After grinding to a halt during the Covid-19 pandemic, Cybersecurity mergers and acquisitions (M&A) are again gracing the headlines. In the prevailing economic climate where many companies are falling short of their goals, some companies are actively working to improve their bottom line and competitive positioning through strategic M&A moves.
Despite all uncertainties, the M&A activity in the cybersecurity field is heating upin 2021 as firms are becoming more conscious of new privacy and security issues that have emerged during the COVID-19 crisis. In fact, M&A volume has witnessed a massive increase during the first six months of the year, with significant deals for companies operating in the field of cloud security, security consulting, and risk and compliance. According to Momentum Cyber Report, 50 cybersecurity merger and acquisition deals were announced in Q1 2021 alonewith a median disclosed value of $235M.
Below are the 10 most notable M&A transactions of 2021 focused around cybersecurity:
TPG Capital Merges Thycotic and Centrify
Private equity firm TPG Capital has merged two of its recently acquired companies Thycotic and Centrify in an effort to emerge as a market leader in the identity security space. Thycotic is recognized for its cloud-first identity security solutions, while Centrify is a strong player in the privileged access management (PAM) market.The acquisition deal for Thycotic and Centrify closed at $1.4B and $900M respectively. “The combination of Thycotic and Centrify creates a leader in one of the most important and strategic sub-sectors of security software,” said Tim Millikin, a partner at TPG Capital.James Legg,previously CEO of Thycotic,stated, “Combining these two synergistic platforms allows us to offer customers an expanded range of products to address their increasingly complex security requirements.” James will be named president of the merged firms.
Bain Capital, Crosspoint Capital Acquires ExtraHop
Private equity firms Bain Capital and Crosspoint Capitalfirst announced the acquisition of ExtraHop, cloud-native network detection and response vendor, on June 8, 2021.The deal valued at $900M finally closed on July 22. In a press release, Max de Groen, Managing Director at Bain Capital said, “We’re thrilled to join the talented team at ExtraHop, in partnership with Crosspoint Capital, to help accelerate the growth of the business and continue advancements in the art of cyberdefense.” The acquisition should help ExtraHop expand its horizon in the field of cybersecurity and accelerate its innovations to help customers defend against new and emerging cyberattacks.
Newtown Lane Marketing To Acquire Appgate
Secure access vendor Appgate agreed in February to merge with Newtown Lane Marketing Inc., a publicly-traded shell company.Under the terms of the agreement, Appgate will become a public company with significant financial resources to accelerategrowth, scale, and go-to-market strategies.Appgate’s existing private equity partnersBC Partners and Medina Capital will remain Appgate’s majority shareholders and control approximately 74.4% of Newtown’s common stock.The merger will be valued at $1B.Appgate received $50 million at the signing of the merger agreement to immediately fuel further growth, will receive $25 million at closing, and will receive up to an additional $25 million post-closing. “Appgate is at the forefront of the cybersecurity industry, and we are delighted it has decided to merge with Newtown,” said Jon Ledecky, President and controlling shareholder of Newtown.”
STG Acquires McAfee
Private equity firm Symphony Technology Group (STG)agreed to buy McAfee’s Enterprise business in March2021. The deal valued at $4 billion finally closed on July 27. “McAfee’s Enterprise business has been integral to ensuring the protection of the digital assets of the largest enterprises in the world, with over 85% of the Fortune 100 firms being customers today,” said William Chisholm, Managing Partner at STG in a press release. He added, “Cybersecurity has never been so important and we’re committed to working with this team to create powerful solutions that give organizations better control of their security.”McAfee’s enterprise business will be rebranded in the coming months while its consumer business will continue to be publicly traded under the McAfee name.
Okta Acquires Auth0
Octa in May announced the successful completion of its $6.5BAuth0 acquisition deal. Both Octa and Auth0 are big players in the identity and access management (IAM) sphere. Under the terms of the agreement,Auth0 will operate as an independent business unit inside of Okta, and both platforms will be supported, invested in, and integrated over timeto accelerate innovation. The deal should give organizations greater choice in selecting the best identity tool for the unique needs of their customers. “Combining Auth0’s developer-centric identity solution with the Okta Identity Cloud will drive tremendous value for both current and future customers,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta.
