The Future of Cybersecurity M&A: A Deep Dive into the 42 Deals of July 2023

Cybersecurity M&A Roundup: 42 Deals Announced in July 2023

In July 2023, the cybersecurity industry saw a surge in merger and acquisition (M&A) activity, with 42 deals being announced. This marked a significant rebound from the previous month, which had experienced a notable drop in transactions. Overall, the first half of 2023 saw more than 210 cybersecurity-related M&A deals, indicating a thriving market.

Anatomy IT acquires MIPS business unit from MarsdenAdvisors

Healthcare IT and cybersecurity solutions provider Anatomy IT made a strategic move by acquiring the Merit-Based Incentive Payment System (MIPS) business unit from healthcare solutions and consulting firm MarsdenAdvisors. This acquisition will strengthen Anatomy IT’s capabilities in the healthcare sector, where cybersecurity is of paramount importance.

Board of Cyber acquires TrustHQ

French companies Board of Cyber and TrustHQ joined forces through an acquisition deal. Board of Cyber, which specializes in assessing organizations’ exposure to cyber risks, sought to enhance its capabilities by acquiring risk mitigation and compliance firm TrustHQ. This move will bolster Board of Cyber’s ability to offer comprehensive cybersecurity solutions.

Cinven acquires Archer Technologies

Private equity company Cinven purchased integrated risk management firm Archer Technologies from Clearlake Capital Group and Symphony Technology Group (STG). This acquisition will enable Cinven to expand its portfolio and enhance its offering in the fast-growing field of risk management.

Cisco acquires Oort and Code BGP

Cisco, a major player in the technology industry, announced the planned acquisition of two companies: Oort, a startup specializing in Identity Threat Detection and Response (ITDR) software, and Code BGP, a Greek company focused on BGP monitoring and security. By integrating these acquisitions, Cisco aims to strengthen its cybersecurity capabilities and offer more comprehensive solutions.

CISO Global acquires SB Cyber Technologies

Managed cybersecurity and compliance solutions provider CISO Global acquired SB Cyber Technologies, a company that has developed an endpoint detection and response (EDR) technology. This acquisition will allow CISO Global to expand its capabilities and further enhance its ability to protect organizations against cyber threats.

Coalition acquires Jumbo

Cyberinsurance firm Coalition made a strategic move by acquiring Jumbo, a consumer-focused web privacy app. While the Jumbo app will no longer be maintained, Coalition acquired it for its security and privacy expertise. This acquisition will enable Coalition to enhance its cybersecurity offerings and better serve its customers in an evolving threat landscape.

Coro acquires Privatise

Coro, a company that provides an all-in-one cybersecurity platform for mid-market organizations, acquired network security firm Privatise. By adding Privatise’s capabilities in Secure Access Service Edge (SASE) to its platform, Coro aims to offer a comprehensive solution for organizations looking to protect their networks and data.

CyberGRX merges with ProcessUnity

ProcessUnity, a provider of third-party risk management solutions, merged with CyberGRX to create a combined offering that they describe as the most complete in the market. This merger allows both companies to leverage their respective strengths and provide customers with a comprehensive solution for managing third-party risk.

DC Two acquires Thomas Cyber

DC Two, a cloud company, acquired cybersecurity consulting and advisory firm Thomas Cyber in a performance-based deal. This acquisition will enable DC Two to expand its capabilities and expertise in cybersecurity, enhancing its position as a trusted provider of secure cloud services.

Digital Value acquires A-76

Italian ICT solutions provider Digital Value acquired cybersecurity firm A-76, with a focus on expanding its portfolio to include penetration testing, threat intelligence, and Security Operations Center (SOC) services. The acquisition will strengthen Digital Value’s cybersecurity offerings and allow it to better serve its customers’ needs.

Dynatrace acquires Rookout

US-based observability and security firm Dynatrace acquired Israeli cloud-native debugging tools provider Rookout, adding Rookout’s technology to its platform. This acquisition will empower developers to deliver better and more secure applications, as Rookout’s debugging tools enhance observability and security in the development process.

