Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals

Cisco's massive $28 billion acquisition of Splunk in September was the financial highlight of a quarter during which several other vendors also made strategic purchases to position themselves for emerging enterprise requirements around cloud, application, and identity security.

The acquisitions added to a better-than-expected quarter ended Sept. 30, 2023, with venture funding also picking up steam after a slowdown earlier this year following the collapse of Silicon Valley Bank. IPO activity showed early signs of a revival for the first time since late 2021 and provided further evidence of the resilience of the sector against economic conditions that have roiled other verticals.

The most active security segments included services; consulting; application governance, risk, and compliance (GRC); security operations; and identity and access management.

Reasonable Valuations Drive Acquisition Interest

The third quarter's M&A activity continued a gradual consolidation of the security industry as big players got bigger through acquisitions and smaller players looked for opportunities to make profitable exits.

"It appears to have been quite an active quarter, even without Cisco's $28 billion acquisition of Splunk, and there are some good reasons for this," says Rik Turner, an analyst at Omdia. With IPO activity still not fully revived, some venture capital firms are looking for quicker exits, resulting in a lot of cybersecurity companies being available at reasonable prices. "That’s why there are currently stories circulating about the likes of Dig and Talon being in negotiation to be acquired by Palo Alto [Networks], for instance. Even SentinelOne — which is currently public — is also said to be on the hunt for an acquirer," Turner says.

Cisco's purchase of Splunk positioned the company as one of the industry's foremost players in the next-generation SIEM market, a cloud and analytics-driven alternative to traditional security information and event management technologies.

The Splunk acquisition — Cisco's largest ever — was one of more than several the company has made this year to insert itself into multiple hot cybersecurity segments. Others include identity management vendor Oort, AI/ML software vendor Armorblox, network performance monitoring vendor Accedian, and cloud security vendors Lightspin and Valtix.

A Gradual Reshaping of the Industry

Cisco was not alone in its attempts this quarter to buy its way into lucrative and emerging security segments. The most prominent among them included CrowdStrike's purchase of application security posture management vendor Bionic for a reported $350 million; Check Point's $490 million deal for secure remote access vendor Perimeter 81; Thales' $3.6 billion acquisition of Imperva in July, and Tenable's $265 million cash and restricted stock purchase of cloud-native application protection platform vendor Ermetic.

"Strategic technology buyers are actively looking to round up their offerings by acquiring innovative solutions and teams with the subject matter expertise that will help them stay relevant and competitive in emerging market segments," says Alberto Yépez, managing director of Forgepoint Capital. "Sponsors are also actively looking for acquisitions that will help them add capabilities to the platform companies they own in order to expand their addressable market and increase their rate of growth."

Yépez identified the managed security services market as a segment that garnered considerable interest from acquirers last quarter — and through the year in general. Much of the activity was in response to growing demand for security services from companies that were either struggling to find professionals or were looking to outsource security functions.

"We expect more activity in this segment in the next four to six quarters. It is primed for consolidation," Yépez says. M&A activity so far this year suggests that cloud security and compliance are sectors with lots of potential for consolidation, given how overcrowded the segments are with emerging companies, he adds.

Momentum Cyber recorded a total of 63 M&A deals in the third quarter with a total value of $34.9 billion. Of those, eight involved transactions of $100 million or more.

"While the majority of 2023 has centered around continued headwinds in a difficult market, strategic activity did see an uptick in deal volume across both M&A and financing toward the back half of the third quarter," Momentum analyst John Gould says. Momentum anticipates the trend will continue into 2024. "Strategic investors are becoming more opportunistic in M&A markets, as evidenced by a number of key deals this past quarter," Gould says.

Investment Activity Showed Signs of a Rebound

Increased VC activity in the third quarter also suggested that investors have finally put behind them the disruption caused by Silicon Valley Bank's spectacular collapse in March.

All signs point to total venture funding in cybersecurity hitting $10 billion in 2023, matching the record-setting year of 2020, says Richard Stiennon, chief research analyst at IT-Harvest. That total is less than half of the all-time record of $24 billion in 2021, he says. But "considering the failure of Silicon Valley Bank early in the year and the devastating impact that had on VCs, investments are not too shabby," Stiennon says.

IT-Harvest's data showed there was some $7.5 billion invested through the end of September in the cybersecurity sector, with the GRC segment once again attracting the most investments, at $1.6 billion. At the other end of the spectrum was the API security segment with just four investments totaling just $15.9 million so far this year, and email security with only $12.2 million in investor funding.

Investment activity in the third quarter included some big rounds, such as the $238 million that Cato Networks raised in equity investment in September. The financing round valued Cato at $3 billion and brought to $773 million in total that the secure access service edge technology provider has raised so far. Cato is one of several companies in the third quarter that hinted at going public in the near term, Stiennon says. "There are signs of life on Wall Street with companies like Palo Alto Networks, CrowdStrike, and Zscaler up 63% to 95% from their lows on Jan. 6," he notes.

Other major investments that Momentum tracked in the third-quarter included OneTrust's $150 million in July, SpyCloud's $110 million growth round in August, Resilience's $100 million Series D round, and Nord Security's $100 million in September.

"IPO rumors are also heating up for the first time in a while going into 2024," Gould says. "Later-stage security startups, including Cato Networks and Rubrik, have been rumored to be considering going public next year as the market looks to rebound from a dead period in traditional IPO activity since late 2021," he says.