Get Ready for Data Security M&A Trends:
There is a high demand for robust and effective data security solutions for governments, banks, hospitals, and companies. The need to securely access remote servers, collaborate with international co-workers, and interact with customers around the globes is indispensable for most businesses today. We want to be a resource for executives and investors in Data Security companies who are considering their strategic growth and exit options in today's environment.
3. 3
Valuations
High valuations in the data security space is largely driven by the exceptionally strong market outlook. We are
nearing 20 billion devices that are going to be connected by 2020 and this is expanding the attack points that
hackers can use to exploit. Over 9 billion data records have been lost since 2013 and almost 5 million data
records are lost or stolen every day. Think about that – it is over 200,000 records every hour.
These numbers set the table for what is happening in the data security market. The potential, the changing
landscape and the daunting task of securing critical ideas, data and infrastructure.
4. Data Security Exit Value
In the private sector, multiples seem to follow a spectrum, with anti-malware and endpoint security
technologies valued relatively highly, while on-site network security tends to receive a lower valuation.
Most of the companies that based their valuations on identity and access management technologies
have valued in the five to ten times revenue range.
5. Data Security Public Peer Analysis
In the public sector, we see a similar trend in multiples as far as EV over sales. However, security
companies are being valued much more highly than the average when looking at their EBITDA multiples.
This is a classic indicator of a rapidly maturing market, where profits are valued over market share.
6. Data Security Valuation Patterns
Looking more broadly at all disclosed multiples in data security deals from 2013 to 2018 clearly
demonstrates the broad range of possible multiples. Note that a logarithmic scale is used in order to
better display all data. The highest value deals were dominated by the technologies in anti-malware,
identity and access management, and premises network security. Palo Alto Networks, Blue Coat Systems,
Splunk, and Proofpoint have all made multiple acquisitions at over 20x TTM revenue.
7. 7
Deal Flow
No sector in the market today is untouched by digitization, whether government, finance, or healthcare, all
companies are becoming digital companies. This is exponentially expanding the attack surface for security
breaches from malware, zero-day threats and ransomware.
Whether large or small, no company is immune from the ripple effect of our globalized economy and the types
of cybercrime that are pervasive in our hyper-connected world. The M&A window shrank a bit after 2015 in
terms of the number of deals, but median deal sizes and valuations in the data security sector are continuously
climbing up.
8. Data Security M&A Activity
M&A in the data security space slacked off a bit after 2016 and fewer blockbuster deals were cut, despite
brisk venture funding activity. In 2017, more than 200 data security startups received venture funding.
With a flurry of new entrants looking to grab a slice of the spending, there's an equal amount of market
consolidation. The data security market has seen around 180 M&A transactions each year from 2015 to
2017, which is outpacing the market as a whole.
9. Deal Volume by Transaction Size
Although the number of deals in the data security sector shrank a bit, the deal size didn't get slimmer. In
2017, we saw deals getting up to the $100M-$250M range. In 2018, the number of deals in the $250M-
$1B range is significantly higher than that in years before.
10. Top Data Security Acquirers
Diving deeper into acquisition activity, we see fewer PEs as top acquirers in terms of deal count than we
normally would. More interestingly, there are also many non-traditional security companies as top
buyers by disclosed deal value, reflecting the increased need for the integration of security into all forms
of technology. Those mega deals include Johnson Control's acquisition of Tyco and Canon's purchase of
Axis Communications.
11.
12. 12
Focus Areas
The bullish M&A market for data security trends is driven by booming sectors like healthcare technology and
Internet of Things (IoT), as well as increasingly fewer acquirable independent targets as the consolidation
continues.
Disruptive data security technologies are now entering newer verticals such as connected and autonomous
vehicles, digital currency services and blockchain technology, presenting a massive opportunity and challenges
for startups and scaleups who can provide businesses with protection of their customer data and intellectual
property.
13. Data Security Targets' Focus Areas
Although the companies focusing on physical security and security integration services often receive
lower valuations, they dominated the number of M&A exits. Identify management and anti-malware
technologies are valued relatively highly and hotly pursued by security acquirers.
14. Data Security Targets' Vertical Markets
A large proportion of data security M&A targets offer solutions for transportation management, border
control, law enforcement, and correctional purposes. The banking sector also relies significantly on data
security technologies in fraud prevention, risk management, and anti-money laundering.
