As threats grow, so does deal making

Mihir Jobalia

Mihir Jobalia

Managing Director, Technology Investment Banking, KPMG US

+1 408-367-2850

Phil Wong

Phil Wong

Principal, Advisory, Technology Industry Strategy, KPMG US

+1 617-899-8999

Prasad Jayaraman

Prasad Jayaraman

Principal, Cyber Security, KPMG US

+1 408-367-5685

Pinaki Mukherjee

Pinaki Mukherjee

Director Advisory, Strategy, KPMG LLP

+1 408 367 3865

The need for cybersecurity solutions continues to grow. With more devices connected to the internet, more employees working remotely, and a steady stream of new threats, cybersecurity is a booming business. Gartner predicts worldwide spending on information security will exceed $150 billion this year, a 12 percent gain over 2020.1

Global spending on information security could grow to $150 billion in 2021.

Not surprisingly, cybersecurity was one of the most active segments in the TMT sector in Q2’21. There were 71 deals announced for cybersecurity companies (with a total value of $22.2 billion) compared with 67 deals worth $16.2 billion in Q1’21. For the first half there were 138 transactions, 46 of them (worth $9.8 billion) were strategic, and 92 (worth $29 billion) were by PE firms.

We see a striking divergence between strategic and financial buyers in cyber. Strategics, such as Microsoft, Accenture, and MRI Software, are buying assets across the spectrum of data security to provide comprehensive services to their customers. These buyers are more likely to be purchasers of early-stage companies that specialize in a particular type of threat or service.

PE investors, by contrast, are building cybersecurity platforms, often acquiring pricier assets. Witness the recent string of acquisitions by Symphony Technology Group to put RSA Security, McAfee Enterprise and FireEye in its portfolio. Average deal prices were 28 percent higher for PE buyers than for strategics in Q2‘21 ($435.9 million vs. $339.5 million).

In addition to using M&A to keep up with new types of threats, cyber players are racing to provide solutions that fit the work-from-home and hybrid work models that customers are adopting. In these distributed environments, the traditional hub-and-spoke data-security framework is no longer fit for purpose. One emerging approach is the secure access service edge. Acquiring this capability was the rationale behind Absolute Software’s $340 million cash deal to buy privately held NetMotion in May.

Within cyber, M&A activity remains concentrated in areas of highest demand, such as fraud and transaction security, identity and access, network infrastructure, and managed security services. As the threat landscape evolves, another factor drives deal-making: skills shortages resulting in delayed response. We are seeing more deals that are premised on control plane automation of the cybersecurity supply chain (as in the area of threat intelligence).

The outlook for deal making in cybersecurity remains strong. Demand for cyber security continues to rise and end users have become less price sensitive as they focus on strengthening their security infrastructure. Cyber criminals, hackers and state-sponsored actors are devising ever-more sophisticated attacks. The rising demand and the need for an expanded set of cybersecurity capabilities will likely create further opportunities for sellers but toughen the competition for bidders. For strategics and PE looking to acquire, evolving the business due diligence approach for speed and depth while getting ahead on post-close value creation plans will be critical to winning the deal and optimizing returns given sky-high valuations. For sellers, going beyond traditional market opportunity stories with demonstrated land-expand-renew execution abilities and results backed up by data will be key to optimizing valuation.


  1. Eduard Kovacs, Gartner: Global Security Spending Will Reach $150 Billion in 2021. SecurityWeek, May 25, 2021.