2023 Update on Cybersecurity Investment Trends and Considerations for Investors

R. Muru

Summary Bullets:

• Mergers and acquisitions (M&A) in cybersecurity continues to cause uncertainty in the investment community, but latest Q4 2022 projections show investments have picked up.

• Success for investors will entail investing in the right cybersecurity technology segments and ensuring investors back companies that are visionaries and have strong customer alignment.

Cybersecurity Revenues Remain High, but Investment Reservations Exist
GlobalData’s deals database highlights that in value, cybersecurity deal activity decreased previously by 98% in Q3 2022 compared to the Q3 2021 total of $7.7 billion. Similarly, deal volume also remained flat in Q3 2022, compared to Q3 2021, and was even lower by 33% in the same quarter in 2021. These trends indicate that although revenues among cybersecurity companies remain positive, there are still investment reservations in cybersecurity due to the unsettling economic climate and a possibility that cybersecurity stocks could follow in a similar fashion to tech stocks.

Success will Entail Investing in the Right Technology Areas
Taking into consideration cybersecurity investment trends, M&A in cybersecurity has picked up again in Q4 2022 to what they were in 2020. Recent investment examples include Simeio acquiring the identity and access management (IAM) player PathMaker, reinforcing the messaging that global players are making strategic investments in key high-growth cybersecurity technology segments. Other examples include German-owned Veridos acquiring a stake in identity solutions provider NetSeT Global Solutions, and Radiant Logic (based in the US) agreeing to acquire Brainwave, an analytics and governance company. These investment deal examples are in addition to some of the larger acquisitions in 2022, which included Google’s acquisition of Mandiant for $5.4 billion, and Nitro Bidco/Norton LifeLock’s merger of Avast for $9.06 billion.

From a technology perspective, Google’s acquisition of Mandiant is interesting as there is a real focus by hyperscalers and venture capitalists in acquiring managed security service companies in areas like extended detection and response (XDR) and cloud security. In Google’s case, the acquisition advances the company’s security offerings for cloud environments through Mandiant’s Advantage SaaS platform. Other key technological cybersecurity investment areas could include targeting innovative companies bringing automation, analytics, and AI to cybersecurity, driving converged network and cloud security built on zero trust frameworks and investment in DevSecOps. Lastly, the market has seen investments in early stage cybersecurity to remain stable – examples include raising a record $8.8 billion in cybersecurity investments in 2021 in Israel. However, as the market moves forward, investors will be looking for target companies that can demonstrate sustainable growth over longer investment periods to make them interesting acquisitions. There will also be a number of established early stage startups that are unable to secure additional levels of funding required. The most interesting of these companies could potentially be targets for acquisition by some of the larger players looking to bring in capabilities in the key product areas mentioned in this report.

Sector-Specific Considerations for Investors
The key focus for investors is obviously investing in cybersecurity companies potentially with high returns. To complement this, below are some specific sector considerations that investors should take into consideration in light of future opportunities. Some of these include:

• Focusing on cybersecurity players in the right technology areas like IAM, XDR, DevSecOps, security information and event management (SIEM), and technology components supporting secure access service edge (SASE) frameworks.
• Investing in vendors that are business outcomes-focused and that address enterprise risk management in the wider context of business.
• Considering vendors embracing simplification, unification, and standardization with respect to their cybersecurity product strategies.
• Ensuring post M&A integration is not only executed timely but is successful and supports a well-thought-out brand equity strategy.