Feb 24, 2022

The AI Market Ignites Cybersecurity Activity

Faced with ever-evolving cyber threats, Cybersecurity market participants have been among the early adopters of artificial intelligence (AI) technology to enhance detection and response times, filter false positives, and automate tasks amid the ongoing labor shortage. Without AI, traditional solutions are estimated to miss as many as 51% of advanced cyber-attacks, according to Cybersecurity Ventures.1

Given the enormous challenges posed by today’s cyber threats, combined with the severe talent shortages in an increasingly digitized world, AI offers promise as a tool that can increase labor productivity while automating threat detection and remediation to improve security success rates. Over the next several years, AI will become a ‘must have’ technology for industry leaders.

Tom McConnellManaging Director, Capstone Partners

Information technology (IT) leaders continued to demonstrate strong interest in AI in 2021. Notably, 48% of Chief Information Officers (CIOs) indicated that they have deployed, or plan to deploy AI technologies in the next 12 months, according to Gartner's November survey.2 However, 50% of those CIOs are unlikely to reach a level where AI is adding value before 2025. As shown below, once AI becomes a center of focus and operators seek to implement it on the organizational level, it typically takes three to five years to experiment with the technology's use cases and optimize it to be fully operational. As many cybersecurity providers have reached this operational maturity stage, or beyond, the sector accounted for 26% of global AI revenue in 2021 ($13.4 billion), which is forecasted to increase to 28.2% of sales by 2026, according to Markets and Markets.3

AI definitions are commonly synonymous with automation and, as a result, fail to clearly depict the opportunities AI can afford cybersecurity professionals. While automation software operates without human interaction, it runs based on instructions. AI systems are differentiated through the emulation of human performance, learning from past experiences to support decisions and execute an action. The development of cybersecurity AI systems has taken place in the private sector and top research institutions, including the Massachusetts Institute of Technology's (MIT) Lincoln Laboratory. MIT's AI algorithms were initially conceived to achieve world-leading performance in automatic speech, language, and speaker recognition, according to the organization's website.4 In 2018, the application of MIT's systems shifted and are now utilized for advanced detection competencies. Specifically, the U.S. Department of Defense (DOD) and law enforcement agencies integrated MIT's AI to identify illicit activity on public domains and the dark web, demonstrating the early adoption of operational AI in federal cybersecurity initiatives.

In the private sector, cybersecurity companies that are rooted in machine learning with AI capabilities are experiencing heightened demand as enterprises require advanced solutions. ExtraHop Networks, founded in 2007, is demonstrating this with its Reveal(x) 360 solution, a machine learning- and AI-enabled network detection and response (NDR) offering that can assist cybersecurity teams in stopping breaches 84% faster, according to the company's website.5 Implemented by corporations across industries including ULTA Beauty (Nasdaq:ULTA), The Home Depot (NYSE:HD), and Seattle Children's Hospital, ExtraHop deploys sensors in local data centers, clouds, and remote sites to decrypt network data and extract records which are automatically sent to Reveal(x) for behavioral analysis, real-time threat detection, and investigation. ExtraHop's AI capabilities have positioned them as a leading NDR provider, and as such, the company was acquired by Bain Capital and Crosspoint Capital Partners in July for an enterprise value of $900 million, equivalent to 9.9x revenue.

It is hard to conceive a more receptive environment for the application of true machine learning than cybersecurity. The combination of shapeshifting threat identifiers embedded within high volume data sets traveling over distributed, hybrid networks necessitate detection and response capabilities that match efficiency with scale, and can evolve in real-time to meet developing threats. Ultimately, this can only mean widespread deployment of AI-based models.

David BrinkleyManaging Director, Capstone Partners

M&A Volume in Cybersecurity Market Sets Record High, AI-enabled Providers Attract Strong Buyer Interest

The Cybersecurity merger and acquisition (M&A) market is witnessing more deals at higher valuations than ever before. In 2021, 410 transactions were announced or completed, outpacing 2020 levels by 21% and amounting to a record $85.6 billion in disclosed deal value. Sitting at the intersection of many growing technology sectors, the acceleration of digital consumer solutions and enterprise digitization strategies amid COVID-19 catapulted demand in the Cybersecurity sector, providing a favorable backdrop for M&A. Businesses that initially only needed to protect their centralized information assets required extended coverage to safeguard dispersed endpoints as employees worked remotely, resulting in competitive bids for quality assets and driving the average EBITDA purchase multiple to 12.3x in 2021 from 8.8x in 2020. Valuations in the Cybersecurity sector also outperformed the broader Aerospace, Defense, Government & Security (ADGS) industry, which generated an average EBITDA purchase multiple of 11.8x in 2021.

