Investments and M&As are set on an upward trajectory at a time where many VC-backed vendors are under re-valuation with some looking to cash out after two dry years, and at a time when many publicly traded vendors are trading below the historical M&A multiples.
In parallel, the hype around Discriminative AI[i] based products and solutions in some segments of the Cybersecurity market is flattening. The use cases that add value are being filtered in, the ill-working AI models with low fidelity outcomes are being filtered out, and the market traction and consolidation towards favorable vendors and best technologies to solve problems is starting to be clear. The clearer vision is attracting investors and M&As to step back in and enable sustainable expansion.
These seismic motions triggered the inevitable long anticipated market self-correction, and we are seeing it translating into 3 main trends:
Trend #1: Larger or cash-rich vendors cherry picking Venture Capitalist (VC) backed vendors who are struggling to grow, or are low-on-VC-funding, or are seeking down rounds as their actual ARR trajectory did not align well with their initial valuation. This trend is helping advance the consolidation track forward. A couple of examples are Akamai acquisition of Noname[ii] and WIZ acquisition of laceworks[iii].
Trend #2: Investors doubling down onto market favored vendors. This trend will ensure that these vendors will be rewarded with more cash to continue to expand and innovate. Few examples are Nozomi Networks[iv], Corelight[v], and Traceable AI[vi] latest rounds of investments.
Trend #3: Acquirers, mainly Private Equity (PE) firms, finally buying out long-awaited targets (high gross margins and high gross money retention) but now at fair premiums. This trend is promising to ignite the growth and innovation engines at these targets. Latest example is Thoma Bravo buying out Darktrace[vii] after 2 years of talks.
Author Opinion: “As the market is at the early stage of adopting AI in Cybersecurity, this market self-correction will prove to be a healthy one that will not only shape the current vendors fundings and valuation but also those seeking their seed rounds. All this will position the market for even more growth”.
Let us take a deeper look into the market dynamics that led to the acceleration of its self-correction.
Investments, M&As and IPOs – Optimism is Back
Hot Year of Ahead
Morgan Stanley Research predicts that 2024 could be a hot year for M&As[viii]. The company predicts:
- 50% increase in deal volumes compared with 2023, thanks to growing corporate confidence and positive news on the global economy.
- Deal volumes could rise by as much as 50% in 2024, after the lowest activity in almost two decades in 2023. Non-financial companies and private market investors have accumulated a total of $8.1 trillion in unallocated capital, which is fueling pent-up demand.
- Banking, energy, healthcare, real estate and technology are among sectors that are primed for increased mergers and acquisitions.
- The resurgence in M&A activity is expected to be global, with the biggest number of deals in Europe and North America.
Zooming into the Cybersecurity market, Richard Stiennon, the Chief Research Analyst at the dedicated Cybersecurity market research platform IT-Harvest[ix] stated that “138 cybersecurity vendors took in $3.8 billion in new investments through April 1”. In his Q1 2024 Cybersecurity Industry Update[x], Richard also stated:
“If that level of investment continues, we can expect $15.4 billion for all of 2024 which would be up 50% from last year.”
Worth mentioning is that IT-Harvest is currently tracking 3,700+ Cybersecurity product vendors.
Customer Spending in Cybersecurity is Expected to Increase
As Cyber-attacks increase, widen, and become more costly to recover from, if not deadly, CISOs are requesting higher budgets, and the executives are approving them. Higher spending will surely aid in the market self-correction as the thriving vendors will be able to grow and innovate with budgets available to tap on.
Two surveys confirm the budget increase expectations:
Survey #1: Enterprise Technology Research (ETR) conducted a survey later in April to track security budgets, priorities, vendor trends, and more in advance of the 2024 RSA Conference[xi]. One key takeaway from the survey is that
“87% of all respondents expect their security-related budget to increase over the next twelve months”.
Survey #2: NightDragon Advisors shared their spending patterns, anonymously, for 2023 and whether they expect budgets to increase in 2024[xii].
The survey found out that:
“The vast majority of CISOs said they expect their budgets to increase again in 2024, with 80% reporting growing budgets, up from 67% last year.”
But Investments and M&As will Take Different Forms and Sizes
While some vendors and investors are cherry picking VC-backed vendors who are low on VC-funding and/or seeking down rounds, other investors are doubling down onto market favored ones.
Searching the IT-Harvest platform, we can identify that 11 Cybersecurity VC-backed vendors are receiving more than $100M of investment starting Q1 this year with many of them currently providing Cybersecurity solutions built around Discriminative AI (see table below).
| Vendor | Funding_24 |
|---|---|
| Wiz | $800M (closed in May at $1B) |
| Quantinuum | $300M |
| NinjaOne | $231.5M |
| Axonius | $200M |
| Silverfort | $116M |
| Bugcrowd | $102M |
| Claroty | $100M |
| Coro | $100M |
| Cyera | $100M |
| Extrahop | $100M |
| Nozomi Networks | $100M |
The latest addition to the above list at the time of writing this article is Corelight, a provider of Network based Threat Detection and Response platform, which secured $150M in Series E investment.
