Thought Leadership

Cybersecurity in a post-pandemic world

29th November 2021

By Charles Martin


Since early 2020, the seismic changes in working patterns brought on by Covid-19 and an acceleration of corporate digital transformation initiatives have transformed the enterprise cybersecurity space.  

This article will explore some of the key trends in enterprise cybersecurity in a post-pandemic world, looking at how the industry is responding to the changing needs of businesses and what that means in terms of M&A and investments.  

New threats:

Cyberattacks are on the rise. In 2020, firms reported an 80% increase in cyberattacks and, as of October 2021, the FBI has reported a 300% increase in cybercrimes. 

To understand why cyber threats have increased, we must understand the new IT environments of enterprise. Two major changes have occurred, the first is the proliferation of devices; the second is the shift to the cloud and adoption of multi-cloud architectures.  

Since the start of the Covid-19 pandemic, there has been a large increase in remote workers. These workers, many of whom have been working from home, often use unmanaged devices (a device that has little to no visibility by the security service provider) or BYOD devices to access the corporate network. As endpoints have multiplied and perimeters have started to blur, threats have increased. In particular, attackers have been taking advantage of opportunities to phish credentials from employees on unmanaged devices, and using the information and passwords stolen to access the corporate network. Stolen credentials have been behind some of the largest and most costly data breaches, including the Equifax and Yahoo hacks.   

It is tricky to manage these endpoint devices. Existing solutions like EDR (Endpoint Detection and Response) are ineffective given the sheer number of alerts generated, with IT security analysts spending over 30% of their time dealing with such alerts.  There are also considerable problems around enforcement, with employees, 3rd party workers and suppliers all trying to access the corporate network, it is increasingly difficult for security teams to determine who has access to what.  

As devices have proliferated, enterprise vulnerabilities have been further exposed by the shift to the cloud, with 70% of organisations increasing cloud adoption in 2020, as part of a wider set of digital transformation initiatives pursued by enterprise in the wake of the pandemic. A recent cloud security report showed that 66% of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud. 

One of the main issues relates to the perimeter. Instead of having one perimeter (the network link connecting your company to the internet) as you would through traditional on-premises security, an organisation now has multiple perimeters. This could be a cloud computing service, or each new data storage, new employee and access role accessing a service and each different workload or application operating in the cloud. Managing all these perimeters is a highly complex task and increases the number of attack vectors a hacker can use to exploit system vulnerabilities.  

Other problems have also emerged, including misconfiguration of the cloud platform. For example Level One Robotics exposed IP belonging to more than 100 manufacturing companies thanks to a misconfigured backup server. Inadequate access management is a second issue, this is poorly done on the cloud and can result in data breaches and other issues.  

New approaches:  

These changes have caused the displacement of many traditional cyber approaches, bringing new ones to the fore.  

Firstly, the pandemic has accelerated the shift to zero-trust platforms. A zero-trust approach assumes that no user should be trusted by default since they could be compromised. As noted earlier, if the workforce shifts outside a network defined perimeter, it became hard to guarantee if end point devices are secure. Good zero-trust platforms integrate security functions into nearly invisible tooling, making it so that users have no choice but to operate in a more secure fashion. One example of this is that identity and device authentication should take place throughout the network rather than just on the perimeter.  

A second major trend is the emergence of SASE (Secure Access Service Edge). Gartner expects that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018”.  It is intended to address the security and networking needs of a hybrid work force as users, devices, application, services, and data rapidly shift outside the enterprise data centre; as such, organizations demand immediate, uninterrupted access for their users, no matter where they are located.  

Investment & M&A:

As requirements have shifted, investors and corporates have been capitalising on these new opportunities.  

Fig 1: Global Investment in Cybersecurity, Source: Pitchbook, as of 31.10.2021

VC and PE Growth funding has skyrocketed in 2021 (see fig.1), with investment already up 74% yoy from 2020 to the end of October, from both traditional VC funds but also from corporate investors.

Of the £15.3bn invested in cybersecurity over this period, 28% of this came from the top 10 deals alone (see Fig 2 for full list). Several transactions stand out in particular. Most noticeably was RSA Security, which offers SaaS products for cyber threat detection, which raised £1.5bn in development capital from Clearlake Capital Group. Other notable transactions include Snyk, developer of a security analysis tool, which raised £440m from a range of investors including Accel and Blackrock, and Orca, provider of cloud infrastructure security, which raised £400m from GGV Capital & others.

