01 Dec With the Cybersecurity industry estimated to grow at 21% CAGR till 2025 and regular M&A deals worldwide, is it the right time to invest?

Global spending on IT security services grew by 22.79 per cent between 2017 and 2019 (Technavio report); According to estimates the cybersecurity market in India is expected to grow from USD 1.97 Bn in 2019 to USD 3.05 Bn by 2022 (PwC); The global cybersecurity market is expected to grow by USD 138.32 Bn during 2020-2024 (report by Technavio); The industry is estimated to register an overall CAGR of 21 per cent by 2025 (DSCI report).

Considering the above trends of the past and the forecasts do you consider investing in cybersecurity companies? Don’t worry this article will walk you through some of the recent activities in this space which will help you decide better.

Cyber Security companies provide a set of products and services to protect the internet-connected systems. It can protect computers, networks, software and data. Cyber-attacks are committed to have unauthorised access to data, alter or completely change the data and sometimes it involves extorting money as well. These companies help organisations and individuals to protect their systems and data from unauthorized access.

The increase in the adoption of different mobile devices such as laptops, tablets, mobile phones, the need for cybersecurity solutions is increasing day by day. Taking into consideration the new normal and companies going virtual, the professional use of mobile devices is likely to increase unauthorized access to critical data which is to be kept confidential. Increasing rates of literacy have increased the adoption of digital lifestyles, for all day to day activities people are using their mobile devices like e-commerce, bill payments, GPS etc which in turn has resulted in an expansion of cyberattack and a need for launching defense mechanisms.

76% of respondents in the report by PwC and DSCI said that current investments in cybersecurity in their enterprises were inadequate and they foresee the security budgets to increase in future. Considering the exchange of data and services the Global Regulations such as General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), Health Information Trust Alliance (HITRUST) will continue to have an increasing impact on the Indian cybersecurity market. Increase in the regulations and the guidelines is leading to demand for abidance, which will further drive the market demand for cybersecurity products and services.

According to the report by PwC and DSCI the cybersecurity market in India is expected to grow at one and a half times the global market growth rate.

While the world is struggling with such unprecedented times of Covid-19 and the economies going into recession, cybercriminals see it as an opportunity for themselves. Since February, IBM X-Force has observed a 4300 per cent increase in coronavirus- themed spam. There is a constant need for vigilance and organisational agility across sectors like Manufacturing, BFSI, Telcom, Government, Healthcare, Auto, Retail etc. This is posing challenges to the companies in the cybersecurity industry in building more strong software and providing better services to the organisations and individuals. Nearly 98 per cent of organisations across India have seen the negative impact of COVID into its functioning and CIOs are facing challenges and difficulties in communicating effectively with their teams and organisations where they are demanding right technology deployment to ensure smooth continuity of business. CIOs in India have also mentioned that cybersecurity remains on the top investment area. Disruptions in the Covid-19 have resulted in over 30 per cent growth in the job searches for the cybersecurity industry while postings for these roles have gone up by 6 per cent.

Now coming onto the recent mergers and acquisitions in this space: In early 2020 five deals worth $1 Bn plus each were recorded globally. Those are as follows:

• Hellman & Friedman of San Francisco, a private equity firm completes acquisition of Checkmarx, an application security firm in Israel on March 23rd 2020 for $1.15 Billion. This was done to take Checkmarx’s ‘software equals security’ vision to the next level.
• Aon professional service firm based in London UK agrees to acquire Willis Tower, a global advisory and solutions company, also in London for $30 Billion in stock. Both the companies aim to share their expertise in fields of security, climate change, health solutions and intellectual property.
• Advent International, a global private equity fund based in Boston enter into an agreement to acquire Forescout, a device visibility and control company, in a cash stock buyout deal valued at $1.9 Billion.
• F5 Networks, of Seattle, an application delivery network company, completes acquisition of Shape Security, an AI-powered cybersecurity fraud, and abuse protection provider for an estimated $1 Billion.
• Private Equity firms Stone Point Capital of Greenwich and Further Global of New York, the head consortium that agrees to acquire Duff & Phelps, of New York City, an advisory services company for $4.2 Billion

There were numerous other deals as well in this space.

There has been 16.9 per cent growth in the cybersecurity product consumption in India, from 1029 Million to 1643 Million. Cyber Security products include Data Security, Endpoint Security, Identity and Access Management. Network Security and Security IDR products. 63 per cent of respondents in the report by PwC and DSCI saw data security and privacy as primary areas of concern and investment. The services consumption has seen 14.2 per cent growth from 947 Million to 1410 Million. Services include security consulting, security implementation, security testing, security operation and incident response.

India is a country with more than 200 cybersecurity start-ups (Economic Times) and all of them are fighting to get the share in the pie which is majorly controlled by the big firms and companies such as Palo Alto Networks, Symantec and FireEye. But then big companies need a strong and deeper strategy since there is now a larger attack surface because digital technologies are becoming so pervasive. One of the examples where start-ups are getting more recognition over the established firms is that in 2019 Punjab National Bank wanted to adopt a security solution for their mobile banking app and instead of going to established companies they approached Uniken which is a six to seven year-old startup, thus the products and services of start-ups are getting recognised and matured now.

The study carried out by PwC and DSCI also reveals that the market contribution of cybersecurity products to the overall demand will increase from 52 per cent of the mix in 2019 to 54 per cent by 2022. Thus, investing in start-ups and big companies who are into cybersecurity product manufacturing would be the right choice.

The cybersecurity industry is growing at a fast pace and due to this pandemic, it has got a boost. Many companies are adopting technologies and moving digital completely for all their operations, which leads to a substantial increase in the demand for cybersecurity products and services. With such an increase in demand and companies/ PEs investing and acquiring different cybersecurity firms, investing in these companies currently and in the near future could be considered as a good option.