Cybersecurity Dive: M&A sets record pace as ransomware, nation-state threats fuel security demand

Enterprise customers seek consolidated, end-to-end platforms to anticipate, detect and eliminate threats.


An unprecedented surge in ransomware, software vulnerabilities and malign cyber activity against the private sector and critical infrastructure has led to a wave of private equity investment and merger activity in the cybersecurity industry.

Information technology providers sought to create secure environments for clients. Enterprise customers also demanded end-to-end security solutions capable of hunting down sophisticated malware, detecting software vulnerabilities and protecting sensitive employee data.

During the first quarter alone, the cybersecurity industry recorded 108 mergers and acquisitions, with a combined transaction volume of $29 billion, according to Progress Partners, a merchant bank with offices in Boston and New York.

“Cybersecurity is a unique segment where technology must constantly evolve to combat new adversaries and attack methods,” Eric Bell, managing director at Progress Partners said via email. “It does not follow a typical technology maturity cycle.”

M&A activity in the sector is expected to hit a record pace for the second consecutive year, after reaching $70.4 billion in 2021, according to a market report from Progress Partners.

Data on the cybersecurity market shows deep investor demand, with $5.4 billion raised across 249 transactions in the sector.

Some of the nation’s top IT and cloud services providers drove much of the M&A activity. They have invested heavily in acquiring smaller rivals and investing in new capabilities for their internal security services, in part to protect the integrity of their software platforms and cloud services customers.

“Our mission continues to focus on helping customers defend their growing digital estate against increasing cyberthreats,” a Microsoft spokesperson said via email. “Acquisitions have helped provide Microsoft with broader visibility into security by helping to reduce risk, prevent security breaches and ensure compliance.”

Microsoft said acquisitions have helped provide a more comprehensive view of threats targeting their business and a better understanding of vulnerable internet-facing assets.

Comprehensive platform

Alphabet CEO Sundar Pichai, speaking during Alphabet’s quarterly conference call with analysts on Tuesday, said cybersecurity has been a particular focus for the company.

The company has been on a major acquisition binge in recent months, starting with the $500 million deal in January to acquire Siemplify, a provider of security orchestration, automation and response technology. The SOAR technology from Siemplify had long been a missing piece from Chronicle, which serves as the main threat detection and response platform under Google Cloud’s security business, according to Forrester Analyst Allie Mellen.

When reported negotiations between Mandiant and rival Microsoft failed to materialize, that left an opening for Google to fill its incident response portfolio gap.

“We obviously are excited about our purchase of Mandiant, which I think will help us serve customers deeper as well,” Pichai said during the call.

Congress and federal regulators have placed additional scrutiny on the IT sector in recent years amid concerns about the growing power of the industry’s biggest technology firms.

The DOJ earlier this month sent Mandiant and Google a request for additional documents related to their deal, according to filings with the Securities and Exchange Commission. The companies said they would promptly reply and are cooperating with regulators to complete deal, which is expected later this year.

Microsoft has embraced its ability to offer a comprehensive security platform as one of its main selling points to enterprise customers in recent years. During the company’s fiscal second-quarter earnings call in January, CEO Satya Nadella said security-related revenue was up 45% to $15 billion from year-ago figures.