Cybersecurity is a critical part of merger and acquisition strategies — 73% of respondents to a Gartner survey say an undisclosed data breach or serious cybersecurity issues are an immediate deal breaker in their firm’s M&A plans.
This article provides insights into cybersecurity mergers and acquisitions by analyzing key trends in the M&A cybersecurity sector and describing the top 15 cybersecurity acquisitions in 2023-2024.
Overview of 2023 cybersecurity M&A trends
Let’s explore the key M&A cybersecurity trends in 2023 based on the analysis conducted by SecurityWeek.
There was a decline in the total number of cybersecurity M&A deals announced in 2023 compared to the previous year.
While North American companies continue to dominate the cybersecurity M&A landscape, there has been a decrease in the number of deals involving North American companies. Conversely, there has been an increase in deals involving companies located in Asia and Oceania, particularly in Israel and Australia.
There has been a significant number of deals involving managed security solutions providers (MSSPs), including both pure cybersecurity providers and companies offering additional products and services.
There has been an increase in deals involving companies that offer GRC solutions and services, including audit, assessment, vulnerability management, penetration testing, attack surface management, and cyber insurance.
Private equity companies have announced a notable number of cybersecurity acquisitions in 2023, with the number of deals doubling compared to the previous year.
Government contractors have been actively participating in cybersecurity-related M&A deals, targeting both pure-play cybersecurity firms and companies offering other products and services in addition to cybersecurity.
While identity and network security remain prominent areas of focus in cybersecurity M&A, there has been a decrease in deals involving data protection, cloud and container firms, and application security. Incident response, however, has seen an increase, driven by companies expanding their capabilities and private equity firms seeing opportunities in this segment.
Companies offering highly focused cybersecurity services, including those related to blockchain, quantum, payment, PR, healthcare, hardware, certification, and automotive solutions, have also experienced a significant increase in M&A activity.
Despite certain challenges, cybersecurity M&A deals are expected to grow in 2024. The need to buy other firms can be explained by the numerous benefits of mergers and acquisitions, but organizations acquire cybersecurity companies mainly for two reasons:
- Advanced capabilities
This includes cutting-edge technologies and expertise, which are essential for organizations to enhance their defenses against evolving cyber attacks, such as phishing or ransomware. By acquiring firms with innovative solutions and specialized skills, companies can strengthen their security posture and stay ahead of emerging risks.
- Market consolidation
As the cybersecurity sector continues to evolve rapidly, companies seek to consolidate their market position by acquiring competitors or complementary firms. This consolidation allows organizations to expand their product offerings, penetrate new markets, and achieve economies of scale.
Top 5 cybersecurity mergers in 2023
First, let’s review the most successful mergers and acquisitions examples that took place in 2023.
1. Cisco and Splunk
Deal size: $28 billion
Cisco, a digital communications conglomerate, announced its acquisition of Splunk, an observability and cybersecurity company, in September 2023. This is an all-cash deal valued at $157 per share.
This acquisition aims to enhance Cisco’s cybersecurity capabilities by integrating Splunk’s data analysis and security software. Together, companies plan to use generative AI to simplify complex tools for non-technical users. The transaction was completed in March 2024.
With the close, Cisco has created a unique set of solutions for networking, security, and operations executives in the market. When you add that to their channel and AI investments, customers should be considering the higher levels of business value that can now be unlocked.
Stephen Elliot
Group Vice President at IDC
2. Thales and Imperva
Deal size: $3.6 billion
French aerospace and defense company Thales announced its acquisition of Imperva, a software and services provider specializing in addressing cyber threats, in July 2023. It was finalized in December of the same year, even earlier than first expected.
This acquisition aims to bolster Thales’ cybersecurity portfolio by integrating Imperva’s expertise in data and application security. The deal underscores Thales’ commitment to enhancing its digital security offerings.
3. Thoma Bravo and ForgeRock
Deal size: $2.3 billion
Thoma Bravo, a private equity firm, acquired ForgeRock, a digital identity management company, in August 2023. This was an all-cash deal valued at $23.25 per share.
The acquisition is a part of Thoma Bravo’s strategy to expand its portfolio in the cybersecurity and digital identity sectors. ForgeRock’s solutions will complement Thoma Bravo’s existing investments in the cybersecurity space. The deal also emphasizes the growing importance of identity management in comprehensive cybersecurity strategies and a general need for new approaches in identifying and addressing cyber vulnerabilities in cloud security.
