Is the Future of Cybersecurity in M&A?
Last month Symantec announced its plans to buy Blue Coat for $4.7 billion. Has the consolidation—and creation of this enterprise security giant—put immense pressure on other industry players? In an ideal world, and from the perspective of a venture investor, this would absolutely be the case.
In 2015, Cybersecurity startups saw 332 funding deals with investments hitting the highest ever at $3.8 billion (235 percent growth over 5 years). New funds have been raised dedicated to this segment. What we’ve also seen is the increase in M&A. For 2015, there were 133 information security M&A deals, according to 451 Research’s Tech M&A Outlook 2016. In general, M&A is a natural part of the IT security market. It’s why this market segment is so attractive to venture investors.
Why is this happening? The bigger public players – Cisco, Check Point, HP, IBM, Symantec, and others – need to continually add to their arsenal of security solutions as the threat landscape continues to evolve. As exploits become more sophisticated and frequent, the security products needed to better detect, defend, and remediate need to dramatically improve at an accelerated pace.
As is typically the case in any industry, but even more so in security, larger companies with established customers and products typically innovate more slowly than startups that are not encumbered by a legacy business. Thus, in the booming cybersecurity industry, valued at over $75 billion in 2015 by Gartner, these larger companies evolve their product lines via M&A. This has been evident with recent acquisitions beyond Symantec and Blue Coat – Avast and AVG, Cisco and CloudLock, IBM and Resilient Systems, and most recently Carbon Black and Confer.
Symantec Forces the Industry to Stay Competitive
Symantec adding the Blue Coat product arsenal to its legacy product line will hopefully fuel the growth engine for a company that has been somewhat stagnant. Other large industry players may see this as a threat, that one of their major competitors now offers a more complete set of solutions via a one-stop shop. But at the same time, these players may view the Blue Coat acquisition as a unique situation for Symantec, a company with a portfolio of lagging technology solutions with a need for new management talent.
No matter what the industry view on Symantec, the other larger established security vendors, to remain competitive and grow in the enterprise market, will absolutely need to acquire other startups to provide best-in-class products.
While it is not necessarily true that the other larger players will need to find their “Blue Coat,” each has its own product weaknesses that need to be addressed. Next-generation solutions in areas such as endpoint defense, analytics, or threat intelligence may be higher on the shopping list for the various acquirers. Some of these acquisitions may carry price tags into the billions of dollars, while the vast majority will be smaller deals that bring a best-of-breed point solution into the product catalog.
A Startup’s Opportunity to Thrive
Given the rapidly changing security landscape, there has never been a better time to be a security startup with a compelling solution, but like any other attractive market, there are more players than can ultimately survive. The private companies with the strongest product technology, most readily able to address the next generation of evolving threats, driven by solid sales and marketing execution, will ultimately be the winners. More than any other IT segment, compelling technology and defensible IP are a critical piece of any security solution. It is hard to provide the highest level of defensive protection without innovative technology.
Some of these companies with more complete product families will have the opportunity to go public, becoming the next Palo Alto Networks. Others with more focused solutions will be M&A targets, becoming the engine that drives the future success and growth for established players.