Cybersecurity businessPace of acquisitions of cybersecurity startups quickens

Published 5 February 2014

With the number and scope of cybersecurity breaches on the rise, cybersecurity startups offering innovative security solutions have become a sought-after target in the merger and acquisition market. These innovative companies are eagerly sought not only for their technologies, but also as an investment vehicle, with the average valuation acquiring companies willing to pay approaching ten times revenue. “To pay ten times on services in the normal world is crazy, in the security world it’s normal,” says an industry insider.

Recent security breaches at retailers Target and Neiman Marcus, in which hackers stole customers’ credit card information, are but the latest in a long list of cybersecurity breaches this past year. As hackers find new ways to infiltrate network security, companies must develop new technologies to secure their systems.

IT Pro Portal reports thatsome companies, in an effort to improve network security, are buying security firms. This trend has created a growing demand for cybersecuritystartups and established security companies.

You saw IT spending dip during the recession years, but you did not see security dip,” says Jody Brazil, CTO and founder of Overland, Kansas-based FireMon. “It’s because security is seen as a must-have, and while IT is of course one too, it’s one that (is) measured by ROI while security is measured more by ‘How scared are you?’”

Cybersecurity risk is at an all-time high, forcing companies to seek out the best and most innovative security solutions. IT Pro Portal notes that startups and smaller security firms tend to be more innovative than their larger and more established counterparts, so larger firms find it more efficient to merge with or acquire smaller security firms than to develop in-house security systems.

It’s the pace of which the attackers are going after new opportunities they find,” says Brazil, “whether it’s stealing credit cards or taking down someone’s network for political reasons. The pace at which they’re moving to damage a business requires very rapid innovation and it’s very rare that you will see an established, large company who can innovate at that pace. So you see a lot of smaller companies that come up with innovative solutions bring them to market, and companies that have a lot of money just buy the innovation from these companies.”

The market for security firms is fueled not only by the need for better network security systems, but also by the increasing valuation of startups and established security firms which are considered financial assets to larger firms. Brazil says that the average multiple paid for a security company is approaching ten times revenue.

To pay ten times on services in the normal world is crazy, in the security world it’s normal,” says Brazil. “Look at what Fireye paid for Mandiant for example, and Mandiant isn’t even a software company! It’s primarily a service. There are some pretty high multiples happening in the security space.”

Recently VMware, known for its virtualization and cloud computing services, purchased Airwatch, a mobile management and security firm, for $1.54 billion. This trend is not a mere passing fad, and will likely remain in the marketplace for some time.

As long as cybersecurity remains a risk, companies will always see value in security firms whether as a way to defend network systems or as a financial asset in the value chain.