By Sanjin Goglia, Managing Director, Bryan, Garnier & Co
and Damien Henault, Partner, TempoCap

Cybersecurityis a constantly evolving sector

Ongoing digital transformation and the ever-changing threat landscape mean that recent years have seen the potential for threats proliferate and the need for robust solutions become more pressing. As a result, while the markets may be volatile, cybersecurity investment continues to weather the storm and retain strong demand and growth.

The global cybersecurity market, based on Gartner research, was valued at $140B in 2021 and is forecast to grow from $156B in 2022 to $376B by 2029 (a 13.4% CAGR). The increasing professionalisation of cybercriminals, aggressive ransomware attacks, and nation-state threat actors will all continue to compound cyber threats in 2022 and beyond.

As the leading cybersecurity investor in Europe, TempoCap has been at the forefront of investigating the market trends and concerns that corporates and institutions face. In 2022, a detailed research report we conducted in conjunction with prominent technology investment Bank Bryan, Garnier &Co exposed several pressing issues for businesses.

We are faced with a challenging macro environment and see many potential recession indicators, but the cybersecurity market outlook shows no sign of slowdown. The drivers for growth remain intact, including the continued digitalization of businesses, which creates pressure to invest in security technology, and increased regulatory pressure for corporates and public sector entities to put in place adequate cybersecurity strategies.

Our research has shown that CIOs are driving cybersecurity spend in 2022 and 2023 by making their top priority areas responding to an evolving and heightened threat environment, refreshing and upgrading existing technology and responding to the rapid attack surface expansion.

The latest Alphawise 2Q22 VAR (Value Added Reseller) and CIO surveys highlight this appetite for increased and continued cybersecurity spending:

VAR survey shows that 2022 Security Software growth expectations has sustained at 13% YoY for the past two Quarters
CIO survey shows Overall Security software spend growth expectations sustained at 9.4% in 2Q22 vs 4Q21, and remains well ahead of broader Software spend growth at 4.1%
Security software subsequently remains the most defensive area of IT spend, with Q1 and Q2 22 reports maintaining that these projects are least likely to see spending cuts

Our research has additionally uncovered how ransomware was a notable and continuing concern, with 27 percent of respondents mentioning it as the most significant cyberthreat currently impacting their industries and customers, followed by 18 percent of respondents identifying digital supply chain risk and attack surface expansion as the most pressing issues respectively. Geopolitical events, such as the Russian invasion of Ukraine, were also identified as a potential signifier of future cyber threats, while third party risks such as software chain supply were considered the most underestimated and overlooked security threat to businesses in 2022.

On the whole, businesses reported increasing cybersecurity budgets in response to possible vulnerabilities, but they also expressed concern in attracting and retaining talent, reflecting the post-pandemic “talent drain” many have been reporting in early 2022. In order to allow this hard-won talent to work effectively, those surveyed also expressed new desires for the efficiency of cybersecurity software, including measuring the accuracy of threat detection, the ability to seamlessly integrate with other solutions, and the reduction of false positives, rather than just the number of threats detected.

The respondents are right to be concerned about the efficacy of cyber security solutions, as the consequences of a breach are costly. IBM’s 2021 Data Breach Report found that 2021 had the highest average cost of a cyber-attack in 17 years – rising from $3.86 million in 2020 to $4.24 million. Average costs were also $1.07 million higher owing partly to the risks introduced by increase in remote working.

The appetite for robust solutions is clearly consistent and was a sentiment that was also reflected during TempoCap and Bryan, Garnier & Co’s inaugural Cyber Security Conference 2022. From global leaders to pioneering early-stage companies, this event highlighted the intricacies of the cybersecurity ecosystem and the crucial role these innovative companies play in protecting businesses in this age of insecurity. In addition to hiring talent and integrating effective software, speakers discussed how incorporating cybersecurity into employee training could enable businesses to keep digital best practices and monitoring at the top of the agenda. These new approaches to security awareness and training for broad employees population within companies could help to integrate security into the business culture, and ultimately cyber tech companies could help to facilitate this shift in mindset.

Maintaining agility emerged as an important theme and panellists discussed how best to enhance security whilst keeping your business running. A number of Chief Information Security Officers (CISOs) from large companies participated in the conference, sharing helpful advice with smaller companies, such as ensuring that their innovations can be integrated into wider platforms with minimal risk. Cybersecurity pioneers need to ensure that their solutions can be seamlessly adopted if they want exposure to big companies.

Equally, the Conference and the profitable legacy of TempoCap’s investments have shown that while the increased threat landscape continues to present challenges, it is also fuelling investment interest and creating a unique opportunity for deal making.

In 2021, the cybersecurity transactions market built on a strong performance as the total transaction value for M&A reached $78bn, while financing deals reached $29bn, with particular investment interest in endpoint safety, cloud technologies, identity and access management, messaging and network security and infrastructure security.

At the end of September 2022, the NASADAQ Cybersecurity CTA Index was down 26% from the beginning of the year but cybersecurity strategic activity demonstrated sustained volume, notably in M&A. $YTD Q3-2022, $16.5 bn has been invested across 799 cybersecuriyty financing transactions. M&A activity continues to be very significant from both strategic buyers and financial sponsors. During the first nine months of 2022, the total cybersecurity M&A volume was $111.5 bn across 206 transactions, a 138% year-on-year growth with 8x landmark $1bn+ M&A deals including Google’s $5.3B acquisition of Mandiant, Broadcom’s $69.2B acquisition of Vmware, and what appears to be a major roll-up in IAM space by Thoma Bravo with their $6.9B acquisition of SailPoint (at 31.6% trading price premium), $2.8B acquisition of Ping Identity (at 62% trading price premium) and most recent $2.3B acquisition of ForgeRock (at 53% trading price premium) . Further announced in October was the $4.6B acquisition of KnowBe4 by Vista Equity (less than two years after its IPO) – that illustrates the continued strength of Cybersecurity M&A.

Bryan, Garnier & co, as one the most active European investment banks in PE and growth tech/software deals with dedicated cybersecurity practice, has completed several high-visibility transactions in the space during 2022: MailInBlack acquisition by Apax Partners, EUR 28m investment round in Vade Secure, EUR 139m investment by Bridgepoint in CAST and acquisition of Sword GRC by Riskonnect (TA Associated backed company).

And among the TempoCap portfolio, companies such as Onfido, CybelAngel, EfficientIP and Systancia are going from strength to strength in designing secure solutions for developing cybersecurity issues.

As we ultimately continue to adapt to changing working methods and an increased reliance on technology to foster connectivity and to retain crucial data, the cybersecurity sector will face unique challenges.

Ahead of the forthcoming TempoCap and Bryan, Garnier & co 2023 Cyber Security Conference, our role in bringing key players together to discuss ideas and share advice has shown that organisations will keep searching for innovative solutions to meet these concerning obstacles, while targeted investment will ultimately push the needle forwards on change that is lasting and effective. The current environment represents a huge opportunity for cybersecurity companies and their investors to grow, develop and become global champions. Watch this space.