By Charles Martin
Since early 2020, the seismic changes in working patterns brought on by Covid-19 and an acceleration of corporate digital transformation initiatives have transformed the enterprise cybersecurity space.
This article will explore some of the key trends in enterprise cybersecurity in a post-pandemic world, looking at how the industry is responding to the changing needs of businesses and what that means in terms of M&A and investments.
Cyberattacks are on the rise. In 2020, firms reported an 80% increase in cyberattacks and, as of October 2021, the FBI has reported a 300% increase in cybercrimes.
To understand why cyber threats have increased, we must understand the new IT environments of enterprise. Two major changes have occurred, the first is the proliferation of devices; the second is the shift to the cloud and adoption of multi-cloud architectures.
Since the start of the Covid-19 pandemic, there has been a large increase in remote workers. These workers, many of whom have been working from home, often use unmanaged devices (a device that has little to no visibility by the security service provider) or BYOD devices to access the corporate network. As endpoints have multiplied and perimeters have started to blur, threats have increased. In particular, attackers have been taking advantage of opportunities to phish credentials from employees on unmanaged devices, and using the information and passwords stolen to access the corporate network. Stolen credentials have been behind some of the largest and most costly data breaches, including the Equifax and Yahoo hacks.
It is tricky to manage these endpoint devices. Existing solutions like EDR (Endpoint Detection and Response) are ineffective given the sheer number of alerts generated, with IT security analysts spending over 30% of their time dealing with such alerts. There are also considerable problems around enforcement, with employees, 3rd party workers and suppliers all trying to access the corporate network, it is increasingly difficult for security teams to determine who has access to what.
As devices have proliferated, enterprise vulnerabilities have been further exposed by the shift to the cloud, with 70% of organisations increasing cloud adoption in 2020, as part of a wider set of digital transformation initiatives pursued by enterprise in the wake of the pandemic. A recent cloud security report showed that 66% of survey respondents believe that traditional security solutions either do not work or have limited functionality in the cloud.
One of the main issues relates to the perimeter. Instead of having one perimeter (the network link connecting your company to the internet) as you would through traditional on-premises security, an organisation now has multiple perimeters. This could be a cloud computing service, or each new data storage, new employee and access role accessing a service and each different workload or application operating in the cloud. Managing all these perimeters is a highly complex task and increases the number of attack vectors a hacker can use to exploit system vulnerabilities.
Other problems have also emerged, including misconfiguration of the cloud platform. For example Level One Robotics exposed IP belonging to more than 100 manufacturing companies thanks to a misconfigured backup server. Inadequate access management is a second issue, this is poorly done on the cloud and can result in data breaches and other issues.
These changes have caused the displacement of many traditional cyber approaches, bringing new ones to the fore.
Firstly, the pandemic has accelerated the shift to zero-trust platforms. A zero-trust approach assumes that no user should be trusted by default since they could be compromised. As noted earlier, if the workforce shifts outside a network defined perimeter, it became hard to guarantee if end point devices are secure. Good zero-trust platforms integrate security functions into nearly invisible tooling, making it so that users have no choice but to operate in a more secure fashion. One example of this is that identity and device authentication should take place throughout the network rather than just on the perimeter.
A second major trend is the emergence of SASE (Secure Access Service Edge). Gartner expects that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018”. It is intended to address the security and networking needs of a hybrid work force as users, devices, application, services, and data rapidly shift outside the enterprise data centre; as such, organizations demand immediate, uninterrupted access for their users, no matter where they are located.
Investment & M&A:
As requirements have shifted, investors and corporates have been capitalising on these new opportunities.
Fig 1: Global Investment in Cybersecurity, Source: Pitchbook, as of 31.10.2021
VC and PE Growth funding has skyrocketed in 2021 (see fig.1), with investment already up 74% yoy from 2020 to the end of October, from both traditional VC funds but also from corporate investors.
Of the £15.3bn invested in cybersecurity over this period, 28% of this came from the top 10 deals alone (see Fig 2 for full list). Several transactions stand out in particular. Most noticeably was RSA Security, which offers SaaS products for cyber threat detection, which raised £1.5bn in development capital from Clearlake Capital Group. Other notable transactions include Snyk, developer of a security analysis tool, which raised £440m from a range of investors including Accel and Blackrock, and Orca, provider of cloud infrastructure security, which raised £400m from GGV Capital & others.
