29 April 2020
BDA’s Euan Rellie speaks to Reorg on increased investor interest in cybersecurity
April 17, 2020
by Darcy Reddan
Cyber Assets Gain Appeal as Covid-19 Lockdown Spurs Remote Working Security Threats, Advisors Say
- Offerings that provide cloud-based endpoint security, threat intelligence, cyber attack response, firewalls and/or anti-virus services, such as CrowdStrike, Fortinet and Zscaler, could garner interest from larger tech players, advisors said.
- Any asset that can reduce vulnerabilities around remote working is going to be “huge,” and greater deal traction can be expected around these assets, one advisor said.
- The surge in demand for cybersecurity offerings leaves a wide open playing field for these companies to either be sellers at an attractive valuation or buyers to consolidate their market position, one advisor said.
Cyber attacks spurred by the increase in remote working due to the coronavirus outbreak will create renewed appetite for tech companies to acquire cybersecurity assets, technology sector advisors said. The advisors said the widespread need for greater security and encryption measures might lead to consolidation in the space.
The global pandemic has forced governments around the world to introduce lockdowns to prevent the spread of the virus, with office closures and remote working among the measures being adopted. The U.S. has been in lockdown mode since mid-March, which is a “new normal” that is putting the economy under severe strain.
While questions loom around the well-being of several industries in the wake of the coronavirus pandemic, advisors said that security platforms will be beneficiaries of increased working from home, as employers move from secure in-office landlines to at-home networks that are likely less secure, the advisers said.
Offerings that provide cloud-based endpoint security, threat intelligence, cyber attack response, firewalls and/or anti-virus services, such as CrowdStrike, Fortinet and Zscaler, could garner interest from larger tech players, or they could also leverage their new buying power to fortify a market position, the advisors said.
All three multibillion-dollar tech companies have overperformed the broader market since March 13. CrowdStrike’s shares rose 60%, Fortinet rose 33%, and Zscaler rose 68%, while in comparison, the S&P 500 increased 3% as of closing April 16.
While employees working remotely increases exposure to potential hacking attempts, BDA Partners senior managing director and co-founder Euan Rellie also noted that companies will need to ensure security on the customer front, to ensure customer trust and avoid litigation.
Silicon Valley-based teleconference app Zoom has recently been criticized for security gaps as the University of Toronto’s Citizen Lab published a research report on April 3 that documented several features that make the platform easier to use but with reduced privacy and security. The Federal Bureau of Investigation has reported an increase in disruptions including imposter participants using threatening language or hijacking video teleconferences with hateful imagery.
The increase in users has caused Zoom’s share price to nearly double from around $69 on Jan. 2 to a peak of $160 on March 23, when mass work-from-home orders were expanding nationwide. But the stock dipped to $114 on April 7 amid the security woes being made public. The price recovered and closed at $150 on April 16, giving the company a market cap of $41.2 billion.
The need to avoid similar customer concerns and potential liabilities will create a push for more data security tools, said Cynthia Cole, special counsel at Baker Botts, who noted that more security breaches are expected as the lockdown continues.
Any asset that can reduce vulnerabilities around remote working is going to be “huge,” and greater deal traction can be expected around these assets, Cole said. These platforms offer a unique upside to technology companies, where security tools not only strengthen a product offering but also act as a risk management tool, former CIO and CPO at Equinix Brian Lillie said.
One company that might benefit from the increase in remote working is Sunnyvale, Calif.-based cybersecurity company CrowdStrike Holdings, according to Rellie. The company has a market cap of $13 billion.
CrowdStrike could draw interest from a big tech player that has enough cash on hand to pursue a deal despite market volatility, such as Dell, Microsoft or Cisco, Rellie said. A hardware company making a push for a cybersecurity provider would make sense, according to Lillie, who noted that Intel’s $7.68 billion purchase of McAfee in 2010 was part of a strategy “to bake security into the core product.”
Rellie noted that another thriving cybersecurity company and potential target is San Jose, Calif.-based cloud-based information security company Zscaler, which provides Internet security, web security and firewalls as well as threat forensics and malware protection against phishing attempts. Zscaler has a market cap of $8.9 billion.
The surge in demand for cybersecurity offerings leaves a wide open playing field for these companies to either be sellers at an attractive valuation or buyers to consolidate their market position, said Marlin & Associates founder Ken Marlin. He said he expects a short-term boom over the next few years through mass consolidation and expects big tech players to shore up security offerings.
Any company connected to network security and cybersecurity, via either encryption or firewalls, is “well positioned to take advantage in a surge of interest,” Cole said.
One such company is Fortinet, which is emerging as a winner amid the ongoing crisis, said Rellie. The company could look to capitalize on its strengthened buying power and seek out targets that provide a host of cyber security offerings, Rellie said, noting that Zscaler fits this description. Fortinet has a market cap of $19 billion.
Settling on Price Gets Tricky
While cybersecurity platforms may be attractive to alleviate security fears in the current unprecedented environment, Hogan Lovells partner David Gibbons said that deals in the coming months may be tougher to execute as buyers and sellers may not see eye to eye on valuation.
In addition, buyers and sellers in the cybersecurity space need to grapple with investor outlook, Cole said, noting that investors may not support an acquisition if they believe the company has more room to grow, particularly if they are newer investors who have come in ahead of the remote working shift.
There will be a “period of robust activity” once executives have a better idea of what the “new normal” looks like and market volatility subsides, said Gibbons, noting that he sees deal activity ramping back up toward the end of the year into the first quarter of 2021.
Disclosure: Funds associated with Warburg Pincus own shares of CrowdStrike, and hold a majority interest in the parent company of Reorg Research, Inc.