Cybersecurity transactions have recently jumped to their highest levels in a year, including Falfurrias Management Partners’ recent investment in Moxfive. One potential growth area: PE firms and their portfolio companies.

Moxfive’s relationships with insurers helped it stand out in a cybersecurity space of double-digit multiples and well-attended auctions.

Moxfive repairs data breaches and then sets up clients with new cybersecurity defenses, an industry standard game plan. The trick is to get the initial call to respond.

“If a business experiences a cybersecurity breach, they typically call their cyber insurance carrier first and that starts a chain reaction that ideally has the carrier calling Moxfive,” Falfurrias Partner Wilson Sullivan says.

Now, with Falfurrias’ investment and involvement, the plan is to apply that same dynamic to the private equity industry. Sullivan says the Charlotte, N.C.-based Falfurrias operations partner in charge of technology “spends more time today than ever before on cybersecurity risk” across the portfolio, a scenario playing out with increasing frequency throughout private equity.

“The private equity world is trying to make better sense of cybersecurity and trying to establish standard industry playbooks for managing these types of risks and to try to minimize the threat of breaches,” Sullivan says. “So Moxfive is going more deliberately into private equity.”

Falfurruias portfolio company Crosslake Technologies, a PE advisory and due diligence provider, already dabbles in cybersecurity and its CEO Barr Blanton has been asked to join the Moxfive board. Sullivan was also appointed to the board.

“We think Moxfive’s offering is very relevant to PE firms, who are more focused on cyber risk than ever before,” Sullivan says.

Authorities estimate that 80 percent of ransomware attacks target companies with fewer than 1,000 employees, making middle-market PE portfolio companies particularly vulnerable. San Francisco-based Genstar Capital portfolio company ACA Group, a governance, risk and compliance advisor to financial services, estimates portcos account for 44 percent of those attacks annually.  

Beyond the PE angle, cybersecurity in general, is in high demand as data breaches continue to reach record levels and are driven in part by the rapid rise in cloud-based cyberattacks. Companies new to the cloud are scrambling to bolster their defenses and expand their capabilities, giving rise to a new crop of cybersecurity offerings and services.

GlobalData forecasts that the cybersecurity market will reach $290 billion by 2027, growing at a compound annual growth rate of 13 percent.

Despite broader economic uncertainties and a general M&A malaise, hackers, increased regulatory scrutiny and the ongoing digital transformation across most industries have focused widespread investor interest on cybersecurity.

After falling off in 2023, the cybersecurity M&A has significantly recovered in 2024. Capstone Partners reported that 226 announced or completed transactions in 2024 through July 16, outpacing the same period last year by 13.6 percent.

And that doesn’t count the roughly two dozen deals announced in August, including Falfurruias’ investment in Tysons Corner, Va.-based Moxfive.

“An important part of our strategy is to invest in companies that we think are well positioned in markets that are experiencing secular or durable trends, which is to say companies that are in markets that will grow regardless of economic cycle,” says Sullivan. “And there may be, unfortunately, no better, secular, durable trend than cybersecurity costs and frequency. We think that that will continue to grow.”

Sullivan says Falfurrias is also searching for add-on acquisitions to grow its new cybersecurity platform. Contact him at [email protected].