The hammer blow that COVID-19 has dealt to global M&A activity is no secret, with deal-making all but grinding to a halt during the spring of 2020. However, while some aspects of society and the economy have been put on pause by the pandemic, others have seen their stock increase.
According to a recent report by ICON Corporate Finance, the tech sector in particular has seen a substantial interest in deal-making. ICON identified fintech, cloud technology, healthtech, AI, enterprise software, managed services and cybersecurity as the areas driving this.
Cybersecurity has been a major trend in M&A for years now, with the increased use of cloud-computing, more stringent data protection laws and regulations and the emergence of more sophisticated cyber-threats driving huge growth in the sector.
During COVID-19, cybersecurity has taken on a huge degree of importance for companies. Businesses have scrambled to avoid disruption and cyber-attacks as workforces shifted from the safe-haven of the office computer system, to working remotely on home broadband, often on personal devices.
Seemingly, COVID-19 has illustrated even to the most stubborn of companies, that a strong cybersecurity infrastructure is a necessary investment, not an optional extra.
This has seen sales at cybersecurity firms skyrocket over recent months. According to a recent report from global recruitment firm Robert Walters and data provider VacancySoft, UK business spending on cybersecurity is set to double to £136 billion this year. This has prompted investors to flock to the sector, as well as dealmaking as firms seek to use their increased income to fuel acquisitions and further growth.
So, what is the importance of cybersecurity to the new world that COVID-19 has created? What has the impact been on cybersecurity M&A? And, is this “new normal” here to stay?
Why has cybersecurity become so important?
Cybersecurity has long been a vital expenditure for businesses and this importance has only intensified during the COVID-19 crisis. As ICON Corporate Finance wrote in its April 2020 Cybersecurity Sector Update: “The widely adapted working-from-home policy has vastly enlarged the attack surface and placed major strain on enterprise IT to protect against an increased level of malicious activity”.
As millions of workers worldwide quickly went from working on secure, office-based networks to working remotely, using personal devices and home wi-fi networks to access company systems, the potential for cyberattacks against businesses increased massively. New vulnerabilities and new potential angles of attack for cybercriminals to exploit were created.
This increased risk was accompanied by rising fear and uncertainty as the pandemic worsened and hackers have capitalised on this as well. According to one estimate, between the end of February and April, phishing email scams increased by over 667 per cent as cybercriminals, posing as legitimate organisations, circulated emails which claimed to offer information on COVID-19, but instead contained malware.
These vastly increased risks that have arisen from workforces moving to the “external environment” have caused firms to invest in cybersecurity more than ever before. Companies have had to build on, or altogether replace, legacy systems that weren’t up to the task of guarding against new threats, investing in features such as multi-factor authentication, end-point protection, anti-phishing, MDR and more.
As per the aforementioned Robert Walters/VacancySoft report, 48 per cent of companies in the UK say they don’t have adequate cybersecurity systems to ensure safe long-term remote working, while 70 per cent of European companies say they do not have a sufficient cybersecurity team in general.
All of this means one thing, a massive amount of spending worldwide on cybersecurity.
The impact on M&A
2019 was a huge year for cybersecurity dealmaking, with 209 deals and a total value of $43.75 billion. As COVID-19 derailed M&A activity worldwide in early 2020, cybersecurity M&A remained strong.
Q1 reportedly saw 32 deals in the sector with a total value of $13.78 billion, while recent reports indicate an even stronger second quarter, with 108 deals announced and announced transaction value of around $14 billion.
Cybersecurity is seemingly on course to better its 2019 M&A performance, with the likelihood being that dealmaking will increase further. The impact of COVID-19 cannot be underestimated in this regard.
As mentioned earlier, the pandemic is prompting a new cycle of investment in cybersecurity, meaning strong sales figures and profits. This market demand will also drive investment capital into the cybersecurity sector. ICON expects capital fundraising to continue strongly for cybersecurity firms, leading to companies being well-capitalised.
ICON adds that the dislocation of value resulting from the economic impact of COVID-19 will create new investment and acquisition opportunities that may previously have been out of the reach of companies.
Aside from having more capital to complete acquisitions, COVID-19 has also prompted other factors that could encourage dealmaking. Primarily, companies may look to combine their technologies in order to improve their threat response. Some will look to incorporate features such as cloud workload security capabilities, increased fraud protection and next-gen firewalls into their offerings, all feeding into an appetite for consolidation.
Acquisitions could further be driven by the growth of the cybersecurity startup sector. According to the UK government’s Cyber Security Sectoral Analysis 2020, there are 1,221 active cybersecurity-related firms in the UK (representing a 44 per cent increase over the last two years), with 90 per cent of this sector comprising SMEs.
These small, innovative companies will quickly find themselves acquisition targets for bigger industry players as the demand for cutting-edge cybersecurity packages grows.
In late March, as businesses went into lockdown across the UK and huge swathes of the country’s workforce went remote, London-based cybersecurity firm Shearwater (which produces a multi-factor authentication security system, or MFA) reported that it had seen an increase in demand and won several new contracts.
