2022 M&A in Cybersecurity
The following is an excerpt from Security Yearbook 2023. Each year we publish a list of all the M&A activity in the cyber security industry. It is astounding that 10% of the industry changes hands each year.
There were 332 acquisitions in 2022 as reported by AGC Partners in the accompanying table. The previous year saw 304 deals. The biggest deal by far was the announced acquisition of VMware by Broadcom for $60 billion. VMware had been acquiring cybersecurity companies including CarbonBlack. The deal encountered hurdles, especially an investigation by the UK. It has been delayed until at least May of 2023 and there is still some doubt that it will even happen.
Of the 332 acquisitions in 2022 most, 220, were strategic, meaning one vendor acquiring another. Google buying Mandiant fits that description. The balance were acquisitions by PE firms with two outliers, SPACs. When a vendor is already owned by private equity any further acquisitions by that vendor are counted as PE transactions.
Special Purpose Acquisition Corps are a vehicle created specifically to acquire a company. The SPAC is launched as a public entity and raises enough capital to make an acquisition in a reverse merger. It then changes the name of the public company to a new name, usually that of the acquired company. For instance, in 2022 Mount Rainier Acquisition Corp. was “acquired” by Israeli HUB Cyber Security.
There were several large deals taking advantage of the drop in all public cybersecurity companies’ valuations. These included Mandiant ($5.3 billion), Sailpoint ($6.9 billion), Barracuda ($3.8 billion), Ping Identity ($2.7billion), Forgerock ($2.2 billion), and KnowBe4 ($4.3 billion).
First Quarter M&A
In the first quarter 2022 HelpSystems acquired Alert Logic for $675 million and Tripwire (part of Belden) for $350 million. With the bulk of its acquisitions in security HelpSystems rebranded to Fortra in November.
On March 8 Google announced the acquisition of Mandiant for $5.326 billion. Mandiant itself had been acquired by FireEye early in 2014. Eventually Kevin Mandia became CEO, sold off most of the components of FireEye and changed the company name to Mandiant. When the Google Cloud acquisition finally closed Google said this was part of an XDR play, though Manidiant is primarily known for its leading incident response and forensics services.
The premier cybersecurity conference, RSA Conference, was acquired by a group of investors Crosspoint, Clearlake Capital, and STG on March 15. Dell had acquired RSA the Security Division of EMC, along with EMC. Look for other divisions of RSA to be sold in coming years, including Archer, and Netwitness.
Also announced on March 15 was SentinelOne’s intent to acquire Attivo Networks for $617 million. Attivo was the largest vendor in the deception space, although SentinelOne claimed the motivation was to acquire Attivo’s identity business.
Mobile security vendor Zimperium was acquired by Liberty 77 Capital for $525 million, announce March 29.
Second Quarter M&A
April was a big month for take-private deals. There were three announcements from large PE firms. First, Thoma Bravo acquiring Sailpoint for $6.9 billion, followed the next day with Barracuda for $3.8 billion. At the end of the month Francisco Partners sold Watchguard to Vector Capital.
On April 27 NTT Security AppSec, formally White Hat Security, was sold to Synopsis for $330 million.
In May CipherLock acquired SideChannel a security consulting company. It was a reverse merger with the new company assuming the SideChannel name.
Third Quarter M&A
In August, Thoma Bravo also took Ping Identity private for $2.7 billion.
In September Reposify was acquired by Crowstrike. This adds to Crowdstrike’s position as a cloud security provider with Reposify’s external attack surface management tools.
Fourth Quarter M&A
In October Thoma Bravo continued its buying spree by acquiring public ForgeRock for $2.2 billion.
KnowBe4 was also taken private by Vista Equity Partners for $4.3 billion
In December the second sale of a deception vendor took place. Illusive Networks was acquired by Proofpoint, a Thoma Bravo company, for $150 million. There were only fifteen transactions in the last month of 2022.