4. ProofPoint and Tessian
Deal size: N/A
ProofPoint, a subsidiary of Thoma Bravo and an enterprise security provider, closed an acquisition of Tessian, a cybersecurity company specializing in email security, in December 2023.
This acquisition aims to enhance Proofpoint’s capabilities in preventing human error-related security breaches through Tessian’s advanced machine-learning technology. The deal reflects Proofpoint’s strategy to strengthen its portfolio in people-centric security solutions.
Tessian’s innovative technology will further enhance Proofpoint’s threat and information protection platforms by adding powerful layers of AI-powered defense that address risky user behaviors, including misdirected email and data exfiltration.
Darren Lee
EVP and GM of Proofpoint’s Security Products and Services
5. CrowdStrike and Bionic
Deal size: $350 million
CrowdStrike, a cybersecurity technology company, announced its acquisition of Bionic, a leader in Application Security Posture Management (ASPM), in September 2023.
Through this acquisition, CrowdStrike aims to extend its Cloud Native Application Protection Platform (CNAPP) with ASPM. It’ll help to bolster CrowdStrike’s platform by integrating Bionic’s advanced application security and visibility solutions.
Additional read: If you want to learn more about typical mistakes made in the M&A process, learn from the biggest failed mergers in our dedicated article.
Top 10 cybersecurity M&A deals in 2024
Now, let’s focus more on what’s currently happening in the cybersecurity M&A market by exploring the 10 most interesting cyber security sector deals in 2024 so far.
1. Delinea and Authomize
Deal size: TBA
Delinea, a leading provider of solutions that extend Privileged Access Management (PAM), announced its acquisition of Authomize, a pioneer in the identification and reduction of identity-based cybersecurity threats in the cloud environment, in January 2024.
The deal highlights Delinea’s commitment to enhancing its cybersecurity offerings, particularly in the realm of identity security.
Together, we will greatly expand and enhance privilege security across the enterprise, addressing the rising identity threats across the industry.
Gal Diskin
Authomize CTO
2. Snyk and Helios
Deal size: TBA
The deal between two Israel-based companies was announced in January 2024.
Snyk, a developer-focused security company, acquired Helios, a startup that helps to address developers’ microservices in production, to enhance its cloud-to-code risk visibility capabilities.
Snyk will integrate Helios’ comprehensive runtime data collection and analysis capabilities into the Snyk Developer Security Platform. This integration aims to offer customers a complete overview of all applications throughout the entire software development lifecycle, ensuring enhanced security from development to deployment.
3. Trustwave and Chertoff
Deal size: $205 million
Chertoff’s affiliate, MC² Security Fund, announced the completion of the acquisition of Trustwave, a global managed security services provider, in January 2024.
This strategic move aims to leverage Chertoff’s extensive experience in cybersecurity and national security to enhance Trustwave’s market position and growth trajectory. The acquisition allows Trustwave to focus more on its core services, including managed detection and response (MDR) and managed security services (MSS), while benefiting from Chertoff’s industry insights and connections.
4. Haveli and ZeroFox
Deal size: $350 million
ZeroFox, a cybersecurity firm specializing in external cybersecurity solutions, announced it would be acquired by Haveli Investments, a tech-focused private equity firm, in February 2024. The deal is set to be all-cash, valued at $1.14 per share.
As a result of the acquisition, ZeroFox was expected to become a privately held company, with its stock being delisted from the Nasdaq Global Market. Together, companies expect to bring new improved experiences and cybersecurity solutions for their customers.
The deal was completed in May 2024.
5. Resilience and BreachQuest
Deal size: TBA
A cyber risks management firm, Resilience, announced its acquisition of BreachQuest, a company specializing in incident response technology, in February 2024.
The Resilience’s reason for the transaction is to bolster incident response mechanisms against business email compromise attacks. The deal is conducted in the time of an evolving digital workspace and cloud-based productivity apps, which only highlights the need to secure these environments amidst escalating risks.
6. Flare and Foretrace
Deal size: TBA
Flare, a Canadian cybersecurity startup, announced its acquisition of Foretrace, an American data exposure company, in March 2024.
