The cyber security technology sector continues to experience a wave of acquisitions. Leading technology vendors and security service providers continue to strengthen their portfolios by acquiring technology and capabilities to address opportunities in cloud security, threat detection, orchestration and automation.
Over the last two to three years, the cyber security sector has experienced significant acquisition activity. Within the last year GlobalData has counted a minimum of five acquisitions per leading vendor for 2019. If we equate this in monetary terms, external sources report that quarter one in 2019 on its own generated more than $7bn in deals. Investment in startups also continues to gain momentum with global investments totalling more than $6bn. All this indicates a real demand for cyber security to address the threats placed on IT systems globally across consumer, business and government entities.
Drivers of M&A activity
From a technology perspective, there are a number of factors that are driving mergers and acquisition (M&A) activity. In cyber security, two key end user enterprise business drivers stand out. Firstly, the advancement of enterprise IT in leveraging cloud delivery, and secondly the emergence of Internet of Things (IoT). Applications are transforming traditional connectivity and application delivery models to create flexibility and agility in networks at lower price points.
Addressing cloud security
Although public cloud providers include security to fortify their cloud infrastructure, the end user enterprise is ultimately responsible to ensure that their data and applications on the public cloud are secure. In reality, a large proportion of organisations do not have adequate security measures in place. A number of these companies have experienced some form of cloud security incidents. These include unauthorised cloud access, misconfiguration of cloud platforms, account hacking, and insecure interfaces. In addition, a large number of end user enterprises are struggling with operational and compliance risk issues with respect to their cloud infrastructure. All of this is creating more uncertainty for businesses.
Security market offers business opportunities
Taking into consideration these types of enterprise challenges, the cyber security market continues to create significant opportunity for technology vendors and service providers to develop robust solutions to address cloud security. However, the cyber security market is still in catch up mode in terms of maturity and in having defined portfolios that address emerging areas.
In addition, many leading global vendors are placing more emphasis and investment in developing their portfolio roadmaps. These are next generation solutions addressing cloud delivery. Because of this, traditional service providers are jumping on the cyber security bandwagon by looking to acquire cloud security technologies to extend their managed IT service portfolio solution offerings.
Key cyber security acquisitions
Some of the companies that have been highly active in acquisitions include Palo Alto Networks, a company that made a number of acquisitions in 2019. These include acquiring Twistlock and PureSec, to extend its Prisma™ cloud security strategy, and the acquisition of Demisto, a leading cyber security company specialising in security orchestration, automation, and response.
Other examples include Check Point Software acquiring Cymplify to build its IoT security offering. Lastly, Accenture acquired Symantec’s cyber security services business from Broadcom, to build out its managed security threat intelligence services business by combining its expertise in advanced analytics, automation and machine learning.
Skills are in high demand
A key observation from all of these acquisitions is that many of these buyers are leading global companies with deep pockets. In a market where skill sets are in demand and product development life cycles are long, it makes business sense to bring in these capabilities. It is achieved through acquiring niche, but highly credible technology-savvy vendors that are focusing on specific areas within the cyber security value chain. Many of these target acquisitions have also gone through a series of investment funding and are now investment-ready as part of their exit strategy. These investment trends in cyber security are somewhat different when compared to general IT, where leading vendors aim to consolidate the market and take out smaller competitors.
More acquisitions on the way
As acquisitions move forward in 2020 and beyond we see further investments happening. Within cloud security, in the next two years GlobalData expects acquisition opportunities in Artificial Intelligence (AI) Base Detection, Internet of Things (IoT) Threat Detection, Workload Protection Platforms, Cloud Access Security Brokers (CASBs), and Cloud Security Posture Management. Additionally, we see vendors with credible solutions in Threat Management, Identity Access Management, and improvements to platforms that improve translation of security data for multi-cloud delivery, multi-cloud, zero-trust application and security platform, gaining traction in the market. This will make them interesting targets for investors.
Integration is the challenge
So, acquisitions in the cyber security sector at this moment in time will continue to gain momentum as we move forward 2020 and beyond. For leading vendors with aggressive acquisition strategies the challenge is always going to be how successfully they can integrate the different technologies as they move forward with their portfolio roadmaps. On the other hand, competitors that do not see M&A initiatives to be strategic to their corporate strategy surely must consider how they will capitalize on cloud cyber security opportunities.
Evaluation is needed
These trends create even more complexity for end-user enterprises that are attempting to reduce and consolidate different security solution vendors across their network and move to become more self-sufficient in managing the security layer for the cloud environment. Therefore, as part of an enterprise’s sourcing strategy, companies must evaluate and measure the mid-long term benefits that its selected cyber security vendor has to the needs of the business, and carry out a full risk contingency assessment on newly launched cloud cyber security portfolio suites that have been developed through acquisitions.
NS Tech and GlobalData are part of the same group