Locking up deals in a lockdown—will a surge in cybercrime trigger a wave of M&A?

11 May

Locking up deals in a lockdown—will a surge in cybercrime trigger a wave of M&A?

Demand for IT security expertise among corporates and consultants is only set to increase as cybercrime rises—and the simplest way to achieve this may be to buy it. Global consultants as well as mid-market companies may even find themselves competing for similar cybersecurity specialist targets in the years ahead as they both seek to ramp up their IT security expertise.

In the US, the FBI recorded nearly a doubling of cybercrime complaints in 2020, with the cost to the global economy now standing at more than US$1 trillion—up 50% from only two years ago.

The situation in Europe may be escalating even more aggressively, with the co-founder of a cybersecurity firm telling Mergermarket that the number of cybersecurity attacks trebled from 2019 to 2020.

No surprise then that the demand for cybersecurity targets has remained steady through the pandemic. Deal value has been less robust, although Q4 2020 saw a resurgent €441 million worth of activity— a 448% quarterly surge—before falling back to €96 million in Q1 of this year. But deal count is on track for another strong year.

Economies of scale

Cybersecurity deal count is likely to increase in lockstep with rising revenues in the sector and the need for vendors to expand their product and service portfolios, even as values remain muted. PE firms are taking an interest in larger assets but much of the interest is coming from large consultancy firms who are using mid-sized M&A to plug expertise gaps.

One of the most acquisitive has been Accenture, the Dublin-based global consultancy firm with US$44 billion in revenues. In March 2020, the firm paid €123 million for UK consultancy Context Information Security. In April this year, it followed up with the acquisition of Openminded, a French cybersecurity services firm that provides advisory, managed security services, and cloud and infrastructure services in Europe.

Kroll, a management consultant that has been building out its managed security offering, added UK-based Redscan to its portfolio in March of this year. The deal develops Kroll's managed detection and response arsenal.

Cybercrime M&A wave

These deals are expected to continue. In April 2021, Mergermarket reported that Formind Consulting, a French cybersecurity consultancy, hopes to complete several build-up acquisitions in the next five years, according to co-founder and partner Xavier Fauquet. Targets will include cybersecurity services and consulting companies, as well as recurring services, with values ranging from €3 million to €10 million.

Frank von Seth, CEO of German cybersecurity specialists cyan, told Mergermarket that the company is similarly exploring acquisition options to expand its international footprint. According to von Seth, targets could include anything from innovative startups to firms specialising in cybersecurity services.

And just last week, Italian-language daily Milano Finanza reported that Cy4Gate, an Italian cybersecurity company, is in talks to acquire RCS Lab, an Italian provider of communication interception software and equipment for law enforcement agencies.

Largest European disclosed cybersecurity deals by value (2020-2021)