Strategic buyers continued to lead the M&A market, accounting for 63% of deals in 2021 as sector leaders scaled operations to meet demand, defending against some of the most complex, organized hacks deployed to-date. Notably, ~$400 billion in benefit claims paid by the government have been transferred improperly or stolen by foreign crime syndicates, according to Capstone's Government IT Services article. Private equity (PE) has also been active in the sector, with add-on deals comprising 29% of transactions in 2021, as PE firms rolled up advanced, interoperable systems to bolster platform investments. Although AI has been in the early development stages for many sectors, AI-enabled cybersecurity businesses have attracted strong strategic and PE buyer interest given the long-term, proven application of the technology and forecasted growth relative to other sectors. Select transactions are outlined below, including recent Capstone-advised deals.

  • Capstone Partners Advises Covail on Its Sale to GoSecure (January 2022) - Headquartered in Columbus, Ohio, Covail was founded in 2015 with investments from seven of the largest companies in Central Ohio to provide collaborative solutions to common AI and cybersecurity challenges facing their respective businesses, as well as other customers. Covail’s experts in AI, automation, cybersecurity, and risk management work with enterprises to help create intelligent operations that are more secure, automated, and data-driven through professional services and proprietary technologies in risk management and machine learning-based cybersecurity attack detection. Covail turned to Capstone Partners to advise the Company on its strategic options. Given Covail’s unique investor base, Capstone quickly realized that partnering with the Special Situations Investment Banking (SSIB) group would ensure that it achieved the client’s strategic objectives, including sustaining a commitment to expand operations in the Columbus, Ohio, region; preserving and expanding opportunities for Covail employees; securing a strong ideological and cultural fit; and maximizing shareholder value.
  • Capstone Partners Advises Cygilant on Its Acquisition by SilverSky (January 2022) - Capstone advised Cygilant, a portfolio company of Arrowroot Capital, on its sale to SilverSky in January. Terms of the deal are confidential. Cygilant is a managed security services provider (MSSP) offering Cybersecurity-as-a-Service and threat intelligence capabilities. The acquisition expands SilverSky's global footprint and increases access to the highly regulated European markets. "Capstone’s cybersecurity market knowledge and board-level relationships enabled us to effectively and efficiently find a great fit with SilverSky. We are excited about the synergies between the two companies and look forward to collaboration with the SilverSky team to build a global leader in managed security services," said Rob Scott, CEO of Cygilant, in Capstone's press release.
  • Capstone Partners Advises Bricata on Its Sale to an Undisclosed Strategic Buyer (December 2021) - In December, Capstone advised Bricata, a developer of network security and data protection solutions, on its sale to an undisclosed strategic buyer. Terms of the deal are confidential. Bricata offers NDR solutions to analyze network traffic through machine learning. Bricata’s NDR technology delivers complete network visibility, eliminating blind spots and enabling users to intelligently capture and analyze network data for enterprise and government clients. "Capstone was insightful in capturing and communicating to potential buyers the key underlying value drivers in the business and technology. The team was diligent and tenacious in running a process to identify the best strategic fits and unlock value for shareholders," said John Trauth, CEO of Bricata, in Capstone's press release.
  • SecureAuth acquires Acceptto (November 2021, Undisclosed) - In November, SecureAuth, a leader in next generation identity and access management acquired Acceptto for an undisclosed sum. Acceptto develops a passwordless authentication and behavioral modeling platform, detecting if a user is a threat before, during, and post authorization. Acceptto's AI-driven continuous authentication bolsters SecureAuth's initiative to be the preferred choice for user-friendly passwordless login and supports clients' hybrid workforce, digital engagement, and move to the cloud and Zero-Trust networks. "As an industry, we still have a long way ahead of us to deliver fully AI-based authentication policies that are not overly complex and inflexible. But all leading enterprises are asking us today to deliver intuitive high-fidelity authentication journeys to meet their present compliance and security requirements," Ravi Khatod, CEO & Executive Chairman of SecureAuth, stated in a press release.6
  • Clavister acquires Omen Technologies (October 2021, $1.8 Million) - Clavister (OM:CLAV), a Sweden-based managed services and cybersecurity software provider, acquired Omen Technologies in October for an enterprise value of $1.8 million. Omen develops an AI-based cybersecurity analysis platform delivering fault detection, intrusion detection, predictive maintenance, and system validation. The deal will see the entirety of Omen's business and personnel transferred to Clavister, strengthening Clavister's workforce and enabling the company to identify significant upsell opportunities for its software and services. The acquisition reflects public companies' preference to buy a built-out AI system rather than build internally, and that smaller players can attract buyer interest. "Given the market trends in cybersecurity, AI has been a high priority capability on the Clavister development roadmap. Not only is the acquisition of Omen a cost-effective way of gaining this capability, it also accelerates time to market with the potential of several meaningful revenue-generating accounts live in 2022," John Vestber, CEO of Clavister, said in a press release.7
  • Charlesbank Capital Partners-backed HelpSystems acquires PhishLabs (October 2021, Undisclosed) - In October, Charlesbank Capital-backed HelpSystems acquired PhishLabs for an undisclosed sum. PhishLabs provides curated intelligence and mitigation services for open web, social media, and advanced business email threats. The company also develops a machine learning- and AI-enabled digital risk protection platform, aggregating data from various endpoints and social media accounts and automatically executing anti-evasion techniques to detect hidden, malicious content. The acquisition demonstrates PE's appetite for buy-and-build strategies in the space, with HelpSystems' IT management software bolstered by PhishLabs' AI-enhanced security through the provision of threat detection and response for its customers' digital assets.

