In this article, Clint Bundy, Managing Director with Bundy Group, was recently interviewed by Gary Cohen and Tyler Wall, the hosts of the Industrial Cybersecurity Pulse Podcast. The topic was to discuss the mergers and acquisitions (M&A) and capital placement activity that is occurring within the cybersecurity market. Given the tremendous amount of transaction activity for cybersecurity companies, Clint, Gary and Tyler had quite a bit to discuss. Clint also provided insights regarding what cybersecurity company owners can do to prepare for a potential sale or capital raise now and create additional value in their company.
Clint indicated that for owners it is important to know their options, including who might be potential parties on the other side of a transaction. He segregated cybersecurity buyers into the following two categories:
Clint noted how many new groups are aggressively seeking platform investments in the cybersecurity sector. With each successful financial sponsor exit from a cybersecurity investment, it signals to other sponsors the opportunity to achieve the same outcome in the industry.
The cybersecurity M&A market has been attractive and active for years, but what is the reason for this buyer attraction to the segment? Simply put, strategic buyers and financial sponsors are looking for stability, profitability, growth and scale, and the cybersecurity sector offers those fundamentals.
The cybersecurity M&A market has been active for the past 10-15 years, but 2018 is when one sees a substantial increase in activity occur. The increase is reflected in two metrics: the number of closed deals and the total cumulative transaction value of all market deals.
To be specific, in 2020 there were 471 cybersecurity transactions, which totaled $38 billion in transaction value.
In 2021, the number of cybersecurity deals increased to 480, which realized over $112 billion in total transaction value.
In 2022, the number of cybersecurity deals decreased to 410, approximately a 15% decline, and the total value of deals dropped to $48 billion, representing a 57% decline in transaction value. Simply put, the reason for the substantial decline in total transaction value was because of the pull-back in larger middle market and corporate-sized deals relative to 2020 and 2021. With hopeful stabilization in the credit markets, Clint expects the larger cybersecurity transactions to experience a resurgence.
A key means for achieving growth can be through add-on acquisitions. The strategic buyers and financial sponsors already in the cybersecurity market are actively looking to acquire such capabilities as new proprietary software/technology platforms or technology services, new clients, or added talent and management bench depth. Furthermore, it gives the firm the opportunity to increase the buyer’s financial profile at the immediate close of a transaction. Finally, an add-on acquisition tends to be a lower risk strategy relative to larger transactions, especially since the capital outlay isn’t as demanding on the buyer. In short, many seasoned buyers prefer the “buy” versus “build” approach in this market.
Cybersecurity owners and executives are often asking the question to the Bundy Group today about the state of the M&A market. At present, there are headwinds from a macroeconomic standpoint:
These headwinds can influence the cybersecurity market, and, to some extent, the valuations a company can receive in a sale.
However, the counterbalance to these headwinds, and another reason why Bundy Group remains optimistic about the industry, is the amazing growth in the cybersecurity market. Buyers are recognizing this continued cybersecurity market growth in a more challenging macro environment. From an M&A perspective, there is a supply and demand imbalance. There are more aggressive buyers and financial sponsors than cybersecurity companies to buy or invest in. This imbalance is creating a seller’s market, which plays to the advantage of owners and their respective company valuations.
Bundy Group remains bullish on the cybersecurity M&A market for 2023. A question remains if 2023 market performance can achieve the same activity levels as 2021. The cybersecurity market has strong fundamentals to drive M&A activity, and Bundy Group anticipates continued robust activity in the $10 million to $150 million transaction volume range.
From a seller’s perspective, it’s important to start as early as possible in assessing the strengths and weaknesses of the company using the stability, profitability, growth and scale metrics. That could include reviewing company financials and key performance indicators, understanding the company’s enterprise resource planning (ERP) systems and level of data offered, evaluating the nature and purchasing tendencies of the client base and assessing the strength of the executive and operational teams. Furthermore, Clint recommended an advisory team, which is there to support an owner in a sale of a company. This would help ensure that the organization is best prepared for a sale and then realizes maximum value in a competitive sale process.
For owners, whether you’re thinking of a sale now, later, or never, an owner should educate themselves and stay updated on the trends and activities within the cybersecurity market. To be specific, that includes staying current on valuation metrics, the steps for preparing a business for sale and knowing which buyers are active and a strong fit for a seller. A cybersecurity company is an owner’s asset, and it is in the owner’s best interest to cultivate it in case an owner ever decides to sell and realize a strong valuation.