A somewhat secure M&A market

Contact: Brenon Daly

With RSA set to open later this week, we thought we’d take a look back on deal flow since the trade show closed last year. Over the past year, we’ve seen some 83 acquisitions of security companies, with total spending of about $4.2bn. While that’s down from the comparable year-earlier period (April 2007-April 2008: 90 deals worth $5.2bn), the drop-off in security M&A has not been as steep as the overall decline in tech deals. In fact, the number of security transactions slipped just 7% from the previous year, compared to an 18% drop in the number of total tech M&A. Spending on security deals also fell less than the overall market.

Moreover, there are a number of trends that have emerged since the last RSA event that suggest security M&A may well remain healthier than the overall market. For starters, the big shoppers have done big deals. By our tally, Symantec has inked the largest security transaction since the end of last year’s RSA, paying $695m in cash to bolster its on-demand offering with MessageLabs. And McAfee checked in with the second-largest acquisition. Its $497m all-cash purchase of Secure Computing was its largest deal in a decade, and its only acquisition of a public company in at least seven years (excluding the pickup of Bulletin Board-listed Citadel Security Software in 2006).

In addition to the strategic vendors, we’re also seeing financial buyers – both through funds and PE-backed companies – looking to do deals. For instance, Sophos went back to its investors to help finance its $341m acquisition of Utimaco, the largest purchase by a privately held security company of a public counterpart. Also, Vector Capital took home Aladdin Knowledge Systems and, more recently, Thoma Bravo has a pending $114m offer for Entrust. Certainly there have been a few scrap sales, but that’s to be expected in an over-funded market like security. Overall, deal flow remains comparatively healthy in the security sector.