Cybersecurity is on the stage now more than ever as geo-political scenario is rather uncertain with the Russian attack to Ukraine still on and all implications that this is having and is going to have. So cybersecurity is a place to stay both for investors such as venture capital and private equity firms and for tech giants.
As for the latter, the most recent mega-deal is the one announced about two weeks ago by Alphabet subsidiary Google which signed an agreement to acquire Mandiant, Inc., a California-based leader in cyber defense and response,  founded in 2004 by Kevin Mandia, a former U.S. Air Force officer, for $23.00 per share. This all-cash transaction is valued at approximately $5.4 billion (€4.9 billion), inclusive of Mandiant’s net cash (see here the press release). Upon the close of the acquisition, expected later in the year, Mandiant will join the growing Google Cloud. Madiant was invested in 2011 by private equity firm One Equity Partners, back then the private investment division of JPMorgan Chase & Co, as well as by Kleiner Perkins Caufield & Byers (KPCB). The company was then acquired by FireEye Inc. in 2013 for about $1 billion, providing cybersecurity services and rose to prominence after releasing a series of threat intelligence reports detailing alleged state-sponsored hacking and cyber espionage in China and Russia. FireEye was also involved in numerous major breach investigations, including the suspected North Korean intrusion of Sony Pictures Entertainment in 2014 and with Equifax in 2017 following their breach. Mandiant became a stand-alone company last year when FireEye sold its security-product business and FireEye name for $1.2 billion to a consortium led by Symphony Technology Group.
Adding the internet security company will strengthen Google’s cloud-computing business as competition escalates with larger rivals Amazon Web Services and Microsoft Corp. Actually Microsoft was also in talks with Mandiant regarding a potential buyout in the weeks leading up to Google’s official announcement.  Microsoft in turn had acquired various smaller cybersecurity companies. More in detail in July 2021 it bought both RiskIQ, a leader in global threat intelligence and attack surface management (see here the press release) and CloudKnox, a leader in Cloud Infrastructure Entitlement Management (CIEM)  (see here the press release). RiskIQ helps customers discover and assess the security of their entire enterprise attack surface—in the Microsoft cloud, AWS, other clouds, on-premises, and from their supply chain, in addition to malware and spyware monitoring and mobile app security. Microsoft did not reveal the terms of the deal, but Bloomberg reported that the company paid “more than $500 million in cash” for the San Francisco-based provider, according to unnamed sources. On the other hand, CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. Like Mandiant, both RiskIQ and CloudKnox have also been venture backed in the past, with RiskIQ going through 5 rounds of funding, starting in 2013, that raised a total of $83 million and CloudKnox which raised  $22.8 million in 4 rounds starting in 2018.
Cybersecurity is still a very hot sector for venture capital firms which have know gained very good returns already as the first raw of cybersecurity companies have been growing up very fast. Some of those have gained the unicorn label already, actually about 50 of them around the world (see Venturebeat, CB Insights, Failory).
One of them, Sysdig, even if based in San Francisco (California), has an Italian founder, Loris Degioanni. The company is a market leader in the cloud security sector and has closed a $ 350 million Series G funding round last December with a valuation of $ 2.5 billion, bringing the total capital raised to $744 million and more than doubling the company’s valuation in eight months (see here a previous article by BeBeez). The round was led by Permira’s growth fund and was also attended by Guggenheim Investments and existing investors Accel, Bain Capital Ventures, DFJ Growth, Glynn Capital, Goldman Sachs, Insight Partners, Next47, Premji Invest & Associates and Third Point Ventures (see here a previous article by BeBeez). Sysdig works with leading cloud service providers, including Amazon Web Services, Google Cloud Platform, Microsoft Azure, IBM Cloud, Red Hat and SUSE Rancher. This funding will be used to accelerate Sysdig’s global expansion in Europe, the Middle East, Asia Pacific and South America, double its staff in 2022, expand its partner program, and invest in a unified multi-cloud security experience in runtime, configurations, permissions and vulnerabilities. Sysdig had just closed a $188 million round just last April 2021 and in that case the capital increase was led by Premji Invest & Associates and Third Point Ventures. Accel, Bain Capital Ventures, Next47, DFJ Growth, Glynn Capital, Goldman Sachs and Insight Partners also participated in the round.
