Exits of Cybersecurity Companies Increase 15-fold Over Five Years

Exits in the cybersecurity space, including acquisitions and IPOs, increased by an astonishing 15x from 2014 to 2018, according to research from FinTech Global.

The research covered companies that offer cybersecurity solutions which can be used by financial institutions. The surge of activity in this sector shouldn’t be too surprising given the staggering growth of financial crime and the rapidly developing consensus that cyber threats constitute the biggest challenge facing the global financial services industry.

The five years between 2014 and 2018, inclusive, saw a compound annual growth rate of 97% in terms of the number of exit transactions.

One of the most significant deals of last year was the acquisition of California-based software firm Cylance, which utilizes AI to prevent computer viruses and malware. Cylance was acquired by multinational tech conglomerate Blackberry for a $1.4bn price tag in November 2018.

The first half of 2019 saw a relative slowdown in exits, with 17 deals completed compared to 23 in H1 2018. The sole IPO of the quarter was undertaken by Tufin, a global leader in enterprise network security policy orchestration, which raised $108m at a valuation of around $450m

Companies in the Threat Management/Security Operations and Cloud Security categories are leading exit activity

Since 2014, companies offering products for Threat Management/Security Operations were responsible for nearly a quarter of all cybersecurity transactions, with 27 of 109 total exits. The next three high-activity subsectors include: Cloud Security; Identity & Access Management; and Application Security. In aggregate, the three categories comprise over 38% of transactions in the cybersecurity market.

One of the most significant transactions in the top subsectors involved Demisto, a security operations platform offering products in the Threat Management/Security Operations and Cloud Security subsectors, which was acquired by Palo Alto Networks for $560m in February 2019.

Cloud Security saw the biggest relative jump in exit activity recently, with more than a four-fold increase in exit transactions, from 4 in 2017 to 17 in 2018. As more and more organizations migrate data and applications to the cloud, the explosive growth in the number of cyber attacks on cloud storage and cloud connectivity continues. As organizations that use the cloud are three times more likely to experience a data breach than those who do not, according to a study by Intel Security, it’s understandable that exit activity in this subsector has grown dramatically.

More than three out of four cybersecurity exits since 2014 were completed by US companies

The US and Israel are the most mature cybersecurity markets and home to some of the most advanced cyber technologies and innovative companies providing cybersecurity solutions.

The US is the global leader in cybersecurity deal activity and was responsible for 76% of the 109 exits since 2014. Companies in the US have also attracted the largest transactions, accounting for all eight cybersecurity exits, valued at $1bn and over, since 2014. Indicative of this is Ann Arbor, MI-based firm Duo Security, a provider of cloud-based two-factor authentication services, which was acquired by Cisco for $2.4bn in August 2018.

Cybersecurity companies in Israel attracted the second highest number of exits, accounting for over 6% of transactions globally. Tel-Aviv based companies such as Fireglass, an anti-malware and phishing service, acquired by Symantec for $250m in June 2017, continue to drive cybersecurity innovation in the Israel. The dynamic cybersecurity ecosystem has been helped, in part, by Israel’s intelligence division, which is a global leader in military cyberscurity and has become a training ground to develop young cyber experts, giving potential entrepreneurs the expertise to start their own cybersecurity companies once their military service is completed.

Canada and the UK follow some way behind with each accounting for 3.7% of companies that exited since 2014. Companies in The Netherlands, Norway, and Switzerland each hold a 1.8% share of exit transactions.

The Other category is responsible for 4.6% of total exits in the market, and consists solely of European countries: France, Germany, Hungary, Ireland, and Sweden. Overall, European companies comprise an aggregate of nearly 14% of global cybersecurity exit transactions.

The lack of exits in other countries is indicative of the relative maturity of the industry in North America and Europe, as opposed to a lack of innovation. In fact, at the start-up level, an increasing number of cybersecurity companies are establishing themselves in numerous cities around the world and we expect to see considerable pick up in M&A activity, in other regions, particularly Asia, over the next couple of years.