IronNet Merges with LGL Systems Acquisition Corp.
IronNet Cybersecurity, Network Detection and Response (NDR) vendor, announced the completion of its $1.2B merger with LGL Systems Acquisition Corp in August. The merger allows IronNet to go public and listed on the New York Stock Exchange. The deal will also help the company capitalize on thegrowing demand for innovative solutions to defend against increasing onlinevulnerabilities and fuel its revenue growth. In a press release, Robert LaPenta, Co-CEO of LGL Systems Acquisition Corp. stated, “Current methods of cyber information sharing, analysis, and collective action are simply too manual and too slow to be effective”. “We believe this merger will make a real difference in helping IronNet protect our fellow citizens from accelerating aggression by an invisible enemy intent on hurting our well-being.”
Ivanti Acquires RiskSense
On August 2, 2021, Ivanti, IT Software company, announced it has acquired RiskSense,risk-based vulnerability management and prioritization firm, to strengthen its patch management capabilities.“Ivanti has been a leader in patch management for many years, but the acquisition of RiskSense will take our capabilities to an even higher level,” said Jim Schaper, Ivanti Chairman and CEO. “This combination will allow us to provide our customers with a holistic view of vulnerabilities and exposures, and then enable them to take fast action through Ivanti Neurons for Patch Intelligence.” Acquisition terms were not disclosed.
Microsoft Acquires CloudKnox Security
On 21 July 2021, Microsoft acquired CloudKnox Security, a startup that helps organizations ensure that employees and virtual identities don’t have toomuch access to cloud infrastructure. While the terms of the acquisition weren’t released, the deal appears to be Microsoft’s strategic move to expand its security business, and enhance the security of its Windows products. Regarding the acquisition, Joy Chik, corporate VP of Microsoft Identity, said, “The deal further enables Microsoft Azure Active Directory customers with granular visibility, continuous monitoring and automated remediation for hybrid and multi-cloud permissions.” This is Microsoft’s second acquisition this year after RiskIQ.
Microsoft Acquires RiskIQ
In a strategic move to embrace the concept of Zero Trust, Microsoft acquired cybersecurity firm RiskIQ for $500M on 12 July, 2021. RiskIQ provides cloud-based SaaS software to organizations to detect and remediate cyber threats before they become full-blown security breaches. Thus, it has emerged as a leader in global threat intelligence and attack surface management. “The vision and mission of RiskIQ is to provide unmatched internet visibility and insights to better protect and inform our customers and partners’ security programs. We’re thrilled to add RiskIQ’s Attack Surface and Threat Intelligence solutions to the Microsoft Security portfolio, extending and accelerating our impact. Our combined capabilities will enable best-in-class protection, investigations, and response against today’s threats”, said Elias Manousos, RiskIQ Cofounder and CEO.
Deloitte Acquires aeCyberSolutions
Deloitte Risk & Financial Advisory in August confirmed the acquisition of industrial cybersecurity firm aeCyberSolutions for an unrevealed amount. The deal is expected to strengthen Deloitte’s existing cybersecurity capabilities by leveraging aeCyberSolutions’s reliable frameworks, methodologies, and technology-enabled tools for the industrial sector.“We are committed to growing aggressively in cybersecurity.” There’s only a limited number of people with the right cybertools and understanding. This is a way for us to [move] in an aggressive fashion. And all these teams bring us senior-level experience”, said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G and IoT leader and principal of Deloitte &Touche.
2020 has been a tough year for every industry, but these M&A deals of 2021 clearly show that the technology sector will witness a strong economic recovery in the coming months with the increased need forcybersecurity. The growing demand for new and efficient solutions in the cybersecurity space is an opportunity for both acquirers and sellers to execute M&A transactions and maximize the value of their business.
Zackary L. Ruiz co-founded The LEVELGRID. A US-based investment and merchant banking firm, The LEVELGRID focuses on actively manage direct investments in Europe, the Middle East, and Asia as principal and co-investors.