Cybersecurity VC rounds and M&A in Q1 2024: Big Buys, Big Hopes, and Big Questions
Large acquisitions, many early stage funding and some ongoing adjustements on companies valuation.
Hello Cyber Builders 🖖
It’s been a while since we last examined the pulse of the cybersecurity investor market. We unpacked the latest venture capital statistics in our previous discussions and revisited the foundational metrics crucial for SaaS businesses.
Today, we're zooming in on the latest Q1 2024 news, revisiting major trends such as significant exits and offering my humble views.
The landscape of cybersecurity investment is as dynamic as it is critical, marked by rapid changes and significant opportunities. Understanding these monumental exits is essential to navigate the cybersecurity sector. Let’s have a look.
Major Acquisitions Shaped Q4 2023 and Q1 2024
In the ever-evolving realm of cybersecurity, the last two quarters have been particularly notable for significant acquisitions, as highlighted in the latest PitchBook Information Security Report.
These strategic moves mark the willingness of large “pure-players” vendors, such as Palo Alto Networks, Crowstrike, or ZScaler, to become cybersecurity platforms by incorporating more features into their products. They are shopping the market for innovation and looking for what they can add to provide a more compelling offering to their existing customers. This play is used by more established vendors such as Cisco or Microsoft for years.
For instance, Zscaler's acquisition of Avalor for $250 million exemplifies this trend. Avalor, a company that had only been in the market for a little over two years, brought to Zscaler its revolutionary "Data Fabric for Security," along with 150 integrations to enhance Zscaler's presence within customer networks. This acquisition underscores the critical importance of integration capabilities in vendor selection, a topic thoroughly analyzed in Darwin Salazar’s latest edition of CyberSecurity Pulse. I also covered it in my post from last week.
Palo Alto Networks has been particularly aggressive, completing two significant acquisitions in recent quarters. The company first acquired Dig Security for $350 million, a testament to the rising urgency surrounding data security. Soon after, Palo Alto made a more significant strategic move by purchasing Talon Cyber Security for $625 million. Talon’s innovative browser security solutions, which offer a range of security controls, including data loss prevention, SaaS app monitoring, and elements of zero-trust access control, are expected to considerably enhance Palo Alto's platform.
Meanwhile, other notable transactions included CrowdStrike's acquisition of Flow Security for about $200 million and Israeli decacorn Wiz’s purchase of Gem Security for $350 million.
Returns are still high for early-stage investors.
VC deals are complex to analyze from the outside without knowing the different conditions, such as liquidation preference, pre-money valuation, etc.
That’s why, despite Talon Cyber Security leading the quarter in exit value, it yielded a 4.4x multiple on invested capital (MOIC) after early-stage investments totaling $143.0 million.
Dig Security and Spera Security earned higher MOICs of 7.8x and 13.0x, respectively, in smaller deals.
A Mature Ecosystem and Some Questions
So, the cybersecurity ecosystem is looking at these acquisitions as a valuable pattern:
Step One - Create a valuable cybersecurity company with a top-notch team and technology.
Step Two - Raise significant capital to develop market awareness and establish yourself as a thought leader globally.
Step Three - Sold the company to platform players for 200 - 500m$
An interesting article from CTECH by Calcalist highlights those trends and dives into the various numbers: $50 million plus per founder: Cyber M&A flurry creates a new list of millionaires
I love the way they put it
In the world of basketball, there is what is known as "March Madness," the time of year when the men's and women's college basketball tournaments are held in the U.S., providing almost non-stop action for sports fans. In Israel, this term can describe what happened this month in the cybersecurity field, with three Israeli companies being sold for approximately $900 million in total.
That’s where every Cyber Builder should reflect on the market dynamics and understand what’s happening. In my personal opinion, there are two options for analyzing these deals.
The first one is to follow the money, adhere to the abovementioned pattern, and think the party should go on. To see the half-full glass, you can follow the Cyberstarts (a venture studio and fund for early stage) manager:
"Cyber is stronger than ever. Consolidation has always been part of the market and companies wanted to expand platforms and some of the purchases were of companies with significant revenues of tens of millions of dollars”
Lior Simon, General Partner at Cyberstarts,
However, it's also essential to consider the less optimistic views. As discussed in our earlier article, "A New Landscape: Venture Capital and Cybersecurity in Q3 & Q4 2023," the market has witnessed a surge in companies achieving unicorn status, with valuations exceeding $1 billion. Despite these impressive valuations, there's a noticeable trend of down rounds, indicating a mismatch between company valuations and their actual financial performance.
This situation highlights an emerging caution among investors, who increasingly scrutinize the Enterprise Value to Next Twelve Months (EV/NTM) revenue ratios, a critical metric discussed extensively in Mostly Metrics.
The median EV / NTM revenue multiple for the Security cohort we track is 9.7x. But when you dig into the actual companies, it quickly bifurcates into a lead pack, a chase pack, and a “we might get taken private or acquired if something major doesn’t change” pack.
+15x Range: Cloudflare and Crowdstrike
~10x Range: Palo Alto, Zscaler, CyberArk, and Qualys
~5x Range: SentinelOne, Tenable, Okta, and Fastly (3x!?!)
The fundamental issue is that many cybersecurity firms' Annual Recurring Revenue (ARR) is not scaling at a pace commensurate with their soaring valuations. This discrepancy raises concerns about the sustainability of their growth and the realism of investor expectations.
In such an environment, a robust “VC asset” like Avalor or Dig, which have strong technology and a world-class team, needs to be managed carefully: either you think the business will grow fast enough to align with the next round valuation… or you sell the company to a platform player who wants to extend its cybersecurity software stack.
Funding continues to be mild, but the early stages remain strong.
While the overall climate for cybersecurity funding has experienced a slight chill, the nuances of the market suggest a more complex picture. According to a recent report by Pinpoint Search Group, funding deals in the cybersecurity market saw a 20% decline year over year, totaling $2.3 billion in the first quarter of 2024. Despite this downturn in funding volume, the number of funding rounds slightly increased, with cybersecurity vendors closing 77 funding rounds during the quarter compared to 75 in the previous year.
Notably, seed rounds continue to play a significant role, accounting for two out of every five funding transactions, mirroring last year’s dynamics…. it's not all gloomy!
As cybersecurity veteran David Dewalt noted, "Funding Down, Optimism Up," particularly for early-stage investments. This sentiment is echoed across the industry, suggesting that while the purse strings may be tightening, the belief in cybersecurity innovations' long-term value and impact remains strong. This optimism is particularly pronounced in areas blending AI with cybersecurity, which are hot topics for investors.
Bonus - More on Enterprise Value and
If you would like more data on entre, I highly encourage you to have a look to
Conclusion
As we wrap up this detailed exploration of the cybersecurity investment landscape, it's clear that the market continues to evolve with significant strategic movements. From the flurry of acquisitions by big players aiming to enhance their platforms to the sobering recalibrations of valuations and investor caution, cybersecurity remains as vibrant and dynamic as ever.
Early-stage seed rounds remain strong, and our community is still optimistic. As Cyber Builders, staying informed and reflective on these trends is crucial. Remember, while the market may present challenges, its opportunities are numerous and potentially transformative.
See you next week; in the meantime, please share this piece!
Laurent 💚