The COVID-19 crisis has impacted almost every economic sector, affecting millions of jobs and livelihoods of people employed in that industry. With respect to business continuity, organizations around the world had to make a rapid shift to work-from-home (WFH) model – a move that has become the “new normal” for global businesses and enterprises. However, to be clear, while many companies have positively embraced the idea of remote working, security has been a major issue since the WFH model was introduced. Consequently, there is one industry that faced very little impact due to the pandemic and i.e., the global cybersecurity industry. Before we move on to understanding the impact of Covid-19 on cybersecurity mergers and acquisitions (M&A), it’s important to understand why cybersecurity is now more important than ever.
The Importance of Cybersecurity in the Era of Covid 19
Prior to this pandemic, businesses relied heavily on traditional physical communications. Face-to-face meetings, chats over coffee, and business conferences all formed an important part of the corporate culture. The full sales cycle, from lead generation to closing the deal, was easier as there were physical interactions between parties. It was easier for the in-house IT team as well to manage the interactions of those few field employees working remotely. The current situation, however, has made it challenging for organizations to support remote workers on such a large scale, exposing both the workers and the organizations to a range of cybersecurity risks. Moreover, in an all-virtual environment, managing customer relationships is another big challenge. More robust cybersecurity measures, therefore, need to be adopted to allow for the safe transmission of sensitive data back and forth between all parties, including buyers, brokers, acquirers, and regulators, and to facilitate negotiations and due diligence in a virtual world.
In light of these extraordinary times, where cybersecurity is a priority of all businesses, some companies have taken an opportunistic approach to accelerate their economic recovery and fuel their growth with cybersecurity mergers and acquisitions.
Cybersecurity M&A Deal Volume in 2020
The year 2020 was difficult for the mergers and acquisitions industry as well. The global M&A market slowed down during the pandemic as organizations were adjusting to changing market conditions. According to the World Investment Report 2020, when the COVID-19 crisis was announced in April 2020, the global volume of M&A deals experienced a drop of more than 50% from March and more than 40% from the monthly average in 2019. In total, the value of global M&A deals in 2020 amounted to US$2.8 trillion, a sharp decline from US$3.4 trillion in the previous year. Some deals were even abandoned as they were no longer feasible or desirable due to pandemic-related factors. While the M&A deals slowed down significantly, it never came to a complete halt. There were some notable M&A transactions that made headlines during the pandemic as well.
Especially, mergers and acquisitions in the cybersecurity space showed a decent momentum as the changing business situations called for an intense need to quickly adapt to the “new normal”. For example, on April 21, 2020, Palo Alto Networks acquired CloudGenix, cloud-delivered SD-WAN provider, in order to strengthen its comprehensive secure access service edge (SASE) platform. The same month, Accenture acquired Symantec’s Cyber Security Services business from Broadcom Inc. in an effort to add to its ability to help organizations foresee, detect, and respond to cyber vulnerabilities. On Sep 1, 2020, private equity firm Symphony Technology Group (STG) acquired RSA, a network security company, from Dell Technologies, allowing RSS to gain new status as an independent company dedicated to helping organizations manage cybersecurity risks.
According to a Capstone Partners report, despite as lowdown in the broader M&A markets, cybersecurity merger and acquisition (M&A) activity in 2020 outperformed all other industries, with deals volume increasing 33% year-over-year.
Cybersecurity M&A Deal Volume in 2021
Although the situation is gradually getting back to normal, many companies are still working in an all-virtual environment. And many key industry players are planning to adopt a hybrid virtual model – a combination of remote and on-site working. In both situations, the effective use of new and creative collaborative tools, technologies and techniques, without compromising privacy and security, has become more critical than ever. In response to this need, there is a group of companies that have seen cybersecurity-related M&A as an opportunity to stimulate their growth in a slowing economy and solidify their position in the market. This is evident from the fact that following the 2020 decline, cybersecurity mergers and acquisitions again started to heat up at the beginning of 2021.
In March alone, more than 40 acquisitions took place and nearly 40 cybersecurity M&A deals were announced in July 2021. In many cases, the goal of the acquisition was to strengthen its footprint in the market. For example, Sophos acquiredCapsule8, a market leader of runtime visibility, detection and response for Linux production servers and containers, to expand its own portfolio of detection and response solutions for under-protected server and cloud environments. SIEM and cloud monitoring vendor Sumo Logic’s acquisition of DFLabsadds to its security orchestration, automation, and response (SOAR) capabilities.
In 2021, many companies have made - and are still making - conscious efforts to use mergers and acquisitions to quickly supplement their existing security solutions. Especially, larger tech players, such as Palo Alto Networks, Deloitte, VMWare, Microsoft, Ivanti, and Accenture have emerged as serial acquirers. This shows the cautious optimism of companies towards cybersecurity M&A, even in times of uncertainty.
The Conclusion
The COVID-19pandemic certainly had a huge impact on businesses, with thousands of companies have permanently closed their doors or cut back their operations significantly in response to falling customer demand, and millions of workers have been laid off or put on furlough. Despite this, the cybersecurity M&A industry has been able to recover in a very short period time, which is quite impressive. With subsequent waves of COVID-19 still impacting countries in varying magnitudes, it would be interesting to see how different companies try to stay competitive using cybersecurity M&A as a business growth strategy.