EDGE Group acquires Etimad and OryxLabs

The EDGE Group, a technology and defense company based in the United Arab Emirates, acquired Etimad and OryxLabs. Etimad provides physical and cybersecurity solutions to the government, while OryxLabs offers risk management and network security products. This acquisition will strengthen the EDGE Group’s capabilities in these areas, enabling it to provide more comprehensive solutions to its customers.

Erisbeg acquires majority stake in EMR Integrated Solutions

Irish private equity company Erisbeg acquired a majority stake in EMR Integrated Solutions, a firm specializing in telecommunications and cybersecurity solutions for utilities and critical infrastructure operators. With this acquisition, Erisbeg aims to bolster its presence in the telecommunications and critical infrastructure sectors, providing secure solutions for these industries.

Graylog acquires Resurface.io

Germany-based SIEM and log management company Graylog acquired Resurface.io’s API security platform to enhance its threat detection and incident response capabilities. With this addition, Graylog aims to provide a more comprehensive solution for securing APIs and detecting potential cyber threats.

Honeywell acquires SCADAfence

Honeywell, an industrial giant, expanded its operational technology (OT) cybersecurity portfolio by acquiring SCADAfence, an Israeli firm specializing in OT and IoT security. This acquisition will enable Honeywell to strengthen its expertise in securing industrial control systems and protect critical infrastructure from cyber threats.

Integrity360 acquires Advantio

Integrity360, a provider of cyber risk assurance, testing, incident response, consulting, and managed services, acquired Advantio, a company specializing in PCI QSA and cyber services. This acquisition supports Integrity360’s European expansion strategy, allowing the company to offer a broader range of cybersecurity services to its clients.

Jamf acquires DataJAR

Jamf, a company specializing in Apple device management and security, acquired UK-based DataJar, which offers device management, consulting, and security services for enterprises using Apple products. This acquisition will enable Jamf to enhance its offerings for Apple-centric enterprises and provide comprehensive solutions for managing and securing Apple devices.

Node4 acquires ThreeTwoFour

UK-based Managed Service Provider (MSP) Node4 acquired ThreeTwoFour, an information security services company with expertise in program delivery, strategy, risk assessment, and governance. This acquisition will strengthen Node4’s cybersecurity offerings and enable it to expand into the finance and banking sector.

RealDefense acquires Support.com

RealDefense, a provider of consumer security, privacy, and productivity software and support services, acquired Support.com from parent company Greenidge Generation Holdings. This acquisition includes Support.com’s customer base, call center operations, and remote IT support technology platform and services businesses. The integration of Support.com will enhance RealDefense’s ability to deliver comprehensive and reliable support to its customers.

Safe Security acquires RiskLens

AI-driven cyber risk management firm Safe Security acquired risk management firm RiskLens, with the aim of becoming a leader in the $4 billion market for cyber risk management. By combining their expertise and technologies, Safe Security and RiskLens strive to provide organizations with advanced solutions for identifying, assessing, and mitigating cyber risks.

Sesa Group acquires Wise Security Global

Italian company Sesa Group purchased Wise Security Global, a Spanish company that provides blockchain-based identity technology, as well as Managed Detection and Response (MDR) and cybersecurity assessment services. This acquisition will enable Sesa Group to offer a comprehensive suite of cybersecurity solutions, leveraging Wise Security Global’s expertise in cutting-edge technologies.

Spire Capital acquires Cobwebs

Spire Capital, a private equity firm, acquired Israeli web intelligence firm Cobwebs Technologies to strengthen the capabilities of the PenLink digital investigation platform. The combination of Cobwebs and PenLink will provide investigators, analysts, and prosecutors with enhanced capabilities to support their work in combating cybercrime.

TPG and Francisco Partners acquire New Relic

Investment firms TPG and Francisco Partners took observability company New Relic private in a $6.5 billion deal. New Relic offers a platform that provides monitoring, log management, and application security capabilities. By going private, New Relic aims to accelerate its growth and continue innovating in the observability space.

TPG acquires Forcepoint’s G2CI unit

Private equity giant TPG announced its plans to acquire Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit. This deal, reportedly valued at around $2.5 billion, will enable TPG to expand its presence in the cybersecurity market and leverage Forcepoint’s expertise in providing security solutions to government and critical infrastructure customers.

