raise capital gains taxes significantly this year or next year, he said.
“Even if the Biden administration does not pass any legislation to raise capital gains taxes, many business owners expect tax increases in the future to cover the elevated federal government expenses,” Holland said.
Business owners could sell before any tax increases take effect, he said.
“Therefore, it’s a perfect storm with both acquirers and sellers of businesses highly motivated to execute M&A transactions,” Holland said.
Over the past few years, some global accounting/consultancy firms have built up their cybersecurity practices via acquisition, he said.
“This is an important trend that will continue as firms like Accenture, Deloitte, EY and KPMG that are trusted by so many enterprises capitalize upon the growing demand for cybersecurity solutions amongst businesses of all sizes,” Holland said. “Accenture has been the most acquisitive of these accounting/consultancy firms.”
Scroll through our gallery above for cybersecurity M&A highlights from the second quarter.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like