Global Cybersecurity M&A: Adapting to a Volatile and Unpredictable 2022

Using data and insights provided by Pitchbook, SS&C Intralinks’ Global Cybersecurity M&A report focuses on the increasingly vital cybersecurity market and what mergers and acquisitions (M&A) dealmaking activity we can expect in this space over the next 12 months.

The cybersecurity industry has been radically transformed by the upheaval of the last two years. Given some of the numbers coming out, one might expect to see huge cybersecurity deals on the horizon with venture capital (VC) funding flooding the sector and more established upstarts snatched up by established players at high valuations. While that is certainly part of the picture, there are more factors in play, and according to the report — it won’t be quite that simple.

Multiple factors are converging in 2022 to dramatically reshape cybersecurity. The industry was already in a period of accelerated activity before COVID-19 shook the world as we know it. The median deal size grew from USD 30 million in 2018 to USD 50 million in 2021, an increase of more than 66 percent after a two-year plateau from 2016 to 2018.

Now global uncertainty, driven primarily by Russia’s invasion of Ukraine and NATO’s defensive circling of the wagons, has increased the need for newly fortified security systems. Cyberwarfare strategies are at play most everywhere and at the same time, more digital vulnerabilities have been exposed than ever before. The COVID-19 pandemic resulted in the rushed implementation of largely unvetted digital technologies that pushed more sensitive (and valuable) business activity online — creating ripe targets for bad actors.

These pressures have been a catalyst for rapid growth and activity in the sector. Total deal value in Q1 2022 amounted to USD 15.3 billion, a 34.6 percent increase over the same period in 2021. Strikingly, it also represented a 155.2 percent quarter-over-quarter jump from Q4 2021.

Big deals in play

In March, McAfee went to industry investors Advent International and Permira at a USD 14 billion sale price. In one of the biggest deals in the company’s history, Alphabet has announced that it plans to acquire Mandiant this year for USD 5.4 billion. Thoma Bravo is in the process of acquiring SailPoint Technologies for USD 6.9 billion.

But even in the face of these juggernaut deals, rising interest rates and inflation threats are cooling VC capital as a whole, or at least, initiating changes in strategy. As the IPO market has slowed to a crawl in 2022, investors are acting more cautiously, firmly entrenched and thinking longer term. While public listings drove the majority of exit value over the past three years, buyouts may now factor more prominently instead. Venture-backed cybersecurity acquisitions grew by nearly 60 percent between 2020 and 2021 and may continue to dictate exit values in the coming years.

Regional perspectives

Shifts in approach will depend largely on geography. North America has historically seen the most deal activity in cybersecurity, and that leadership is likely to continue. However, Europe holds the number-two global ranking in cybersecurity M&As, and activity there is poised to explode. Russia's invasion of Ukraine has prompted security teams across the continent to build stronger bulwarks against cyberattacks, and the European Union has committed to EUR 1.6 billion in cybersecurity investments by 2027, spread across its member states.

The prospects for Asia, in contrast, are much more difficult to predict. Historically, M&A activity in Asia has been highly variable, with 2022 showing minimal activity so far. While activity so far in 2022 has been sparse, it should be monitored closely given recent geopolitical concerns.

The pandemic-fueled digitization of business dealings, coupled with increased geopolitical strife and conflict, has made the need for cybersecurity technology even greater in 2022, thus potentially ramping up M&A activity in the sector. However, additional factors like inflation, a potential recession and continental alliances may accelerate or throttle dealmaking in unpredictable ways. To be better prepared for what’s to come, read the full Global Cybersecurity M&A report found here.