Thales acquires Imperva

French aerospace, defense, and security giant Thales reached an agreement with private equity firm Thoma Bravo to acquire cybersecurity company Imperva for an enterprise value of $3.6 billion. Thales’ acquisition of Imperva will enhance its cybersecurity capabilities and enable it to provide comprehensive solutions to a wide range of customers.

These are just some of the notable cybersecurity M&A deals announced in July 2023. The high volume of transactions demonstrates the growing importance of cybersecurity in today’s digital landscape. As organizations face increasingly sophisticated cyber threats, companies are seeking to enhance their cybersecurity capabilities through strategic acquisitions and mergers.

Internet Security and the Implications of Rising M&A Activity

While the increase in cybersecurity M&A activity is an indication of a thriving industry, it also raises important considerations for internet security. As companies merge or acquire new technologies and capabilities, there is a need to ensure that these integrations do not compromise the security of the overall ecosystem.

The Risks of Integration

When two companies come together through a merger or acquisition, they often need to integrate their systems, technologies, and teams. This integration process can introduce vulnerabilities and weaknesses that malicious actors can exploit. Organizations must carefully evaluate the security posture of the target company before completing the deal and implement robust security measures during the integration process. These measures may include network segmentation, strict access controls, and threat monitoring and detection systems.

Protecting Customer Data

Cybersecurity M&A deals often involve the transfer of sensitive customer data from the target company to the acquiring organization. This data transfer must be handled with the utmost care to ensure the privacy and security of customer information. Organizations must comply with data protection regulations and implement encryption, secure data transfer protocols, and strict access controls to safeguard customer data during and after the integration process.

Vendor Risk Management

As organizations rely on an increasing number of third-party vendors, the cybersecurity of these vendors becomes critical. In M&A deals, organizations inherit the vendor relationships of the target company, along with their associated risks. It is essential for acquiring organizations to conduct thorough vendor risk assessments and due diligence to ensure that their vendors have robust security practices in place. Additionally, acquiring organizations should update their vendor risk management programs to account for any new vendors that come as a result of the deal.

The Philosophical Discussion Around Cybersecurity M&A

The rise in cybersecurity M&A activity raises important questions about the nature and implications of consolidating power in the cybersecurity industry. Some argue that consolidation can lead to greater efficiencies and better coordination in the fight against cyber threats. By bringing together different capabilities and resources, organizations can pool their expertise and develop more advanced cybersecurity solutions.

However, others caution that consolidation can have negative consequences, such as reducing competition and stifling innovation. When a few large companies dominate the cybersecurity market, they may have less incentive to invest in research and development or offer competitive pricing. This can limit the options available to organizations seeking cybersecurity solutions and potentially result in a less diverse and resilient ecosystem.

There is an ongoing debate about striking the right balance between consolidation and diversity in the cybersecurity industry. Policymakers, regulators, and industry leaders must carefully consider the potential implications of large-scale M&A activity and strike a balance that fosters innovation, competition, and robust cybersecurity.

Editorial: Navigating the Changing Landscape

The surge in cybersecurity M&A activity serves as a reminder of the ever-evolving and complex nature of the cybersecurity landscape. As organizations face new and sophisticated threats, they must constantly adapt their cybersecurity strategies and invest in the latest technologies and capabilities.

For organizations considering M&A deals, it is crucial to prioritize internet security from the earliest stages of the process. Due diligence must include a comprehensive cybersecurity assessment of the target company, evaluating their security posture, policies, and practices. It is also essential to involve cybersecurity experts in the integration process to ensure that security considerations are given due attention and potential vulnerabilities are addressed.

Additionally, organizations should closely monitor the market and stay informed about emerging trends, new technologies, and potential threats. The rapid evolution of the cybersecurity landscape requires organizations to remain proactive and agile in their approach to cybersecurity.

Ultimately, organizations must recognize that cybersecurity is not a one-time investment but an ongoing process. Regular vulnerability assessments, employee training, and incident response planning are essential elements of a robust cybersecurity strategy.

As the cybersecurity industry continues to grow and evolve, organizations must remain vigilant and prioritize internet security to protect their assets, customers, and reputation in an increasingly digital world.