Venture Capital Firms Focus on Larger, Sector-Specific Investments

Capital invested in the Cybersecurity sector by venture capital (VC) firms has reached a record high in 2021, amounting to $29.1 billion compared to $10.7 billion in 2020. The number of venture capital deals in 2021 increased by 68% year-over-year (YOY), with many VC's participating in multiple financing rounds to deploy significant late-stage investments to niche startups, scaling operations for a maximum return on investment upon an exit via public listing or acquisition. As outlined below, AI-enabled providers have been among the top businesses to receive funding of this caliber.

  • Nozomi Networks Raises $100 Million in Series D Funding (December 2021) - Nozomi Networks, a developer of an AI-driven cybersecurity platform for operational technology and Internet of Things threat detection, raised $100 million in a series D funding round led by Triangle Peak Partners. Nozomi's post-money valuation reached $500 million, following a 110% increase in annual recurring revenue in 2021, according to a press release.8 Nozomi will use the funding to accelerate its go-to-market approach on a global scale, protecting clients against rising ransomware attacks.
  • Lacework Secures $1.3 Billion in Series D Funding (November 2021) - In November, Lacework raised $1.3 billion in series D funding for a post-money valuation of $8.3 billion. The round was led by existing investors Sutter Hill Ventures and Altimeter Capital, demonstrating VC's appetite for participating in multiple funding rounds for quality assets. Lacework's application of AI and machine learning identifies anomalies in the cloud, enabling the automation of its data-driven cybersecurity platform. Lacework will use the funding to extend its lead in the Cloud Security market by fueling product innovation and pursuing additional strategic acquisitions.
  • Socure Raises $450 Million in Series E Funding (November 2021) - Socure raised $450 million in series E funding in November to generate a post-money valuation of $4.5 billion. Led by Accel and T. Rowe Price, the round marks Socure's third capital raise in the past two years. The funding will be utilized to rapidly scale Socure's AI-enabled identity management and protection platform, which serves leading financial technology and online gambling clients including SoFi (Nasdaq:SOFI), Chime, and DraftKings (Nasdaq:DKNG).


  1. Cybersecurity Ventures, "Don't Get Obfuscated: Use AI To Stop Attacks," https://cybersecurityventures.com/dont-get-obfuscated-use-ai-to-stop-attacks/, accessed December 1, 2021.
  2. Gartner, "Market Growth Will Accelerate as Organizations Progress their AI Maturity," https://www.gartner.com/en/newsroom/press-releases/2021-11-22-gartner-forecasts-worldwide-artificial-intelligence-software-market-to-reach-62-billion-in-2022, accessed December 1, 2021.
  3. Markets and Markets, "Artificial Intelligence in Cybersecurity Market," https://www.marketsandmarkets.com/Market-Reports/artificial-intelligence-security-market-220634996.html, accessed December 3, 2021.
  4. Lincoln Laboratory Massachusetts Institute of Technology, "Artificial Intelligence Technology and Systems," https://www.ll.mit.edu/r-d/cyber-security-and-information-sciences/artificial-intelligence-technology-and-systems, accessed December 3, 2021.
  5. ExtraHop, "Leave Attackers Nowhere to Hide," https://www.extrahop.com/, accessed December 4, 2021.
  6. SecureAuth, "SecureAuth Acquires Acceptto to Redefine AI…," https://www.secureauth.com/blog/acquisition-of-contextual-behavioral-threat-intelligence-technology-transitions-secureauth-into-a-leader-in-high-assurance-low-friction-authentication/, accessed December 5, 2021.
  7. Clavister, "Clavister Completes Acquisition of Cybersecurity AI Specialist Omen Technologies," https://www.clavister.com/clavister-acquisition-cybersecurity-ai-specialist-omen-technologies/, accessed December 5, 2021.
  8. Nozomi Networks, "Nozomi Networks Secures $100 Million Investment…," https://www.nozominetworks.com/press-release/nozomi-networks-secures-100-million-investment-from-global-ecosystem-of-customers-and-technology-partners/, accessed December 7, 2021.

Related Transactions

Insights for Middle Market Leaders

Receive email updates with our proprietary data, reports, and insights as they’re published for the industries that matter to you most.