As for Italy Sysdig in an exception as other cybersecurity companies in the Italian panorama are rather smaller even if appealing to investors. We recall for example that earlier this month, Bahrein-based private equity firm Investcorp won the auction for control of HWG, a Veronese cyber security company founded by Enrico Orlandi in 2008. This was an exit for Ninja Investments, a club deal platform lead by Leonardo Bruzzichesi and Michelangelo Mantero, which had invested in the company in 2019. Recent valuations of HWG have been circulating around €50 million.  In the startup panorama then Random Power, an Italian startup active in the cryptography sector, raised the first tranche of a round of 200k euros last November from LIFTT, a venture capital firm led by entrepreneur-scientist Stefano Buono, while in September 2021 4Securitas, an innovative cybersecurity startup, has closed a series A round signed by Cysero EuVECA, a venture capital fund managed by AVM Gestioni sgr specialized in robotics, jointly promoted with Kilometro Rosso Bergamo’s science and technology park. According to BeBeez, Cysero acquired 20% of the startup for 2 million euros.
Italian venture capital firms also look abroad for their investments in cybersecurity. So last January Indaco Ventures sgr joined the last round of funding, worth 4 million Swiss francs, of Swiss cybersecurity firm Cysec. The company, based in Lausanne, was founded in 2018 by Patrick Trinkler and Yacine Felk and specializes in data security. This new round, which brings total funding to 7 million Swiss francs, will support Cysec’s growth into the Digital Assets, DeFi and Edge Computing markets.
Coming back to the big picture, actually the cybersecurity sector attracted huge resources last year from investors and is still doing so this year. According to the last Cybersecurity Almanac by Momentum Cyber, a trusted cybersecurity focused investment bank, private equity growth divisions and venture capital firms has recently flocked to cybersecurity startups and scaleups which raised a record $29.5 billion in 2021, more than double the $12.4 billion mapped in 2020. In total, over 1,000 deals were struck with 84 exceeding $100 million and 30 of these startups covered the $1 billion valuation threshold to earn the title of unicorn.
Alongside the money raised in the startup market, the cybersecurity market saw $77.5 billion in total merger and acquisition activity with private equity firms more and more involved as investors. The largest of these deals was actually led by a private equity consortium including  Advent, Permira, Crosspoint Capital, CPP Investments, GIC and ADIA which acquired McAfee for $14.1 billion in a deal that was finalized a few weeks ago even it announced last year. Also private equity giant Thoma Bravo purchased  Proofpoint for $12.3 billion, followed by NortonLifeLock Inc.’s acquisition of Avast Plc in a deal valued at as much as $8.6 billion. Several other deals covered the billion dollar mark, including STG’s acquisitions of both McAfee Enterprise Business ($4 billion) and FireEye’s product division ($1.2 billion).
Dave DeWalt, founder and managing director of Momentum Cyber, stressed that there were a couple of factors that spurred this increase in venture capital investment. The general spike in cyber-crime drove major interest in defense and tools across the entirety of the cybersecurity market, especially given the cluster of highly publicized attacks and vulnerabilities this previous year that became commonly known for people without interest in tech matters such at JBS, Colonial Pipeline, Kasera, and NSO Group.  Another driving matter into the cyber-crime wave is the massive shift to remote work prompted by the pandemic. Momentum Cyber projects that this trend will continue with an increasing focus on blockchain technologies as a source for security. The concept of “Zero Trust” is also positioned to break out as companies adopt the model of “never trust, always verify.”
The threat landscape is also projected to grow and worsen in the upcoming year, something that would build off the trends of the past years. Dave DeWalt referred to this period as the “golden age of cyber.” As more technology is incorporated into companies, more vulnerabilities, more attack surface, more attackers, and more levels of threat arise; however, that leads to more investment.
Nicholas Miller contributed to this article
