Ransomware attacks have spiked scarily, including a spate of assaults on U.S. infrastructure that has put information technology security operations on high alert. The threat has been growing – for years. Thoma Bravo sure saw it coming. In March, the private equity firm announced the biggest cybersecurity take-private in history. Here’s our in-depth look at PE firms investing in cybersecurity providers.

The technology-focused private equity firm’s ransomware-proliferation thesis was developed during 2019 and led to its $3.9 billion take-private of U.K.-based ransomware-defense specialist Sophos in March of 2020. The firm subsequently made some bets on artificial intelligence and machine learning-steeped defenses delivered via the cloud. And, in March 2021, the firm announced the biggest cybersecurity take-private in history, a $12.3 billion acquisition of e-mail security standard-bearer Proofpoint.

Chip Virnig

Chip Virnig, a Thoma Bravo partner who helps lead its cybersecurity and infrastructure team, expects more deals. “Consolidation is starting to occur, but cybersecurity remains one of the largest and most fragmented industries in tech,” Virnig told Mergers & Acquisitions.

“The headline events of the past few months have turbo-charged the maturation of cybersecurity practices,” echoed Joe Levy, Sophos’ chief technology officer.

Automated Solutions
Never before has cybersecurity been more firmly on the front burner, nor at a higher heat. Congress is expected to revive a decades-old debate over the need for legislation to require more vigilant cyber-hygiene, although industry members seem divided over the likelihood of any meaningful new regulations mandating increased cyber-defense capabilities; however, there’s widespread agreement on what’s really needed: more automated solutions.

Eric Noeth

Security operations automation and response, known as SOAR, is one of several industry sub-niches to have taken off. “Given the pressure to do more with less, the emphasis now is on automation,” said Eric Noeth, principal, Advent International.

Advent backs Cyware, an algorithmically abetted platform offering cutting-edge protection. The New York-based startup was born out of a daunting set of circumstances. Companies are relying on legacy alert systems that result in a mountain of unread threat data, but they’re hamstrung by a dearth of cybersecurity professionals.

Not surprisingly, Cyware has seen demand for its service – call it “next-generation strategic threat intelligence” – skyrocket. According to the company, Cyware has enjoyed 120 percent year-over-year annual revenue growth in 2020, punctuating three straight years of triple-digit growth – and coinciding with triple-digit growth in ransomware attacks.

Wave of Private Capital
The stage has been set. PE investors and their portfolio companies have carried out more and more cybersecurity acquisitions each year for roughly the past decade. About $40 billion in private capital has flowed into cybersecurity companies since 2018, and there are about 2,000-plus cybersecurity companies worldwide.

PE interests represented more than one-third of cybersecurity buyers in 2020, versus being less than 5 percent in 2010, according to London-based Hampleton Partners, a technology M&A consultancy. Valuations have been robust, based on enterprise value-to-sales metrics, with cybersecurity EV/S multiples at around 5x, as opposed to 3x seen in the wider enterprise software market.

Boston-based Advent, through its $2 billion Advent Global Technology fund, this past March led the $30 million Series B round of financing into Cyware, alongside Ten Eleven Ventures, and with additional participation from a slew of previous investors, including Mercato Partners’ Prelude Fund, Emerald Development Managers, Great Road Holdings and Zscaler. Cyware has raised $43 million to date.

PE players are quietly snapping up smaller “next-generation” innovators as well as executing splashier deals for established platforms.

The pace of dealmking remains furious, confirms Matt Fiore, managing director, DC Advisory, a boutique investment bank. In 2020, by Fiore’s count, there were 220 cybersecurity transactions, up from 164 in 2019. And 2021 is on track to beat 2020, with 115 deals announced as of May 31.

“In a perimeter-less world, with everything remote, the threat landscape is now essentially everywhere,” Fiore said. “Securing data in the cloud is paramount. This space is more active than it has ever been. And it has been really, really active.”

E-mail security, Virnig said, is an example of a market that has been around for decades, but which now “needs to be more secure than ever before with the increased threat of spear phishing attacks.”

Another cyber-niche on which Thoma Bravo is betting big: application security. In 2019, Thoma Bravo went on a spree, acquiring Veracode and Imperva, two top application security platforms.

“Software continues to run the digital economy, and the underlying data and applications/code are increasingly under attack,” Virnig said.

He agrees there are just too many facets of/sub-pockets within cybersecurity that no one can broadly dominate the space. “But,” Virnig added, “within each sub-pocket there is room for a few category killers.”

Cloud, Crypto
Sophos’ Levy said the transition to the cloud has been an era-defining explosion for business and technology. Add into the mix the pandemic-spawned work-from-home paradigm shift and the rise of cryptocurrencies, he said, “and now you have the perfect storm for the ransomware eruption.”
Sophos’ proactive approach combines common sense prevention protocols with state-of-the-art technologies driven by automated/AI/machine learning systems dubbed, in the parlance of the realm, as “skilled threat hunters.”

Derek Liu

Derek Liu, a Baker McKenzie M&A partner, who specializes in technology, said more providers are on the prowl, looking to become one-stop shops. “Many go from excelling at, or owning, one or two narrow categories, and then, with that beachhead of subscription revenue, move to widen their offerings,” he said.

One recent example came in May when publicly traded identity authentication and security platform Okta Inc. acquired Auth0 in a $6.5 billion stock transaction. Auth0 specializes in customized identity authentication solutions for application developers, complementing the acquirer’s core platform of pre-configured enterprise offerings.

Westport, Conn.-based Bluff Point Associates, a private equity firm managing $200 million in committed assets, has been on a niche-carving jag in financial services.

In March, Bluff Point acquired (for undisclosed terms) Swanzey, N.H.-based True North Networks, which focuses on cybersecurity for wealth managers. The deal comes just a few months after one of Bluff Point’s other IT-centric portfolio companies, Chesterfield, Mo.-based Swizznet, a provider of cloud services to accounting firms/departments, acquired Lenexa, Kan.-based RightSize Solutions, a provider of cloud-based cybersecurity solutions to Registered Investment Advisors (RIAs).

“We’re looking at both add-ons as well as new platform companies,” said Kevin Fahey, managing director at Bluff Point. “Cybersecurity has always been an aspect of IT, but now it’s a priority,” he added. “The trend of more deals has been accelerating. With ransomware attacks on the rise, I don’t see that changing.”