Report: COVID-19 Increased Acquisition Activity in Cyber Industry

Just_Super/iStock.com

The pandemic contributed to more than 120 publicly announced cybersecurity acquisitions in 2020 as the need for cybersecurity tools grew.

The COVID-19 pandemic slowed the worldwide economy, cost at least 10 million Americans their jobs and forced millions more people to work remotely from their homes.

But that influx of remote work—and increased need for organizations and federal agencies to shore up an expanded array of endpoints for their networks—led to an “acquisition spree” among cybersecurity firms in 2020, according to Forrester report released June 29.

The report found 90% of the 120 publicly announced cyber deals were strategic mergers and acquisitions, while only 10% were private equity buyouts. The buyouts tended to be large transactions—$1 billion or more—with approximately $15 billion injected in the cyber industry by private equity firms. But the vast majority of M&A activity in the cyber industry were firms looking to augment existing product offerings to handle market demand for cyber services.

“The larger number of strategic acquisitions reflects that, in 2020, firms made conscious efforts to use acquisitions to quickly supplement existing product solutions,” the report states. “While [private equity] will remain an important force in cybersecurity, we expect this continued push of strategic investments to continue in 2021 due to continued strong enterprise demand and the large and expanding universe of cybersecurity startups available to buy; globally, this is more than 1,500 (cybersecurity firms that have received venture funding since 2017).”

Larger tech firms were “serial acquirers,” according to the report, with VMware (four), Palo Alto Networks (three), Ivanti (two), FireEye (two) and Arista networks (two) each acquiring multiple companies in 2020. More than one-quarter of cyber acquisitions were related security services, in part because “buying services may be more budget-friendly than hiring full-time employees.”

Initially driven by the pandemic, the report indicates high-profile cyberattacks—including the SolarWinds intrusion that breached several federal agencies and the Colonial Pipeline ransomware attack that caused a brief surge in nationwide gas prices—“continue to fuel investment.”

 “As long as stock market valuations remain high, we can expect companies that have had large increases in their equity valuation to continue to pursue multiple acquisitions,” the report states.