Top 10 Largest Cybersecurity Raises in 2021

Date Company Country Investor Description Deal Size (£m) Raised To Date (£m) EV / Revenue Multiple
Aug-21 RSA Security United States Clearlake Capital Group Provider of cybersecurity and risk management technology services 1,501 1,501
Sep-21 Snyk United States Accel, BlackRock & Others Developer of security analysis tools designed to identify open-source vulnerabilities 439 819
Oct-21 Orca Security United States Adams Street Partners, GGV Capital & Others Developer of a cloud-based security platform designed to deliver comprehensive full-stack visibility into cloud infrastructure. 401 578
Jan-21 Lacework United States D1 Capital Partners, Tiger Global Management & Others Operator of a unified cloud security platform designed to automate cloud security at scale 390 415
Jun-21 Transmit Security United States General Atlantic, Insight Partners & Others Developer of a mobile security system intended to offer advanced security solutions 385 418 27.43x
Jun-21 Trulioo Canada American Express Ventures, Blue Cloud Ventures & Others Developer of electronic identity verification platform 279 353 17.50x
Mar-21 Rubrik United States  Greylock Partners, Khosla Ventures & Others Developer of a data management platform designed to automate information across hybrid and multi-cloud environments 269 697
Jun-21 Ledger (Hardware wallet) France  Draper Esprit (LON: GROW), Fabric Ventures & Others Developer of cryptocurrency security products designed to facilitate authorization of digital asset transactions 269 332
Jul-21 Cybereason United States SharesPost Developer of cloud-based endpoint detection and cyber-security software 256 749
Jul-21 Fireblocks United States Coatue Management, Sequoia Capital & Others Developer of a block-chain security platform designed to protect digital assets on the network 225 358

 Fig 2: Top 10 Biggest Cybersecurity Raises in 2021, Source: Pitchbook. Data updated on 31.10.2021.

M&A activity has also been high in 2021 (see fig.3), as both trade buyers (representing 60% of deal activity) accelerate their product re-positioning and financial buyers invest to take advantage of the market disruption.

Fig 3: Total Capital Invested in M&A for Cybersecurity companies, Source: Pitchbook. Data updated on 31.10.2021.

High profile acquisitions in 2021 include Auth0’s (developer of an identity and authentication platform) acquisition by Okta (provider of identity and access management solutions) for £4.7bn in May-21. In terms of buyouts, McAfee’s (provider of a cybersecurity platform for enterprise) acquisition by STG Partners in a £2.9bn LBO was also significant. See below for the top 10 M&A transactions by size (see Fig.4).

Top 10 Largest Cybersecurity M&A Transactions in 2021

Date Company Country Investor Description EV (£m) Revenue (£m) EV / Revenue Multiple
Aug-21 Proofpoint United States Thoma Bravo Provider of cloud-based SaaS security solutions to large- and mid-sized organizations 8,277 789 10.49x
May-21 Auth0 United States Okta Developer of identity and authentication platform 4699
May-21 McAfee (Enterprise Business) United States STG Partners Developer of cybersecurity software platform to safeguard enterprise systems 2892 976 2.96x
Feb-21 Northrop Grumman (Federal IT and Mission Support Services Business) United States Peraton, Veritas Capital Provider of federal IT and mission support services 2493 1686 1.48x
Apr-21 ThycoticCentrify United States Centrify, TPG Developer of a secure privileged access management platform 1014 87 11.67x
Oct-21 FireEye (products) United States McAfee The products business of Fireye was acquired by McAfee 875
Jan-21 Forcepoint United States Francisco Partners Provider of cybersecurity software intended to prevent confidential data from leaving the corporate network 815
Feb-21 Kount United States Equifax Provider of AI-driven fraud detection and prevention platform 468
Oct-21 GuardiCore United States Akamai Provider of data center security tools 440 26 17.20x
Jul-21 Wandera United Kingdom Jamf, Vista Equity Partners Operator of a threat intelligence platform 286

Fig 4: Top 10 Biggest Cybersecurity M&A Transactions in 2021, Source: Pitchbook. Data updated on 31.10.2021.

Public Markets:

Enthusiasm around cyber has continued in the public markets with cybersecurity software companies currently trading at 11.7 x NTM EV/Revenue, a significant premium when contrasted to levels in January 2019.

Fig 5: NTM EV / Revenue Multiples. Source: Pitchbook. Companies included: Nutanix, CrowdStrike, Rapid7, CyberArk, Qualys, SailPoint Technologies. Data updated on 31.10.2021.


It has been a big year for cyber, the paradigm shift engendered by the pandemic left cybersecurity firms struggling to plug the gaps caused by digital transformation and remote work. With attacks increasing, new cybersecurity approaches emerging and investment increasing, the importance of cybersecurity has never been greater. This crisis has surfaced new players and exposed existing ones; transforming the industry from top to bottom.