Information security continues to grow in importance, size and profile nationally and internationally. 2016 was another record year for mergers, acquisitions and financings for the information security sector.
For the calendar year, 137 M&A transactions totaling more than $19.4 billion in value and 268 venture capital financings totaling more than $4.3 billion in value were completed.
This compares to 2015 during which 80 M&A transactions totaling $29.5 billion in value and 377 venture capital financings totaling $3.3 billion in value were completed.
The dramatic 71% increase in the year over year volume of M&A transactions and 29% decrease in the year over year volume of venture capital financings, appeared to portend of a shift towards consolidation via M&A and away from venture financings.
However, results from the first quarter of 2017 bucked the trend with 35 M&A transactions and more than 50 venture capital financings completed.
Plenty of capital continues to flow into promising young companies, however, industry consolidation continues to progress as early stage investors seek liquidity and acquirers seek to build or maintain their competitive advantages.
This robust M&A activity from both strategic acquirers and private equity groups contributes to an attractive industry profile for venture capital investors.
Robust transaction activity is being accompanied by a continual string of news stories involving both public and private sector breach victims.
For example, public and private sector security issues became alarmingly clear to the general public in 2016 with the hacking of the Democratic National Committee by Russia amidst an apparent attempt to impact the US Presidential election.
Well known companies in the headlines for significant data breaches included Wendy’s Restaurants, Yahoo, eBay, Uber, and many others.
The economic impact of information security issues was illustrated by the $350 million reduction in purchase price paid by Verizon to acquire Yahoo as a consequence of Yahoo’s past information security problems.
Given the magnitude of the threat, spending on information security in both the public and private sectors climbed to record levels in 2016.
According to Gartner, worldwide information security spending totaled approximately $75.4 billion in 2015 (Source: Gartner, September 23, 2015, “Gartner Says Worldwide Information Security Spending Will Grow Almost 4.7% to Reach $75..4 Billion in 2015) and will continue growing at a 7.8% CAGR through 2019 (Source: Gartner, Forecast Analysis: Information Security Worldwide 4Q15 Update, March 22, 2016).
The US Government ramped up spending on cybersecurity from approximately $13 billion in 2015 to $14 billion in 2016 with a budget of $18 billion for 2017.
The growth in the Federal Government’s cyber budget reflects the national security risks of IT connectivity as an inherent part of all aspects of public and private life. This importance has not been lost on the Trump administration which has emphasized the need to focus additional resources in this area.
As market demand continued its growth in 2016, median public company valuations rebounded from their trough in mid-February 2016 after a steep decline beginning in June 2015.
For example, the cybersecurity focused Exchange Traded Fund (ETF) HACK, reached its peak on June 22nd, 2015 at $33.25 per share bottomed on February 9, 2016, at $19.66 a share and then rebounded to close on December 31, 2016, at $26.44 a share.
During the year, the median HACK Enterprise Value/EBITDA multiple increased from 51x to 56x while the average Enterprise Value/Revenue multiple decreased from 12.4x to 10.8x, reflecting investor focus on profitability.
HACK continued its rise in the first quarter of 2017, as the price per share increased by 11.6% to $29.52/share as of March 31st.
Since the beginning of 2016, the only initial public offering involving a cybersecurity company was the SecureWorks IPO which priced at $14 per share and then declined to $10.59 per share by year end.
MORE M & A: Click here for all the latest mergers & acquisitions.
With the void of IPOs, private equity flexed its financial muscle with Vista Equity acquiring IPO candidate PING Identity and KKR acquiring IPO candidate Optiv. Vista Equity also took advantage of the languishing stock price of Infoblox and acquired the company for $1.6 billion (3.5x revenue) in a take-private transaction.
Other large private equity transactions included Thoma Bravo’s acquisition of Imprivata for $488.5 million (3.7x revenue) and TPG Capital’s acquisition of a majority position in McAfee from Intel at an enterprise value $4.2 billion.
Strategic acquirers accounted for the majority of the M&A transactions in 2016 and the first quarter of 2017 with notable transactions including the following:
• Symantec transformed its business by acquiring Blue Coat from Bain Capital for $4.7 billion (7.9x revenue), and identity protection provider LifeLock from a collection of Venture investors for $2.4 billion (3.6x revenue).
• Intel acquired Mobileye for $15.3 billion (41.9x revenue, 120x EBITDA)
• Cisco acquired AppDynamics for $3.7 billion (18.9x revenue)
• AVAST acquired AVG for $1.4 billion (3.4x revenue) • IBM acquired Resilient Systems for $100 million
• FireEye acquired iSight Partners for $275 million (6.9x revenue)
• Cisco acquired of AppDynamics for $3.7 billion
With plans to ultimately exit via strategic acquisition, private equity or IPO, venture capitalists poured more than $4.3 billion into 268 information security companies in 2016 and completed an additional 50 investments during the first quarter of 2017.
Notable venture capital financings included:
• StorageCraft’s raise of $187 million from TA Associate
• SkyBox Security’s raise of $96 million from Providence Equity Partners • DarkTrace’s raise of $64 million from a syndicate of investors including KKR
• Cylance’s raise of $100 million from a syndicate of investors including Insight Ventures and Blackstone
• ProtectWise raised $25 million from a syndicate of investors including Arsenal Venture Partners
The robust market growth and industry fragmentation have attracted an abundance of capital providers. For example, Trident Capital Cybersecurity raised a $300 million Cybersecurity fund during the first quarter of 2017.
We have seen numerous examples of venture capital and private equity funds building their industry expertise as they attempt to sort out the winners from the losers. Despite best efforts, it remains very challenging for investors and acquirers to differentiate based on technology alone.
Universal business fundamentals including strong growth, recurring revenues, high-profit margins, differentiated offering and well-respected management teams, drive strategic and financial investor/buyer interest.
Relative disparities in these criteria amongst companies with similar technologies are driving significant variances in enterprise values. To counter this, companies seeking to sell or raise capital should professionally prepare and obtain bids from multiple parties to assure optimal price and terms.
Hacking attempts, data breaches, and associated news coverage continue to escalate making clear to the general public the significant threat to public and private sector security. In response, the total available market is expected to continue growing rapidly.
As industry revenues increase, the pace of transactions will move in parallel with heightened M&A activity and continued investment by private equity and venture capital investment funds.
This article was taken from Headwaters 2017 Aerospace & Defense Report. To download the full report, click here.
Thomas McConnell is a director working out of the Denver office of investment banking services provider Headwaters. He can be reached at (303) 951-7125 or [email protected]
READ NEXT: Cybersecurity Risk Is Real: SSI’s 2017 Physical-Logical Security Assessment