At the time of writing this article also, Traceable AI, a provider of API security platform, received $30M in investment from various investors. Compare this investment to the previously referenced acquisition of Akami to Noname, another vendor providing API security, which was priced at significant discount compared to the 2021 valuation. In both cases, and even with the different forms and sizes of investments, the events are good news for the API security market and indicate investors’ confidence in its growth.
Early-Stage Investment Is Alive and Kicking
Pinpoint Search Group published its Cyber Security Vendor Funding Report – Q1, 2024[xiii] with many highlights, but one is extremely important and critical to the continuous market evolution:
“Seed rounds represented 40% of all funding activities, indicating continued belief in the sector’s foundational innovations.”
Another indicator can be sensed by analyzing the buyers plans for 2024. Referencing again ETR conducted survey that tracked security budgets, priorities, vendor trends, and more in advance of the 2024 RSA Conference[xiv]. ETR found that:
“The majority (51%) of respondents expect the total number of their organization’s security-specific vendors to increase. An additional 37% expect them to remain flat, and only 9% expect to see vendor consolidation”.
This survey finding underlines that Cybersecurity buyers want the tap on the best of breed products to protect their organizations and are not responding well to the platformization offerings currenting in the market. This means that founders can still go ahead and bring up their new ideas and new ways to solve problems not fearing platform plays, and this also means that investors can still go ahead and seed those founders.
Key Publicly Traded Vendors are Trading Below the historical M&A Multiples – A less Optimistic View or a Correction Opportunity?
According to Sid Trivedi’s post at Linkedin early May[xv] (Partner at Foundation Capital), “the data from Morgan Stanley Research (Hamza Fodderwala, Keith Weiss, Angie Song) shows that nearly half of the key public Cybersecurity stocks are trading below the historical average M&A multiples (Strategic M&A average now at 8.9x, Overall M&A average now at 7.6x)”.
The post also stated that “after 2 years of decline, bookings growth has finally shown signs of stability, operating margins have continued to improve, and public companies are trading at valuations cheaper than what we have typically seen strategic acquirers pay for assets”.
Though this can be seen as a less optimistic view, some Private Equity firms like Thoma Bravo are looking at this as an opportunity to invest in high profile vendors. Earlier in April, Thoma Bravo announced that it has reached an agreement with the Board of Directors at Darktrace, a global leader in cybersecurity artificial intelligence, on the terms of an all-cash acquisition with an enterprise value of approximately $4,992 million representing a premium of 20% over Darktrace’s closing share price.
Viewing this acquisition with optimism by factoring the current market positive indicators, the decision to go private promises to end a relatively short but bumpy period on the London stock market and as per Darktrace chair Gordon Hurst. “…will provide Darktrace access to a strong financial partner in Thoma Bravo, with deep software sector expertise, who can enhance the company’s position as a best-in-class cyber AI business headquartered in the U.K.”
IPO Talks are Back.
The Cybersecurity IPO market has been largely on hold since late 2021 mainly due to concerns about a worsening economy and rising interest rates. A few months back, and due to more favorable market conditions, we started seeing Cybersecurity vendors targeting IPO as a possible exit. Some are filing and pricing their IPOs as we speak, such as the Microsoft backed Rubrik[xvi] which announced the pricing of its upsized initial public offering later in April[xvii].
Hiring Trend is More Up than Down.
One final point to underline the reason for optimism. Out of the 3,767 vendors tracked by IT-Harvest, there were 1,147 (30%) vendors that grew in the first two months of the year. There were 941 that decreased in size, or 25% of the total.[xviii]
A Hype Curve is Flattening
The use of Discriminative AI in Cybersecurity is more than 2 decades old but in the past decade we witnessed an explosion in the number of vendors either getting established around this technology or bolting it to their products and propositions. Throughout these years, the market continued to:
- Filter in the working AI models
- Understand and interpret better the meaning of some of the Discriminative AI output
- Converge towards the best ways to solve a specific problem.
The visibility and understanding of what works well and what doesn’t is surely higher today than what used to be a decade back.
In the example of lacework, a Cloud Cybersecurity provider, the company was able to raise $1.3 billion on a $8.3 billion valuation (ranking 3rd among VC-backed cybersecurity vendors) which later reached $1.8 billion. That was back in 2021 when Cybersecurity vendors were enjoying the hype of inflated expectations and consequently inflated valuation. Fast forward 2024, Wiz signed a letter of intent to acquire laceworks at $150-$200 million price, possibly ending years of lacework struggle (update: negotiations seem to have fell through in the due diligence process).