Top 10 Largest Cybersecurity Raises in 2021
|Date||Company||Country||Investor||Description||Deal Size (£m)||Raised To Date (£m)||EV / Revenue Multiple|
|Aug-21||RSA Security||United States||Clearlake Capital Group||Provider of cybersecurity and risk management technology services||1,501||1,501||–|
|Sep-21||Snyk||United States||Accel, BlackRock & Others||Developer of security analysis tools designed to identify open-source vulnerabilities||439||819||–|
|Oct-21||Orca Security||United States||Adams Street Partners, GGV Capital & Others||Developer of a cloud-based security platform designed to deliver comprehensive full-stack visibility into cloud infrastructure.||401||578||–|
|Jan-21||Lacework||United States||D1 Capital Partners, Tiger Global Management & Others||Operator of a unified cloud security platform designed to automate cloud security at scale||390||415||–|
|Jun-21||Transmit Security||United States||General Atlantic, Insight Partners & Others||Developer of a mobile security system intended to offer advanced security solutions||385||418||27.43x|
|Jun-21||Trulioo||Canada||American Express Ventures, Blue Cloud Ventures & Others||Developer of electronic identity verification platform||279||353||17.50x|
|Mar-21||Rubrik||United States||Greylock Partners, Khosla Ventures & Others||Developer of a data management platform designed to automate information across hybrid and multi-cloud environments||269||697||–|
|Jun-21||Ledger (Hardware wallet)||France||Draper Esprit (LON: GROW), Fabric Ventures & Others||Developer of cryptocurrency security products designed to facilitate authorization of digital asset transactions||269||332||–|
|Jul-21||Cybereason||United States||SharesPost||Developer of cloud-based endpoint detection and cyber-security software||256||749||–|
|Jul-21||Fireblocks||United States||Coatue Management, Sequoia Capital & Others||Developer of a block-chain security platform designed to protect digital assets on the network||225||358||–|
Fig 2: Top 10 Biggest Cybersecurity Raises in 2021, Source: Pitchbook. Data updated on 31.10.2021.
M&A activity has also been high in 2021 (see fig.3), as both trade buyers (representing 60% of deal activity) accelerate their product re-positioning and financial buyers invest to take advantage of the market disruption.
Fig 3: Total Capital Invested in M&A for Cybersecurity companies, Source: Pitchbook. Data updated on 31.10.2021.
High profile acquisitions in 2021 include Auth0’s (developer of an identity and authentication platform) acquisition by Okta (provider of identity and access management solutions) for £4.7bn in May-21. In terms of buyouts, McAfee’s (provider of a cybersecurity platform for enterprise) acquisition by STG Partners in a £2.9bn LBO was also significant. See below for the top 10 M&A transactions by size (see Fig.4).
Top 10 Largest Cybersecurity M&A Transactions in 2021
|Date||Company||Country||Investor||Description||EV (£m)||Revenue (£m)||EV / Revenue Multiple|
|Aug-21||Proofpoint||United States||Thoma Bravo||Provider of cloud-based SaaS security solutions to large- and mid-sized organizations||8,277||789||10.49x|
|May-21||Auth0||United States||Okta||Developer of identity and authentication platform||4699||–||–|
|May-21||McAfee (Enterprise Business)||United States||STG Partners||Developer of cybersecurity software platform to safeguard enterprise systems||2892||976||2.96x|
|Feb-21||Northrop Grumman (Federal IT and Mission Support Services Business)||United States||Peraton, Veritas Capital||Provider of federal IT and mission support services||2493||1686||1.48x|
|Apr-21||ThycoticCentrify||United States||Centrify, TPG||Developer of a secure privileged access management platform||1014||87||11.67x|
|Oct-21||FireEye (products)||United States||McAfee||The products business of Fireye was acquired by McAfee||875||–||–|
|Jan-21||Forcepoint||United States||Francisco Partners||Provider of cybersecurity software intended to prevent confidential data from leaving the corporate network||815||–||–|
|Feb-21||Kount||United States||Equifax||Provider of AI-driven fraud detection and prevention platform||468||–||–|
|Oct-21||GuardiCore||United States||Akamai||Provider of data center security tools||440||26||17.20x|
|Jul-21||Wandera||United Kingdom||Jamf, Vista Equity Partners||Operator of a threat intelligence platform||286||–||–|
Fig 4: Top 10 Biggest Cybersecurity M&A Transactions in 2021, Source: Pitchbook. Data updated on 31.10.2021.
Enthusiasm around cyber has continued in the public markets with cybersecurity software companies currently trading at 11.7 x NTM EV/Revenue, a significant premium when contrasted to levels in January 2019.
Fig 5: NTM EV / Revenue Multiples. Source: Pitchbook. Companies included: Nutanix, CrowdStrike, Rapid7, CyberArk, Qualys, SailPoint Technologies. Data updated on 31.10.2021.
It has been a big year for cyber, the paradigm shift engendered by the pandemic left cybersecurity firms struggling to plug the gaps caused by digital transformation and remote work. With attacks increasing, new cybersecurity approaches emerging and investment increasing, the importance of cybersecurity has never been greater. This crisis has surfaced new players and exposed existing ones; transforming the industry from top to bottom.