Together, the firms hope to enhance Flare’s capabilities in identifying and mitigating external cyber security risks by integrating Foretrace’s advanced attack surface management technology. The deal underscores Flare’s commitment to providing comprehensive digital risk protection solutions.
Bringing Foretrace into the Flare family further broadens our capabilities for collecting emergent threat data while also deepening our expertise, ensuring that we can be in a great position to lead the way in TEM.
Norman Menz
CEO of Flare
7. Zscaler and Avalor
Deal size: $310 million
A giant in the cybersecurity industry, Zscaler announced its acquisition of Avalor, a startup from Israel with a focus on AI-driven security, in March 2024. The financial terms of the acquisition were not disclosed yet, however, the deal is reportedly estimated to reach about $310 million.
With this acquisition, Zscaler hopes to benefit from Avalor’s AI capabilities in the cybersecurity sector.
Zscaler operates the world’s largest security cloud with the most relevant data to train security-specific large language models (LLMs) and with the Avalor acquisition, we can more effectively identify vulnerabilities, while predicting and preventing breaches.
Jay Chaudhry
CEO and founder of Zscaler
8. BeyondTrust and Entitle
Deal size: $100-150 million
In April 2024, BeyondTrust, a company specializing in intelligent identity and access security, announced its acquisition of Entitle, a provider of privilege management solutions that focuses on just-in-time (JIT) access and identity governance across cloud environments.
The financial terms of the deal have not yet been disclosed, but it is reportedly valued at around $100-$150 million.
This acquisition is part of BeyondTrust’s strategy to enhance its capabilities in privileged access management (PAM) and expand its offerings in identity governance and administration (IGA) across the entire cloud estate.
9. KnowBe4 and Egrees
Deal size: TBA
KnowBe4, a world security awareness training and simulated phishing platform, announced its acquisition of Egrees, an AI-driven email security company, in April 2024. Specific terms of the acquisition have not yet been disclosed.
The reason behind the deal is to bring together the email security technologies of Egrees and the security training platform of KnowBe4, which expectedly will help a combined company to expand and enter new markets.
By acquiring Egrees, KnowBe4 expects to offer a single platform that “aggregates threat intelligence dynamically by offering AI-based email security and training that’s automatically tailored relative to risk”.
10. LogRhythm and Exabeam
Deal size: TBA
LogRhythm and Exabeam, both leaders in cybersecurity, announced their intention to merge in May 2024.
LogRhythm focuses on helping security teams convert scattered data into reliable insights, while Exabeam specializes in AI-driven security operations. By joining forces, they want to enhance their AI-based security capabilities.
The merger is expected to be finalized by the third quarter of 2024, pending regulatory approval and standard closing conditions.
Why cybersecurity is attractive to investors in 2024
Despite the relative decrease in the number of mergers and acquisitions in the cybersecurity industry in 2023, this sector is now one of the most attractive to investors, and here’s why:
- Growing digital transformation
Modern businesses are increasingly adopting digital technologies to improve efficiency, productivity, and customer engagement. Digitalization of most M&A steps is a common thing now, which, at the same time, requires searching for new solutions to address possible cybersecurity vulnerabilities that could affect a business’s critical infrastructure.
- Increasing frequency and sophistication of cyberattacks
Investment in cybersecurity is becoming a trend amidst the rising number of cyberattacks in the world. Apple states that in 2023 there were 70% more cyberattacks compared to 2022. This is especially disturbing considering the skyrocketing annual cost of cybercrime worldwide, which is expected to hit $13.82 trillion by 2028.
- Regulatory compliance and legal requirements
Governments worldwide are enacting stringent data protection regulations, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the U.S. Companies must invest in cybersecurity to comply with these laws and avoid fines.
- Market growth and financial opportunities
Cybersecurity-related deals stood for a great part of deal-making in tech in the Q1 of 2024. This demonstrates a rising interest (and demand) in cybersecurity solutions among business owners and gives hope for attractive financial accomplishments and a bright future for cybersecurity M&A in general.
Key takeaways
- Cybersecurity mergers and acquisitions experienced a decline in 2023 but are gaining momentum in 2024 so far.
- The largest cybersecurity acquisitions in 2023 included deals between Cisco and Splunk, Thales and Imperva, and Thoma Bravo and ForgeRock.
- In 2024, some of the most interesting cybersecurity deals included Delinea and Authomize, Haveli and ZeroFox, Zscaler and Avalor, and more.
