Meaningful Uptick in Exit Activity Expected to Drive Active Cybersecurity M&A Market Through 2024
Cybersecurity merger and acquisition (M&A) activity is expected to pick up in the latter half of 2023 and into 2024, as a wave of sellers who have been sitting on the sidelines come to market. After a dearth of venture capital (VC) exits in 2022, a meaningful uptick in exit activity should buoy M&A volume in the Cybersecurity sector going forward. After a strong year for VC-led fundraising in 2022, many early-stage cybersecurity businesses experienced liquidity challenges amidst the Q1 2023 Silicon Valley Bank (SVB) collapse and overall pullback in early-stage equity fundings. In turn, well-capitalized strategic buyers and private equity firms have spearheaded a flight to quality in the sector, seeking targets which combine strong technology platforms with excellent financial performance. Additionally, a non-existent initial public offering (IPO) market in Q1 2023 has prompted VC-backed companies in the space to view M&A as a primary exit strategy. Strategic buyers are expected to pursue cybersecurity targets with innovative, value-added technology, as the dangers presented by global cybercrime have fueled sector demand. Appetite for new protective technology has also prompted corporate Chief Technology Officers (CTOs) to invest heavily in comprehensive and extended detection and response (XDR) solutions, providing value to companies with one-stop-shop business models. Despite uncertainty in the Growth Financing space and in the broader U.S. economy, these factors contribute to our expectation for heightened strong Cybersecurity sector M&A activity in the second half of 2023 and into 2024.
Fundamental changes in the cybersecurity ecosystem including end-user preference for comprehensive solutions, early stage equity investor caution, lender conservatism, and insatiable corporate acquirer appetites for quality assets, create a combustible mix of factors that set the stage for a significant uptick in cybersecurity M&A activity over the next 6-12 months.
Cybersecurity Demand Grows Amid Geopolitical Instability and Financial Damages
Corporate vulnerability and geopolitical tensions have driven persistent demand for new protective technology. Concerns over financial losses are positioned to bolster the growth of the sector, as global cybercrime damages are projected to total $8 trillion in 2023 and reach $10.5 trillion by 2025, according to Cybersecurity Ventures.1 Network protection deficiencies have remained a key sector issue, with at least one open source vulnerability found in 84% of codebases across 17 industries, according to a 2023 Open Source Security and Risk Analysis Report from Synopsys.2 This is particularly important as most software applications are built on open source code, heightening the threat potential for businesses of all sizes. Geopolitical instability, highlighted by the war in Ukraine, has also exposed the desperate need for cybersecurity services. In 2022, state affiliated Russian hackers increased their cyberattack efforts on users in Ukraine by 250% compared to 2020, according to Google’s Threat Analysis Group.3 Russia also increased its cyberattacks on users in NATO (North Atlantic Treaty Organization) countries by over 300% in the same period. With the prevalence of cybercrime and magnitude of monetary damages rising, demand for comprehensive cybersecurity solutions has remained robust.
Banking Crisis Presents Backlog of M&A Opportunities
The SVB collapse has slowed VC investment in the sector and has heightened the risk of bankruptcy for select companies. Strategic buyers have filled the financing gap through acquisitions of businesses with strong balance sheets and a focus on profitability. Acquisitions of VC-backed companies across all industries fell to the lowest quarterly level in a decade, dropping 44.3% year-over-year (YOY) in Q1 2023, according to PitchBook.4 Additionally, a challenging IPO market has negatively affected broader VC exit activity, resulting in a 90.5% YOY decrease in annual exit value in 2022. VC firms exited only nine cybersecurity companies in Q1 2023, compared to 33 in Q1 2022. However, strategic M&A has remained the top exit strategy since 2021, accounting for all of Q1 2023 exits. Despite a drop in overall exits, total capital raised by venture funds reached $162.6 billion in 2022, surpassing 2021 and setting the record for annual fundraising.