15. 15
Cross-border Activity
Global data breach poses critical issues for legal departments, senior managers, and boards of companies in all
industry sectors worldwide. Increasing threats of terrorist attacks and risks of IT and communication hacks are
some of the key factors that could accelerate this sector’s growth.
The past six years have seen over 16 mega deals that exceed $1 billion dollars in value, and at least five of them
are cross-border transactions expanding from the United States to Europe and further east to Asian countries
such as Japan and South Korea.
16. Data Security Cross-border Transactions
About one-third of the data security deals are cross-border transactions. Broken down into their
respective origins, there is no major surprise that the United States holds the largest share of exits and
acquisitions when the United Kingdom and Canada come as second and third.
17. Data Security Exit Volume by Region
The United States' strength has been consistent, with 79 exits in both 2013 and 2014, and over 110 exits
each year from 2015 to 2017. In Europe, apart from the United Kingdom, France, Germany, and
Netherlands each produce a nearly equal share of the European exit volume.
18. 18
Seller Profiles
Today’s big security players can’t keep up with the pace of innovation without filling product gaps quickly by
acquiring innovative technology and small teams. Buyers’ strategies vary: for instance, Symantec has been
balancing its security portfolio by both buying and divesting of products. It sold its website and PKI business to
DigiCert for $950 million, then used some of the proceeds to acquire two Israeli companies — Skycure, a
mobile threat defense firm, and Fireglass, an enterprise security solutions provider. Going forward, we see
companies leveraging AI for automated threat response and predictive threat intelligence as particularly
attractive targets.
19. Key Transactions
Phishing threat management software
Announced Date: February, 2018 Deal Value: $400M EV/S Multiple: 7.3x
AI-based security SaaS
Announced Date: November, 2018 Deal Value: $1.4B EV/S Multiple: 10.8x
Identity management & remote support
Announced Date: April, 2018 Deal Value: $739M EV/S Multiple: 6.7x
Acquired by
Acquired by
Acquired by
20. Mega Deals
Two-factor authentication SaaS
Announced Date: August, 2018 Deal Value: $2.35B EV/S Multiple: 18.8x
Web & network security systems
Announced Date: June, 2016 Deal Value: $4.65B EV/S Multiple: 7.8x
Intrusion detection & prevention & anti-malware
Announced Date: July, 2013 Deal Value: $2.7B EV/S Multiple: 10.7x
Acquired by
Acquired by
Acquired by
21. High Valuations
Israeli DAF security software
Announced Date: November, 2014 Deal Value: $198.71M EV/S Multiple: 500x
Security behavioral analytics software
Announced Date: July, 2015 Deal Value: $190M EV/S Multiple: 95x
Acquired by
Acquired by
22. Board of Advisors
David Levine
Senior Vice President, Corum Group Ltd.
Dave joined Corum in 2015 and has a diverse background in technology and life sciences. As an
executive and entrepreneur, Dave has been operating and investing in companies sitting at the
convergence of commerce and eCommerce as well as innovative life science businesses for over
25 years. Recently, Dave was CEO North America for Gaxsys, an eCommerce and logistics
company that is a leader in last mile logistics and fulfillment for eCommerce marketplaces.
Dave has been on both sides of the mergers and acquisitions table, having sold a life science
technology company, facilitated sell side and buy side technology transactions and has also scaled
multiple technology companies globally in the counter-intelligence, eCommerce, life sciences and
innovation intelligence markets. Dave sits on boards of numerous public and private companies,
including one that recently filed for an IPO.
Email: DavidL@corumgroup.com
Steve Jones
Senior Vice President, Corum Group Ltd.
Steve joined Corum after 25 years of executive experience in various high-tech industries with
both public and private venture-backed startups. He has extensive global experience, opening
international markets and growing sales from zero to tens of million in revenue. He has been on
the forefront of selling several companies and spinning off software divisions, highlighted by the
sale of GetFon to Alestra (AT&T Mexico). He is fluent in Spanish.
Steve was the founding CEO of Solera Networks, a real-time intrusion detection security
company. He also co-founded Auction Trust Network, an eCommerce company for online
exchanges which he sold to MediaForge (Rakuten Marketing).
Email: SteveJ@corumgroup.com