Ciberseguridad: Un sector con actividad de M&A al alza
Alejandro Vázquez, CFA
Head of Debt and Financing Advisory / M&A
“There are only two types of companies: those that have been hacked and those that will be.” Robert Mueller, former FBI director.
IMAP’s Cybersecurity Expert Team has published its report on the industry’s M&A activity in 2017 and the outlook for the future. The main finding are summarized in this article. The report can be accessed here (English).
The cybersecurity market
The global cybersecurity market continues to show strong growth, driven by the increase in the number of attacks and volume of stolen data reported in recent years. Estimated annualised growth for the 2016-2020 period is 9.5% and by 2021 the market is expected to be worth €172 billion, a figure that is particularly noteworthy given its short life.
In certain market segments, such as Security and Cloud-Based Data Protection (SaaS) and Next Generation Malware Detection, growth is expected to be significantly higher than the market average, with annual growth rates between 37%-50% (2014-2020).
There are several trends that explain the sector’s rapid growth and the highly positive outlook for the coming years.
- Increase in the number and notoriety of cyber-attacks
In 2017, there were more than 5,000 instances of data breaches, up 24% from the previous year, with almost 8 billion records accessed.
In addition, the attacks were distributed in such a way that the damage they caused was heavily concentrated, with the 5 largest data breaches (0.1% of the total) accounting for 72% of all records exposed by these types of attack.
(a) Data and logging violations and (b) Most frequent types of attacks
These large-scale attacks, in addition to the direct cost, are widely publicised in the press and can jeopardise the reputation of the companies concerned. Over the last twelve months we have seen attacks involving “WannaCry” ransomware which affected more than 230,000 computers in 150 different countries; “Petya”, which disabled the systems of public institutions and large multinationals including A.P. Moller-Maersk, which was forced to shut down for several days at an estimated cost of $300m.
Hacking is by far the technique that is most commonly used in these attacks, far surpassing other methods and accounting for more than one-half of all data breaches.
- Evolution of cyber-attacks: not just banking
The business sector was the hardest hit by reported attacks, with 84% of all data breaches, followed by the medical sector (8%), government (7%) and education (5%).
Until recently, the banking and financial services sector had been the target of the vast majority of cyber-attacks, but other sectors are now being targeted more often (health care, industry, transport and government), since banks have invested heavily in protecting themselves against cyber-attacks. The industrial sector, with its robots and high-tech machinery developed in recent years, all connected to the Internet, is especially vulnerable and has limited mechanisms to protect itself against cyber-attacks.
Geographically, the United States is still the country with the highest number of data breaches, accounting for 45% of the total.
- Digitization and new markets
Because of the increasing number of devices connected to the Internet in our homes, the incursion of wearable devices and technology-heavy cars (IoT, Internet of Things), there is wider field of action available for attack due to the number and assortment of systems.
On the other hand, critical infrastructure such as electricity, water, hospitals, etc. have more connected components and mechanisms than ever before, which can represent a strategic objective for hackers.
- Associated cost increase
It is estimated that the average cost associated with each data breach in 2017 was €3 million, an increase of 6% over the previous year.
Due to the increase in the volume of data and generalised regulation at the global level, it is expected that the costs (direct and reputational) associated with each data breach will continue to rise.
- The human element
In the design of information systems it is commonly believed that a system is only as secure as its weakest part. In many cases, the weakest part is the user, who is untrained and facilitates attacks with his or her behaviour by installing software or falling prey to phishing attacks. It is estimated that around 70% of attacks are the result of users’ actions.
It is therefore crucial for companies to invest in the ongoing training of workers to educate them about the types of attacks that can occur and the protection systems that have been installed.
The M&A market in the sector is clearly on the rise, with corporate operations up by 16% in 2017 compared to 2016 and 505 M&A transactions last year (worth €19.38 billion) compared to 436 the previous year.
There continues to be significant investment appetite, which translates into high purchase and sale prices averaging 4.1 times company value/sales, something that only happens in sectors with very positive growth outlooks.
2016 was a year of several successful operations, including the acquisition of a majority stake in McAfee/Intel Security by the TPG fund in a $4.2 billion transaction and the acquisition of AVG by Avast, which valued the company at $1.3 billion.
The most important operations in 2017 included the purchase of Gemalto by Thales for $5.430 billion; a transaction carried out by the private equity fund Thoma Bravo of Barracuda Networks for $1.600 billion; and the purchase of Argus Ciber Security by Continental AG for $400 million.
Another noteworthy aspect is market share (~50%) in venture capital transactions in 2017, which indicates that these are good investment opportunities to achieve the returns that these types of entities require (~20%).
In terms of applications or sub-sectors within cybersecurity, the number of transactions is scattered, the most notable among them being identity and access management, as well as specialised threat analysis and related protections.
Although it is difficult to estimate the funds that are currently available for investment in the cybersecurity sector, it seems safe to say that, due to the positive outlook for the sector, the high valuations and amount of venture capital currently available, there are more funds seeking investment than companies with interesting expansion projects.
Global transactions by subsector in 2016 and 2017
Examples of active buyers in Europe and transactions (2014 – 2017)
Cross-border transactions in Europe Q2 2015 – Q4 2017