The company’s most recent accounts, to the year ended March 31 2020, show that its revenue climbed 40 per cent year-on-year to £33 million, while underlying EBITDA rose from a £1.4 million loss to a £3.4 million profit.
As most other sectors of the economy suffered massively from COVID-19 and lockdown, the good news kept coming for Shearwater, with the company raising £3.75 million in April 2020. This has prompted the company to plan an acquisition spree, with Chairman David Williams saying Shearwater would look at acquisitions on “the larger scale”.
Shearwater CEO Phil Higgins discussed how the firm had made a success of the pandemic: "We have signed a number of significant contract wins, with our ability to grow organically through the cross-selling of services and solutions clearly coming to fruition. As a Group we have moved quickly to adjust both operationally and financially to the new external environment driven by COVID-19.”
"Whilst its impact on our clients varies markedly by industry, we remain focused in delivering our high levels of service and expertise catering to all sectors by helping to provide resilience and ultimately, over the longer term, we expect the pandemic will drive demand for organisational resilience as part of an enhanced focus on digital transformation."
Where are the acquisition opportunities?
Cybersecurity looks poised to see a wide variety of deals. As we mentioned earlier, a desire to improve their offerings by incorporating other technologies could lead to bigger companies merging, or acquiring medium-sized companies.
However, it seems likely that the bulk of acquisition opportunities will be found in the industry’s booming startup sector. Like other tech sectors, cybersecurity is one that thrives on disruption and innovation, making it the perfect environment for startups. Furthermore, the role of small firms offering new cybersecurity tools has only gained more importance in the COVID-19 world.
Darius Goodarzi, of Robert Walters, says that this year “cybersecurity start-ups have risen to become business heroes - from tools that alert users to security vulnerabilities, to those that spot fraudulent activity — these news firms and tools have taken an important role in protecting our ‘new world.”
As demand for their services increases, many small companies will be open to an acquisition as they look to maximise their growth and meet this demand.
Is this “new normal” here to stay?
The biggest indicator that cybersecurity dealmaking isn’t just a fad is the fact that, even prior to COVID-19, the sector was posting massive numbers in terms of deal value. It was also generating huge amounts in terms of capital raising, while new cybersecurity startups were emerging all the time.
Cybersecurity is poised to consistently benefit from the refreshing influence of such startups. Firstly, the innovative products they develop have a disruptive impact on how cybersecurity operates, helping to ensure that new threats are met or pre-empted and that the sector remains responsive and relevant to the needs of customers.
Secondly, startups help to keep dealmaking strong in the sector, as they merge with others or are acquired by bigger firms.
Furthermore, it seems unlikely that firms will scale back their cybersecurity spending, even when COVID-19 is finally over. If anything, the spurt in cybersecurity investment that COVID-19 prompted feels less like a flash-in-the-pan moment and more like the ultimate realisation of the vital importance of cybersecurity in the modern world.
Even before the pandemic, cybersecurity spending had been increasing for years and, even if spending slows a little post-pandemic, it almost certainly won’t reverse.
Then, there are the cultural factors that point to the sustained importance of cybersecurity. For one, many are forecasting that COVID-19 will spell the end of “presenteeism” and that there will be a lasting shift towards remote working. This has already been illustrated by several big companies saying that workers will not be required to return to the office and can permanently switch to remote working should they wish.
As discussed earlier, more remote workers means a larger attack surface for cybercriminals to target. If a large portion of the workforce remains remote post-pandemic, this will require continued investment in, and updating of, cybersecurity systems for the companies concerned.
Finally, the other cultural element and the primary factor behind cybersecurity, cyberattacks will continue to become more sophisticated. Cybercriminals won’t just go away as cybersecurity systems improve, they will find new ways to target any weaknesses they can find.
The success of the cybersecurity industry is, of course, inextricably reliant on this. So, as cybercriminals continue to find new ways to target the new vulnerabilities that COVID-19 has created, the role of cybersecurity firms in stopping them will only become more vital.
As the COVID-19 pandemic and its effects continue to develop, there are few certainties in the global M&A market. However, perhaps more than any other sector, cybersecurity looks set to prove an anomaly to this uncertainty.
With its growing importance in the world taken to new levels by the pandemic, innovative new companies emerging all the time and constant competition within the sector to provide the most comprehensive service, cybersecurity is poised to be an industry that defines the “new normal” and one that could be among the most active in dealmaking for the foreseeable future.
Works in partnership with a trusted network of national partners to provide rapid, reliable delivery solutions, specialising in same day and next-day deliveries.
Highly regarded business operating over a span of nine years. Assists blue-chip organisations enhance their operational efficiencies and secure a pipeline of future work through data-centric lead generation and telephony services.
Established for over 10 years. Energy management systems agency, specialising in providing business energy consumption reports. Offers a range of services including installation and maintenance of business management systems and legal certification.
Sign up to receive our acquisition alert emails to get your FREE guide
Business Sale Report is your complete solution to finding great acquisition opportunities.
Join today to receive:
All this and much more, including the latest M&A news and exclusive resources