Cybersecurity: A sector with growing M&A activity

Alejandro Vázquez, CFA

Head of Debt and Financing Advisory / M&A

“There are only two types of companies: those that have been hacked and those that will be.” Robert Mueller, former FBI director.

IMAP’s Cybersecurity Expert Team has published its report on the industry’s M&A activity in 2017 and the outlook for the future. The main finding are summarized in this article. The report can be accessed here (English).

The cybersecurity market

The global cybersecurity market continues to show strong growth, driven by the increase in the number of attacks and volume of stolen data reported in recent years. Estimated annualised growth for the 2016-2020 period is 9.5% and by 2021 the market is expected to be worth €172 billion, a figure that is particularly noteworthy given its short life.

In certain market segments, such as Security and Cloud-Based Data Protection (SaaS) and Next Generation Malware Detection, growth is expected to be significantly higher than the market average, with annual growth rates between 37%-50% (2014-2020).

There are several trends that explain the sector’s rapid growth and the highly positive outlook for the coming years.

Trends

  • Increase in the number and notoriety of cyber-attacks

In 2017, there were more than 5,000 instances of data breaches, up 24% from the previous year, with almost 8 billion records accessed.

In addition, the attacks were distributed in such a way that the damage they caused was heavily concentrated, with the 5 largest data breaches (0.1% of the total) accounting for 72% of all records exposed by these types of attack.

 (a) Data and logging violations and (b) Most frequent types of attacks


These large-scale attacks, in addition to the direct cost, are widely publicised in the press and can jeopardise the reputation of the companies concerned. Over the last twelve months we have seen attacks involving “WannaCry” ransomware which affected more than 230,000 computers in 150 different countries; “Petya”, which disabled the systems of public institutions and large multinationals including A.P. Moller-Maersk, which was forced to shut down for several days at an estimated cost of $300m.

Hacking is by far the technique that is most commonly used in these attacks, far surpassing other methods and accounting for more than one-half of all data breaches.

  • Evolution of cyber-attacks: not just banking

The business sector was the hardest hit by reported attacks, with 84% of all data breaches, followed by the medical sector (8%), government (7%) and education (5%).

Until recently, the banking and financial services sector had been the target of the vast majority of cyber-attacks, but other sectors are now being targeted more often (health care, industry, transport and government), since banks have invested heavily in protecting themselves against cyber-attacks. The industrial sector, with its robots and high-tech machinery developed in recent years, all connected to the Internet, is especially vulnerable and has limited mechanisms to protect itself against cyber-attacks.

Geographically, the United States is still the country with the highest number of data breaches, accounting for 45% of the total.

  • Digitization and new markets

Because of the increasing number of devices connected to the Internet in our homes, the incursion of wearable devices and technology-heavy cars (IoT, Internet of Things), there is wider field of action available for attack due to the number and assortment of systems.

On the other hand, critical infrastructure such as electricity, water, hospitals, etc. have more connected components and mechanisms than ever before, which can represent a strategic objective for hackers.

  • Associated cost increase

It is estimated that the average cost associated with each data breach in 2017 was €3 million, an increase of 6% over the previous year.

Due to the increase in the volume of data and generalised regulation at the global level, it is expected that the costs (direct and reputational) associated with each data breach will continue to rise.

  • The human element

In the design of information systems it is commonly believed that a system is only as secure as its weakest part. In many cases, the weakest part is the user, who is untrained and facilitates attacks with his or her behaviour by installing software or falling prey to phishing attacks. It is estimated that around 70% of attacks are the result of users’ actions.

It is therefore crucial for companies to invest in the ongoing training of workers to educate them about the types of attacks that can occur and the protection systems that have been installed.

M&A activity

The M&A market in the sector is clearly on the rise, with corporate operations up by 16% in 2017 compared to 2016 and 505 M&A transactions last year (worth €19.38 billion) compared to 436 the previous year.

There continues to be significant investment appetite, which translates into high purchase and sale prices averaging 4.1 times company value/sales, something that only happens in sectors with very positive growth outlooks.

2016 was a year of several successful operations, including the acquisition of a majority stake in McAfee/Intel Security by the TPG fund in a $4.2 billion transaction and the acquisition of AVG by Avast, which valued the company at $1.3 billion.

The most important operations in 2017 included the purchase of Gemalto by Thales for $5.430 billion; a transaction carried out by the private equity fund Thoma Bravo of Barracuda Networks for $1.600 billion; and the purchase of Argus Ciber Security by Continental AG for $400 million.

Another noteworthy aspect is market share (~50%) in venture capital transactions in 2017, which indicates that these are good investment opportunities to achieve the returns that these types of entities require (~20%).

In terms of applications or sub-sectors within cybersecurity, the number of transactions is scattered, the most notable among them being identity and access management, as well as specialised threat analysis and related protections.

Although it is difficult to estimate the funds that are currently available for investment in the cybersecurity sector, it seems safe to say that, due to the positive outlook for the sector, the high valuations and amount of venture capital currently available, there are more funds seeking investment than companies with interesting expansion projects.

Global transactions by subsector in 2016 and 2017

 Examples of active buyers in Europe and transactions (2014 – 2017)

Cross-border transactions in Europe Q2 2015 – Q4 2017

Bilbao
Cl Rodriguez Arias, 15 7º Izda.
48008 Bilbao
Tlf. +34 94 400 35 00

view map

Madrid
Paseo de la Castellana, 141
Pl. 19
Cuzco IV
28046 Madrid
Tlf. +34 91 749 80 64

view map

International Network

Linkedin

Interested in receiving more information, having a meeting, clarifying certain issues or contacting our team? Send us a request and we’ll get back to you as soon as possible.




Your personal data are incorporated into files for which ALBIA CAPITAL PARTNERS, S.L., with address at Rodríguez Arias, 15 - 7º Izda. , 48008 Bilbao (Bizkaia), is responsible, and whose purpose is the management of data collected in the website forms, the management of contacts, the implementation of commercial communication actions and the response to queries and suggestions, being in any case mandatory the permission. In case permission is not provided, we will not be able to handle your request. These data will be retained indefinitely as long as you do not state your will against it.

Your data will not be transferred to any entity without your prior consent.

You can exercise the rights of access, rectification, limitation of treatment, suppression, portability, cancellation and to revoke the consent given, by sending a letter with a copy of your ID to the aforementioned address or email: lopd@albiacapital.com.

In case your rights are not being addressed, you can also submit your claim to the Agencia Española de Protección de Datos.

I agree to the terms of use