Cybersecurity is a highly competitive industry, with an imperative to innovate beyond other sectors of IT. To keep up with this “Need for the New and Different,” established cyber vendors outsource innovation and its accompanying development work to a hyperactive startup community, offering a horticultural approach to fostering change. However, this practice frequently leads to what tech analysts and journalists refer to as a land grab, in which half a dozen or more startups disappear in quick succession into the belly of larger vendors.
The IPO route is a harder road, in that it depends directly on the market and broader economic conditions. If investors are bearish, as when the short-to-midterm prospects for the economy are gloomy, the IPO market tends to shrink, if not dry up for a while. With ongoing war, a trade war brewing, and inflationary pressure coming out of the pandemic, the immediate future is decidedly uncertain. As such, it is a buyers’ market for cyber startups, and today’s macroeconomic conditions are showing an impact on investments in the cybersecurity industry, leading to layoffs and affecting the amount of investment in mergers and acquisitions.
However, a buyers’ market creates natural acquisition targets for Big Beasts with a checkbook. The Cybersecurity Mergers and Acquisitions Tracker (subscription required) showed 141, 187, and 249 M&A deals in 2020, 2021, and 2022, respectively, and will be interesting to see how 2023 plays out. In other replaces, if prospective buyers were being more cautious with their money in the early part of this year, will that caution continue, or were they just holding back until later in the year when deals may be cheaper?
Nevertheless, while mergers and acquisitions provide an alternative to an initial public offering (IPO), acquiring startups does not always guarantee future success; instead, startup founders should be careful to weigh the risks and benefits of an acquisition. The benefits for established companies include acquiring innovative technology and talent, increasing market share and revenue, and reducing competition, while for startups, the benefits include access to a larger customer base, financial backing, and faster growth potential. At the same time, mergers and acquisitions pose risks to startups, including loss of control and identity, corporate culture clash, and poor integration.
In sum, mergers and acquisitions provide a way to augment existing cybersecurity businesses while offering startups an opportunity to grow beyond the constraints of IPOs. However, as with any business strategy, acquiring or being acquired entails significant risks that require careful consideration and analysis. Ultimately, successful mergers and acquisitions must be based on a sound business strategy and thorough due diligence.
<< photo by Prateek Katyal >>
