Contact: Brenon Daly
Casinos, which are always looking to have patrons spend more money, are notorious for making exits difficult to find. For that reason, the Mandalay Bay was the perfect setting for this week’s trade show for the information security industry, Black Hat. Why do we say that? Infosec companies — at least the big ones — are having difficulty in finding exits, too.
Not to overstretch the metaphor of the host city for Black Hat, but the infosec industry has stepped away from the high-roller tables. So far this year, just one infosec company (Okta) has made it public, while those that have headed toward the other exit haven’t enjoyed particularly rich sales. This year’s small bets are reversing the recent record run for M&A spending on infosec transactions.
Spending on overall infosec acquisitions in the first seven months of the year has put 2017 on pace for the lowest annual total in a half-decade, according to 451 Research’s M&A KnowledgeBase. This year’s paltry total of just $2.3bn in aggregate deal value means that 2017 will snap three consecutive years of increasing infosec M&A spending. Our M&A KnowledgeBase shows that in 2016, infosec buyers spent $15bn, more than any other year in history, while 2015 also came in as another strong year in 2015 with $10bn in transaction value.
To put the current dealmaking decline into perspective, consider this: The largest infosec print so far in 2017 wouldn’t even make the list of the 10 biggest infosec transactions of 2015-16. And while this year’s largest acquisition – CA’s $614m purchase of Veracode – represents a decent exit, it’s fair to say more was certainly expected from the application vulnerability startup. (Veracode had filed its IPO paperwork several months before the sale on the quiet, according to our understanding.) Similarly, this year’s second-largest VC exit saw TeleSign agree to a sale that valued it lower than its valuation in its previous funding round.
The reason why so few sizable infosec startups are looking to exit is mostly because they don’t have to exit. Thanks to ever-increasing CISO spending, venture capitalists are back writing big checks to subsidize infosec startups. And when we say ‘big checks,’ we mean the size that used to come in IPOs or the rounds that got announced during the 2014-15 boom in late-stage investing, when single rounds of $100m were announced from across the startup landscape. While those growth rounds were relatively plentiful across the IT scene two or three years ago, infosec is the only industry where the big checks are once again rolling in. In just the past three months, a half-dozen infosec startups have each raised rounds of about $100m.