Acquisitions within cyber security have ramped up significantly in the past few years. The chart below outlines some of the notable security transactions solely during the bottom-half of 2016.
What trends are contributing to this surge in activity? These increased levels of M&A recently are due to several factors:
1. An Overcrowded Market: too much of a good thing
How did the cybersecurity market become overly-fragmented?
The traditional cybersecurity strategy for enterprises centered around a defense through depth of different technologies. Essentially, more layers of security generally meant greater control and prevention capabilities. The traditional firewall was the security bread and butter for any enterprise, and companies would continue to layer and build further security capabilities on top.
The entire cybersecurity market is around $55bn, meaning that enterprises continue to purchase new security solutions, but rarely phase out existing security infrastructure. This drives security spending higher, making security architecture overly complex and driving a crowded security landscape. A jam-packed, complex security infrastructure can hurt productivity by restricting certain capabilities, slowing down the overall network, or creating false positives, like a legitimate email getting blocked.
Due to difficulties and greater complexities in deploying or uninstalling security software, more and more cybersecurity vendors are prioritizing simplicity of use and ease of deployment. Ease of integration is a critical characteristic of up and coming security players.
2. Trend Toward Broad Platform Providers: spending more on less
A quality that applies across both investments and M&A activity is the movement away from more pinpoint cybersecurity solutions towards more comprehensive security platform solutions. Enterprise security spending is not expected to decline, rather security has catapulted to the top of the IT spend stack. As more and more companies recognize cybersecurity as a priority, spending is positioned to rise.
Now that a company's security has vaulted to the top of the priority list, it has become the responsibility of C-suite executives and leaders. Unlike the enterprise engineering teams that previously overlooked the decision making process for security solution purchases, executives do not share the same level of technical expertise. As a result, enterprises are beginning to favor broader platform providers who offer multiple security functionalities. Instead of having to juggle several different vendors, companies can easily manage and upgrade their security capabilities through one vendor. This pain point impacts enterprises across industries, and applies two-fold for regulation-heavy industries like financial services.For example, Deutsche Bank works with over 600 different security vendors globally to uphold its strict cyber security guidelines.
This trend is likely to benefit larger security providers like Palo Alto Networks (NYSE:PANW), Cisco (NASDAQ:CSCO), and Symantec (NASDAQ:SYMC), especially as they roll up best of breed vendors in a spree of M&A.
3. Fast-changing landscape: speed of product development is crucial
The cybersecurity market is rapidly changing, with new technologies popping up in tandem with an evolving IT landscape. Even a timespan of months can make a significant difference in terms of positioning. As a result, speed to market is paramount.
An example is the privileged account management space, one that is still a greenfield sector, with relatively fewer players and rapidly growing demand. The first-mover and consequent market leader in this space is CyberArk. Due to the importance of speed in cybersecurity, security companies may opt to acquire solutions as a way to quickly establish a footprint rather than organically develop one.
Keep an eye on how public companies are integrating acquisitions and building upon their security platforms. Popular security technologies that are being snapped up include behavioral analytics, CASBs (cloud access security), and identity authentication. Notable companies that have been especially acquisitive are ProofPoint (NASDAQ:PFPT), Fortinet (NASDAQ:FTNT), Cisco, and Symantec.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.