Sunday, January 23, 2022

Understanding The M & A Frothiness In The Cyber Industry

 


A few weeks ago, I wrote a blog about with the huge explosion of Merger and Acquisition (M & A) activity in the Cyber industry, many Cyber attackers are now taking advantage of these vulnerable situations in which to launch various threat variants. 

After all, people’s guards are down, excited about buying and perhaps even being bought out.  There is not much attention paid to the security aspects of it, especially when it comes to the covert theft of Intellectual Property (IP) during this transition period.

But M & A activity is expected to grow further, thus fueling the Cyber industry and all of the vendors to newer heights than they have ever seen before.  It’s hard to believe but just in the first three quarters of 2021, there was a whopping 238 deals that took place and closed. 

But keep in mind that it is not just Cyber companies buying out each other, but rather, it is the Private Equity Firms and even the Venture Capital firms themselves that are engaging in most of this activity.

Just in the first of 2021, there was a huge influx of almost $12 billion going into not the mature vendors, but the startups.  For example, this trend led to the development of new Cyber based startups coming out of the woodworks, in particular what are known as the “Unicorns”. 

These are the companies that have of course just evolved, and are worth more than $1 billion at the time of their valuation.

Six of these came out in 2020, with nine more coming out in 2021.  In fact, this trend is expected to continue well into 2022.  Here are some of the key reasons why:

1)     The investments of the past:

M and An activity in the Cyber industry is really nothing new, and in fact, it has gone on in full force since the last decade.  But it is not until now that its explosive growth is coming out into the limelight.  The primary reason for this is that for most companies in Corporate America, Cyber is now the big thing.  In fact, it is probably one of the biggest things for all Americans, given how the dynamics of the threat landscape are changing all of the time.  Because of this, many entrepreneurs just want to start up a company that will eventually be bought.  They are not interested in furthering the growth of their companies into offering something that is solid, rather their goal is have something can be publicized with all of the glory and glamor, in order to further hype up their valuation amount.

2)     Cyber companies don’t want to build:

The main powerhouses of the Cyber industry simply don’t feel the urge anymore to invest any further cash into Research and Development in order to come out with something new and unique.  Rather, they want to use that money to buyout these startups who have laid the groundwork for a new product or service, and from there, all that has to be done is merely build a better mousetrap with more bells and whistles attached to it.  To a certain degree this does make some sense, because one can just buy the frame, and customize to fit the needs of the Cyber market at that point in time.  But how long can this last?  Who knows.  As long as the bigger Cyber vendors have the $$$ to do this, the trend will continue. Further, this trend is expected to continue for those startups that offer such things as the IoT, and other Cloud based security services.

3)     It is a way to show revenue growth:

This kind of M and A activity can also be used, whether it is for the good or the bad, to show another revenue source on part for the larger Cyber vendors.  For example, if some of the revenue streams ae falling short in other areas, all that needs to occur is to buy out a startup that is making money and that also has a high valuation level.  After all, once you purchase a company, you are not just buying out its IP, but its profitable balance sheets and income statements as well.  Isn’t this kind of shady?  Yes, it is, but as long as it is done legally, there is really nothing that can be done about it.

4)     Cybersecurity will always be around:

Unlike most other industries, Cyber is unique in that it touches just about every market segment, and it is something that everybody will be needing now and well into the future.  In a way, this is similar to the food industry, in that people need to eat.  Thus, this gives those entrepreneurs with a very creative mindset to start up a company to keep coming with new ideas for products and solutions – whether it is just hype or the actual, real thing.  The bottom line here is that as long as there are new threat variants coming out every day, there will be a need for more Cyber based startups.

5)     Startups will be sold again and again:

Just because a Private Equity or a Venture Capital firm has bought out a Cyber startup, it does not mean that they will keep it.  After all, their primary bread and butter is money, and they will want to sell, or “flip” the startup at a higher price to another company, which could very well be a larger and more dominant Cyber vendor.  To these money firms, holding onto startups for a long period of time is like holding onto inventory, they want to get rid of them as quickly as possible.  Or these IPOs could be positioned to become an IPO if these money firms pump enough capital into it.

My Thoughts On This

In the end, Cybersecurity is going to be around with us for quite a long time to come.  It is unlike the Internet bubble; in that we need to have some sort of security to protect both our physical and digital based assets. 

So, this M and A activity that I have just written about here will be one of those catalysts that will continue to drive the Cyber industry further.

My main concern here is that is that this simply seems to be all too frothy for me.  Meaning, nobody is building a rock-solid product or service that will truly meet the needs of the American consumer or business.

All that is being created are bells and whistles in order to capture the attention of the Private Equity and Venture Capitalist firms.

I predict that this could be the beginning yet of another bubble that will eventually burst.  But rather than that being the end of it, another one will be created and so forth, just given the sheer demand for Cybersecurity, and the needs to keep up with what is out there.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...