Early and later-stage companies with value-added technology but growing financial instability are expected to pursue M&A to extend the longevity and survival of the business. The combination of a dormant IPO market and record amounts of fundraising points to a substantial backlog of VC firms pursuing portfolio exits through strategic M&A. In a recent example, Rapid7 (Nasdaq:RAPD) acquired VC-backed endpoint security provider Minerva Labs, in March for $38 million in cash and stock. Minerva Labs first received seed funding from VC firm Stage One Ventures in July 2015, and later received $7.5 million in Series A funding in June 2017 led by Amplify Partners, with participation from Webb Investment Network, and Stage One Ventures. "It takes a lot of money to break into the Cyber market and in today's global economic environment it is not an easy task. Our focus was strategic investment from cyber companies that have a significant market hold. Cyber companies know how to value technology, so the talks also progressed to the level of examining the technology and various integration options," Minerva Co-Founder and CEO Eddy Bobritsky told CTech in an interview.5
Cybersecurity M&A Moderates Year-to-Date After Historic 2022
Cybersecurity M&A transaction volume in year-to-date (YTD) 2023 has fallen significantly from 2022, with 93 transactions announced or completed. M&A valuations in the sector have also fallen in YTD 2023 to an average of 8.5x EV/EBITDA, compared to 9.9x EV/EBITDA in YTD 2022. Deal volume has moderated in YTD 2023, keeping pace with YTD 2021 and outpacing YTD 2020. As large strategics continue to update their cybersecurity platforms with new technologies, the current macroeconomic and microeconomic environments have opened a window of opportunity for sector players to consider a sale to a well-capitalized acquirer. Buyers have exhibited increased selectivity in acquisition pursuits, focusing on high-quality targets with healthy growth and profitability. Notably, the percentage of high-quality M&A targets in the middle market reached 68% in 2022, categorized as companies with trailing twelve months (TTM) EBITDA margins and revenue growth rates both above 12%, according to GF Data.6 This marks an increase from 64% in 2021 and 54% in 2020. Strategic buyers have dominated Cybersecurity M&A volume in YTD 2023 accounting for 65.6% of deals, with private strategic buyers comprising 39.8%. Additionally, private equity buyers have committed to shoring up the cybersecurity ecosystem by pursuing add-on acquisitions, with 25 add-ons announced or completed YTD (27.0% of total deals). Private equity firms are expected to utilize add-on transactions with reduced amounts of leverage until the U.S. Federal Reserve settles on its terminal interest rate.
After a sustained period of accommodating capital markets for cybersecurity firms at virtually all stages of development, the darkening economic environment is evidenced by new discipline exercised by debt and equity providers and strategic acquirers alike. The table is now set for an M&A market that prioritizes high quality companies with differentiated technologies coupled with a track record of financial performance. Some seeking transactions will find leverage shifted to the buyer pool.
Capstone-Advised Acquisition Highlights Attractive Buy-Side Opportunities
The backlog of VC portfolio exits presents an opportunity for buyers to capitalize on businesses with value-added technology looking for a sale event. Capstone has significant expertise with buy-side engagements, advising five middle market buy-side transactions in 2022. Capstone's Aerospace, Defense, Government, & Security Industry Group advised INSA Corp. on its acquisition of network security solutions provider, Integra Data Systems, in April 2023. Terms of the transaction are confidential. Integra specializes in the design, build, and support of enterprise information technology (IT) networks in the Greater Toronto area. The acquisition is expected to increase the geographic coverage and customer base of both companies. "We are very bullish on the Cybersecurity industry and opportunities. This acquisition allows us to better serve our client's needs," said INSA CEO Mario Bruteka, in the press release. INSA works with public sector client networks in Canada, positioning both parties to take advantage of the $1.75 trillion that is projected to be spent on cybersecurity between 2022 and 2025, according to Cybersecurity Ventures.7
Capstone Partners provided invaluable assistance, advice, and experience in structuring the deal, working the deal with the seller, and closing the deal with INSA accounting and legal teams. Without Capstone, the deal might not have come to fruition, and surely would not have closed with the same high level of satisfaction of both the buyer and the seller. Capstone was always available, not only providing expertise but also keeping both sides engaged and moving forward.
XDR Tools Draw M&A Attention
XDR capabilities have been a major factor driving Cybersecurity sector demand. XDR platforms automate and centralize the detection and analysis of cybersecurity threats across an entire organization, operating as a consolidation of endpoint detection and response (EDR) and network traffic analysis (NTA). Enterprise businesses have needed XDR coverage due to the amount of vulnerable access points. The global XDR market was valued at $754.8 million in 2022 and is expected to grow at a compound annual rate of 20.7% between 2023 and 2030, according to Grand View Research.8 Buyers have continued to target firms that offer a one-stop-shop for cybersecurity solutions across the IT environment, especially as companies have migrated data storage to the cloud. Businesses with XDR offerings facing diminished growth capital options have increasingly turned to strategic M&A to bolster financial viability. Select XDR transactions are outlined below.
- XM Cyber Acquires Confluera (March 2023, Undisclosed)
Israel-based hybrid cloud security provider XM Cyber completed its acquisition of cloud-based XDR firm, Confluera in March for an undisclosed sum. Based in Palo Alto, California, Confluera offers a cloud extended detection and response (CxDR) platform that provides automated enterprise solutions and managed security solutions. The platform does not require specialized training, providing a cost effective and efficient detection and response solution to cyber threats. With the addition of Confluera's CxDR capabilities, XM Cyber is able to offer a comprehensive cloud native application protection platform, effectively creating a one-stop-shop for cloud security. "The technologies complement one another. They cover the prevention and detection aspects of security, with a common attack path modeling-based approach of unifying diverse visibility to identify multi-stage attack," said Confluera CTO, Abhijit Ghosh, in a press release.9
Confluera represents XM Cyber's second completed transaction since its acquisition by German retail conglomerate the Schwarz Group in November 2021 for an enterprise value of $700 million. In June 2022, XM Cyber acquired cybersecurity oversight provider, CyberObserver, for an undisclosed sum. CyberObserver was integrated into XM Cyber's Continuous Exposure Management platform in order to expand its Cloud Security Posture Management (CSPM) capabilities. XM Cyber is expected to continue to consolidate firms with specialized cybersecurity technology that can integrate directly into its cloud security platforms, adding valuable capabilities to its comprehensive offerings. "Integrating Confluera into our offering just made so much sense. Today, security teams are overwhelmed with an overwhelming amount of alerts and multiple security tools that they can't keep track of. They are demanding the consolidation of solutions that can accurately and holistically analyze risk and pinpoint high priority exposures to be remediated efficiently," said XM Cyber Co-Founder and CEO, Noam Erez, in the press release.
