TrendTech giants buying tech security companies

Published 18 May 2009

Tech security appears to be recession-resistant industry; tech giants position themselves to benefit from the greater emphasis on IT security in the U.S. 2010 budget by buying smaller cybersecurity companies; the prices are attractive: VCs who, a few years ago, invested in promising security start-ups can no longer count on cashing in by going public

Yes, the financial markets are struggling, but big bets continue to be made in one seemingly recession-resistant industry: tech security. USA Today’s  Byron Acohido writes that antivirus giant McAfee on Friday said it will acquire Solidcore, maker of security systems for ATMs and cash registers, for $33 million cash — and perhaps $14 million more, if Solidcore meets performance targets. This makes for fifty-five acquisitions of security firms so far in 2009, a pace that could surpass the 120 security companies snapped up in 2008, according to America’s Growth Capital (AGC). “There is a surge of activity going on,” says Ben Howe, CEO at AGC.

Acohido notes that this is not just limited to anti-virus giants McAfee, Symantec (SYMC), Trend Micro, Sophos and CA (CA). Tech giants Cisco (CSCO), IBM (IBM), Oracle (ORCL), EMC (EMC), Hewlett-Packard (HPQ), and even Google (GOOG) have been buying up smaller security firms, too.

Prices are attractive because the VCs who, a few years ago, invested in promising security start-ups can no longer count on cashing in by going public, because the market for initial public offerings has dried up, says Jay Beaghan, managing director for security acquisitions at Imperial Capital.

IPOs or no IPOs, cybercriminals continue to infect e-mail, Web pages, and social networks with data-stealing programs and financial scams. Cyberspies are increasingly cracking into databases at companies and government agencies to swipe sensitive commercial and military data. “Hackers and bad guys continue to innovate,” says Beaghan. “This supports an ongoing level of investment activity in the sector.”

Acohido writes that, meanwhile, expectations are running high in the tech-security, military, and intelligence communities that the federal government will begin to spend more on cybersecurity. President Obama is widely expected to usher in new policies to compel the corporate sector to beef up cyberdefenses, as well (see “IT Spending to Increase on Obama’s Watch,” 15 May 2009 HS Daily Wire). “The government is starting to better protect its own systems,” says Amit Yoran, CEO of security firm NetWitness. “Ultimately, the mind-set that security matters will translate into new regulations and programs affecting private industry.”

This is the reason why the tech giants have begun strategically positioning themselves to get a larger piece of a growing security pie — by shopping for smaller security firms to round out their portfolio of services. “It certainly is a buyer’s market,” says Rocky Pimentel, CFO of McAfee, which has spent about $2 billion on 16 other acquisitions since 2002.

QinetiQ, a British company with 6,400 employees and more than $1 billion in annual revenue, recently said it will spend $40 million to acquire Cyveillance, a 75-employee firm with technology to locate malicious programs and stolen data on the Internet (see “Qinetiq to Acquire Cyveillance for $40 Million,” 8 May 2009 HS Daily Wire).

QinetiQ CEO Graham Love says Cyveillance’s technology “complements our portfolio” and will help QinetiQ, which supplies security systems to defense agencies, “benefit from the increased importance that the U.S. administration is placing on addressing cybersecurity.”