This massive drop in price can be rooted to many reasons including the company struggle to maintain a working c-suite level and stop the talent drain, but some argue that reasons can be found in the product itself. Despite all the promises, lacework was pinned as the weakest in both the “strategy” measure and “current offering” measure among 13 vendors evaluated at Forrester Wave Cloud Workload Security Q1 2024[xix] report.
The next example highlights how the industry has now better interpretation of the meaning of some AI models’ output. In an interview with Laurent Hausermann, CEO at CyGO Entrepreneurs, posted at Cyber builders substack earlier this year[xx], Max Heinemeyer, the Chief Product Officer at Darktrace with Darktrace stated:
“This expanded interpretation of what constitutes a true or false positive is somewhat new for many professionals in our field. Historically, the industry has been inclined to perceive these concepts in starkly binary terms”.
Max then explained that “A true positive was straightforwardly seen as a detection accurately identifying a designated threat, like an exploit moving through the network. On the other hand, a false positive was typically understood as the detection system mistakenly flagging an event that doesn’t align with the specific characteristics of the threat as outlined in the signature. This shift towards a more nuanced understanding marks a significant evolution in our approach to cyber threat detection.”
A flattening hype curve is always good news. Experience has taught us that the flattening of the hype curve is a healthy market self-correction sign, and it usually ushers the start of a sustainable and more rapid growth built on a more solid foundation.
What will Happen Next?
The Cybersecurity market will continue to grow, innovate and to incubate new vendors with new great ideas and fascinating technologies, and the market will continue to self-correct itself over and over in the face of hypes and inflated investments derived by the fear of missing out.
With investments, M&As and IPOs getting active after 2 dry years, and at a time many Cybersecurity vendors are undergoing downward re-valuation while some others being fed with more investments or their first seeding round, and surely at a time where more clarity on what Discriminative AI can do well in the Cybersecurity space and what it cannot do, the time is ripe for another market self-correction promising a healthier and more sustainable growth.
[i] https://www.linkedin.com/learning/artificial-intelligence-for-cybersecurity-22882411/discriminative-ai-vs-generative-ai?resume=false
[ii] https://techcrunch.com/2024/04/12/akamai-acquisition-talks-noname-security/
[iii] https://techcrunch.com/2024/04/18/wiz-is-in-talks-to-buy-lacework-for-150-200m-security-firm-was-last-valued-at-8-3b/
[iv] https://www.nozominetworks.com/press-release/nozomi-networks-secures-100-million-investment-to-accelerate-critical-infrastructure-defense
[v] https://corelight.com/company/newsroom/news/150-million-series-e-funding
[vi] https://www.businesswire.com/news/home/20240501811605/en/Traceable-AI-Secures-30M-Strategic-Investment-Round
[vii] https://techcrunch.com/2024/04/26/thoma-bravo-to-take-uk-cybersecurity-company-darktrace-private-in-5b-deal/
[viii] https://www.morganstanley.com/ideas/mergers-and-acquisitions-rebound-2024
[ix] https://dashboard.it-harvest.com/
[x] https://stiennon.substack.com/p/q1-2024-cybersecurity-industry-update
[xi] https://app.etr.ai/articles/rsa-conference-survey-trends-survey?utm_source=Social&utm_medium=Social&utm_campaign=Social
[xii] https://www.nightdragon.com/insights/special-report-cisos-report-rising-budgets-for-2024/
[xiii] https://pinpointsearchgroup.com/cyber-security-vendor-funding-report-q1-2024/
[xiv] https://app.etr.ai/articles/rsa-conference-survey-trends-survey?utm_source=Social&utm_medium=Social&utm_campaign=Social
[xv] https://www.linkedin.com/posts/siddhanttrivedi_acquisitions-cybersecurity-founders-activity-7188907040801542144-_DFm?utm_source=share&utm_medium=member_desktop
[xvi] https://www.rubrik.com/company/newsroom/press-releases/24/rubrik-files-registration-statement-for-proposed-initial-public-offering
[xvii] https://www.rubrik.com/company/newsroom/press-releases/24/rubrik-announces-pricing-of-upsized-initial-public-offering
[xviii] https://stiennon.substack.com/p/more-up-than-down-in-cybersecurity?utm_source=profile&utm_medium=reader2
[xix] https://www.forrester.com/report/the-forrester-wave-tm-cloud-workload-security-q1-2024/RES180426
[xx] https://cyberbuilders.substack.com/p/ai-and-cyber-from-a-detection-engineers