The cybersecurity sector is proving recession-proof and remains a vital growth area with strong merger & acquisition and fundraising activity, according to research by Bristol-based tech-focused investment bank ICON Corporate Finance.
Its latest Cybersecurity report shows deal activity in the sector was up by 60% between January and September this year compared to the same period in 2020 while fundraising rose by 22%.
As a result, it looks set to defy the current troubling macroeconomic headwinds.
The report is the latest in a series by ICON. The firm, which also has offices in London and San Francisco, has closed more than 250 deals since its launch in 1999 and boasts a global network of relationships alongside deep tech industry expertise.
Recent ICON deals include advising on the acquisition of ForePaaS by OVHCloud, the European leader in cloud computing; securing growth funding for global software company TimeXTender from growth equity investor Monterro; and acting for Cloud Direct on its strategic investment from Crayon Group.
ICON said the merger & acquisition (M&A) and fundraising deal activity highlighted in the report was due to enterprises recognising that they must continue to invest in cyber defences to protect against an increasingly sophisticated threat landscape and as a result of significant geopolitical and economic uncertainty.
The report reveals that 353 cybersecurity M&A deals were recorded in the first three quarters of this year with a total value of $125bn. As a result, the sector is on track to surpass pre-Covid levels.
Vendor platform consolidation, largely backed by private equity, is a major driver behind this sustained deal activity, while fundraising activity remained in line with long-term trends – $15.4bn of venture capital money was invested in the sector globally across 572 deals in the nine months to September.
The report also shows that after an 18-month bull run, public cybersecurity stocks have reset at lower levels but continue trading at a significant premium compared to the broader tech market.
The main valuation driver is growth, with the top quartile is trading at 8.6x revenues, with growth at plus 34.4% 21-22E (3.6x revenues, and +6.1% growth, respectively, for the bottom quartile).
ICON predicts that consolidation will continue at pace as trade and private equity acquirers are ready to capitalise on the extraordinary market opportunity
Protecting mission-critical data, applications and infrastructure remains a board-level investment priority for public and private organisations.
The report highlights that from 2020 to 2022, average data breach costs surged 13% to $4.35m. Financial institutions became a particular target, with malware attacks doubling in the first half of this year and ransomware attacks increasing by 243% against financial targets.
Report author, ICON corporate finance director Florian Depner, said the report asked the key question: Is the cybersecurity sector and related deal activity recession-proof?
“The answer, in short, is a strong yes,” he said. “Enterprises recognise that they must continue hardening their security defences to keep above water in the arms race between good and bad.
“Cybersecurity is mission critical and companies have no choice but to keep investing given the uplift in malicious activity, and state backed attacks.
“Consequently, capital will continue to flow into the sector, which in turn spurs M&A and fundraising activity.”
He said ICON believed that cybersecurity deal activity, both in the US and Europe, would be fuelled by private equity, providing a more attractive exit alternative to existing shareholders than the IPO (initial public offering) route, as demonstrated by KKR’s acquisition of diversified enterprise security specialist Barracuda for $3.9bn in April.
“We also anticipate that private equity will continue injecting much-needed growth fuel into later-stage scale-up companies; a trend demonstrated by the BlackRock-backed $250m investment in Swiss-based storage management and personal backup services provider Acronis,” he added.
“These factors, combined with private equity backing buy-and-build strategies and vendor platform consolidation – and the fact that the three-year cyber security index for public sector stocks rose 61.5%, while NASDAQ rose just 35.5% - makes cybersecurity players undeniably desirable. That’s creating a buoyant market for cybersecurity deals and investment.”