Header image

Hard wired: European cybersecurity M&A breaks out

The criminals are getting the upper hand online. From the Colonial Pipeline hack to the Irish healthcare system breach, cyberattacks are proliferating worldwide and companies are spending big to make the problem go away. According to cybersecurity specialists Momentum Cyber, global information security expenditure in 2021 is expected to reach US$150 billion, up 12.4% on 2020.

Seizing on this unprecedented demand, cybersecurity firms are scaling up. Last month, NortonLifeLock minted a record-breaking €6.6 billion acquisition of Czech-based cybersecurity firm Avast, which is likely to be the first of many such deals in Europe.

Avast’s takeover is the largest European cybersecurity deal on record, according to Dealogic, ahead of the €5.4 billion acquisition of Gemalto by Thales four years ago.

By the numbers

There have been 44 European cybersecurity deals so far this year, with €7.4 billion invested. This means that, in value terms, 2021 is already in uncharted territory and will also likely top last year's notably high deal count.

Even in the first year of the pandemic, there were 57 cyber-related transactions in Europe in 2020. Small wonder: the mass exodus to homeworking and the need to keep remote computers safe and secure ensured that cyber firms were kept busy, lifting revenues and prompting tie-ups.

Private equity is paying for a piece

Naturally, financial sponsors want a piece of the action and are dumping billions into the space, on both sides of the pond—especially Thoma Bravo. Last April, the PE firm poached cybersecurity and compliance firm Proofpoint off the Nasdaq for US$11 billion. In December 2019, the firm ponied up US$3.9 billion for Sophos in the UK, a neck-bracing EV-to-unlevered-free-cash-flow multiple of 31x.

Dealogic intel shows that, last month, Thoma Bravo was one of a handful of names circling London-listed digital identity specialist GB Group. Other private equity firms interested in the business include HgCapital and Francisco Partners.

The uptake of connected devices means that companies like GB Group have an even brighter future than garden-variety ransomware and IT security firms. By one estimate, the global consumer identity and access management market will grow 18.5% this year, to US$23 billion.

Given the ample headroom for future growth, financial sponsors and corporates alike will have to dig deep for these assets. In cyberspace, multiples look likely to skyrocket.