- Periscope Equity-Backed CyberMaxx Acquires CipherTechs (January 2023, $33 Million)
Tech-enabled cybersecurity services company CyberMaxx, completed its acquisition of one-stop-shop cybersecurity provider Cipher Techs, in January 2023 for an enterprise value of $33.0 million. Before the acquisition, CyberMaxx offered EDR services, NTA detection and prevention, and security information and event management (SIEM). The acquisition of CipherTechs enhances CyberMaxx's full suite of cybersecurity services including offensive security services, defensive security services, digital forensics/incident response, and governance, risk & compliance services. CipherTechs' XDR platform, a part of its defensive security services, offers three tiers of service including detection and response, detection and response with containment, and reporting and metrics. The company also offers XDR add-on services such as managed phish response, threat hunting, and forensics. The XDR service is comprehensive, and the acquisition allows CyberMaxx to evolve as a one-stop-shop service provider. Following the acquisition, CyberMaxx now offers MAXX MDR which has incorporated CipherTechs' XDR platform.
CyberMaxx received a platform investment from Periscope Equity in August 2021 for an undisclosed amount. Periscope targeted CyberMaxx for the company's history delivering cybersecurity solutions for the Healthcare IT end-market, and the partnership has allowed CyberMaxx to begin a geographical expansion. The acquisition of CipherTechs is Periscope's first add-on via CyberMaxx, and the private equity firm is expected to continue consolidating cybersecurity offerings through add-ons to bolster CyberMaxx's suite of security solutions. "Through product expansion, team development, and strategic acquisitions, we expect CyberMaxx to entrench further its position as the go-to provider for managed cybersecurity for the U.S. Healthcare industry," said Periscope Managing Partner, Steve Jarmel, in a press release.10
To discuss sector M&A activity, provide an update on your business, or learn about Capstone's wide range of advisory services and Cybersecurity sector knowledge, please contact us.
Cybercrime Magazine, "Cybercrime to Cost the World 8 Trillion Annually in 2023," https://cybersecurityventures.com/cybercrime-to-cost-the-world-8-trillion-annually-in-2023/, accessed April 14, 2023.
Synopsys, "2023 Open Source Security And Risk Analysis Report," https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html, accessed April 14, 2023.
Google Threat Analysis Group, "Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape," https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/, accessed April 14, 2023.
PitchBook, "PitchBook-NVCA Venture Monitor," https://pitchbook.com/news/reports/q4-2022-pitchbook-nvca-venture-monitor, accessed April 14, 2023.
Calcalist, "Rapid7 Acquiring Cybersecurity Startup Minerva Labs for $45 million," https://www.calcalistech.com/ctechnews/article/r1icb5je3, accessed April 27, 2023
GF Data, "February 2023 M&A Report," https://gfdata.com/,
accessed April 20, 2023.
Cybercrime Magazine, "Global Cybersecurity Spending to Exceed $1.75 Trillion From 2021-2025," https://cybersecurityventures.com/cybersecurity-spending-2021-2025/, accessed April 14, 2023.
Grand View Research, "Extended Detection and Response Market Size, Share & Trends Analysis Report By Component, By Deployment Type, By Application, By Religion, And Segment Forecasts, 2023-2030," https://www.grandviewresearch.com/industry-analysis/extended-detection-response-market-report, accessed April 17, 2023.
XM Cyber, "XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud workloads to Extend CNAPP Capabilities," https://www.xmcyber.com/news/xm-cyber-announces-acquisition-of-confluera-adding-run-time-protection-on-cloud-workloads-to-extend-cnapp-capabilities/, accessed April 18, 2023.
Periscope Equity, "Periscope Equity Makes Platform Investment in CyberMaxx, a Leading Healthcare-Focused Cybersecurity Firm," https://periscopeequity.com/news/periscope-equity-makes-platform-investment-in-cybermaxx-a-leading-healthcare-focused-cybersecurity-firm/, accessed April 18, 2023.
Insights for Middle Market Leaders
Receive email updates with our proprietary data, reports, and insights as they’re published for the industries that matter to you most.