We can say with confidence that 2020 has been nothing short of transformative. The shockwaves of 2020 are impacting almost every industry and cybersecurity is no different. From the global pandemic, to the U.S.elections and the launch of 5G, all these and more are reshaping cybersecurity, creating new threats and with them, new opportunities.
With that in mind, here are a few things players in the M&A space should be looking for in cybersecurity companies.
1. Companies providing security products to support remote work
With the massive and sudden shift to remote work, our home computers are now a bigger target than ever before. Mass adoption of new video conferencing software, increased VPN usage, changing behaviors and policies relating to access management / permissions, increased cloud usage – all of these open up doors for new security threats while extending employer liability and responsibility outside of a controlled office environment. Cybersecurity companies who can provide unique solutions to put remote employers at ease could be a very good bet these days.
2. Companies addressing the massive vulnerabilities of 5G
As we begin to roll out 5G networks, a host of new cyber threats is emerging. Ericsson for example, predicts a massive IOT boom which will lead to tens of millions on new connected devices, from cars to appliances, all looking to realize their potential on the new high-speed low-latency network. This poses a huge new threat that needs to be addressed in the very near future. Another issue with 5G is the network’s shift from a centralistic hardware approach to a distributed digital router approach, which means fewer security choke points and higher risk. Companies who can address these issues will be in high demand over the coming years.
3. Companies operating in new vectors like advertising security
Traditional vectors in cybersecurity include application security, network security, cloud security, IOT security, Critical Infrastructure security – all of which are very competitive red oceans. Upcoming players in these spaces may struggle to break through, especially when CISOs are afraid to entrust their security in the hands of an upstart, when they can opt for an alreadywell-established player. For promising new companies, buyers and investors might need to look to emerging “blue oceans” like advertising security – an upcoming space with massive bot-related problems like click fraud and OTT advertising fraud.
4. Companies making cybersecurity accessible for small businesses
60 percent of malware attacks and phishing scams are targeted at small businesses, per Alert Logic, likely due to a lack of security measures taken by small business owners. While 43 percet of small businesses suggest they have no security solution or plan in place at all, according to BullGuard. These numbers are likely to get even worse, as Covid-19 wreaks havoc on brick and mortar businesses, forcing many to hastily switch to digital channels. Companies who can create accessible products, built for small business owners rather than for CISOs, will have a grand opportunity in a highly unsaturated market.
5. Companies solving the challenges of organized election meddling
2016 marked the first major, documented incident of (allegedly) state-organized election meddling via online media. Fake news is already having a $78 Billion impact on the global economy, per Cheq, and this new form of communications warfare only seems to be increasing. In 2020 alone, there were over 70 elections worldwide, including the much-anticipated U.S. election, which many fear will be compromised by bad state-actors looking to spread misinformation to affect public opinion and voter turnout. Couple that with the fact that ad-spend on the U.S. election alone is set to pass $1 billion this year for the first time ever, per estimates from the research firm eMarketer, and it would seem like there could be big business in election security, especially the kind focused on detecting malicious networks of fake accounts and bots who are typically tasked with distributing the misinformation.
Looking forward, cybersecurity M&A, as we suggest in this piece, will focus increasingly on new areas of growth in promising “green fields.” The traditional vectors of cybersecurity are becoming highly saturated and the risk averse nature of the industry makes it hard for upcoming players to break through where competition is stiff. However, as digital transformation continues to spread and new technology continues to drive more device connectivity, bad actors will persist in finding sophisticated ways to exploit vulnerabilities, leaving an opening for the emergence of new vectors and growth opportunities.
Daniel Avital is Cheq's chief strategy officer.
Guy Tytunovich is the CEO of Cheq.