Large deals in 2020 include Santa Clara, California-based Netskope hauling in $340 million in February; Mountain View, California-based SentinelOne raising $267 million in November; Dallas-based StackPath closing a $216 million Series B in March; and Minnesota-based Arctic Wolf announcing a $200 million raise in October.

Merger and acquisition dealmaking in the cybersecurity sector did take a hit, with values dropping from $28.1 billion in 2019 to $13.8 billion at the end of the third quarter this year, according to San Francisco-based financial advisory firm Momentum Cyber.

Despite the drop in dealmaking, Atherton said he hears from corporate development teams of large companies that they are still approached on a daily basis by startups and growing cybersecurity firms interested in strategic dealmaking and partnerships. Atherton said he expects dealmaking to remain strong in 2021, after it picked up significantly in the second half of the year. More nontraditional buyers could help push the market, he said, pointing to Fastly acquiring Signal Sciences in August for $775 million as an example.

 

The pandemic has prompted the healthcare industry to be thrust into the global spotlight, and the healthcare cybersecurity sector is not exempt. Focused attacks on healthcare providers has run rampant 

 

“These ransomware attacks on hospitals are terrifying, this area wasn’t even a focus a few years ago,” says Matt Kinsella, managing director at Maverick Ventures. 

 

Kinsella said this has changed as attackers have learned to use medical devices themselves that are now connected to networks as virtual backdoors.

Recent years have seen increased interest from buyers looking for IoT security providers, which includes medical device security. Among them was Palo Alto Networks buying Zingbox for $75 million last year, and Armis being acquired by Insight Partners at a valuation of $1.1 billion.

Large tech companies like IBM also have grown their health care security divisions, said Kinsella, whose firm invested in New York-based medical device security provider Cylera in 2018.

The recent SolarWinds hack—where Russian attackers penetrated several companies’ and government agencies’ systems through a piece of that company’s server software—caused cybersecurity stocks rally in mid-December. It stands to reason that the next question is how much of a spending boost on threat detection and monitoring will this cause for the future months? Will spending on cloud-based security remain a priority?

Kinsella said the SolarWinds hack may be an inflection point for the industry to look at how vendors share data.

 

“Vendors must exchange information so risk is clearer,” he said. “And that process should be streamlined.”

 

While some get excited about new network security tools and endpoint solutions, large third-party vendors provide the necessary infrastructure of organizations’ defenses. Once the full breath of the SolarWinds attack is understood, vendor risk management and companies that allow for that data exchange could see an uptick in interest.

The use of containers in building modern applications has grown through recent years, with open-source software platform Kubernetes becoming a popular way to deploy and manage those containers.

That space already has seen significant dealmaking. Palo Alto Networks bought RedLock for $173 million in 2018 and followed that with its acquisition of Twistlock for $410 million and PureSec for an undisclosed amount last year. The cybersecurity giant used that trio to create its cloud security offering Prisma Cloud. Then in April, Rapid7 bought cloud security posture management company DivvyCloud for approximately $145 million.

Venture capital also has rolled in. In September, Mountain View, California-based StackRox raised a $26.5 million round, while in May, Israel-based startup Aqua Security raised $30 million, and Mountain View, California-based Lacework raised a $42 million Series C in the second half of last year.

While the space still is developing, Boukouris said he thinks more money will flow into the area because cloud infrastructure is so hot.

Regardless of what the next big thing is in cybersecurity, it’s guaranteed more tools and complexity will come into the space. That means security services—the unsexy subsector of managing security tools—also will remain interesting to investors.

 

“There is some great technology out there, but because there’s so much you need someone to manage it,” Boukouris said. “That’s why the space is red hot. There is interest from VC and private equity alike.”

 

Companies like Arctic Wolf, as well as others such as deepwatch and eSentire, which help manage tools and offer security operation center services, continue to attract investor interest as offerings proliferate throughout the sector, Boukouris said.

 

“The more tools get complicated, the better services companies need to manage them,” he added.

Atherton said he expects cybersecurity as a whole will see high single-digit to low double-digit growth in spend next year, with strategics and investors eyeing bigger slices of the pie. 

 

“I don’t think you’ll see much of a slowdown in M&A or investment in the sector,” he said “It remains very hot.”

 

 

Source: Crunchbase News

 

 

Learn more about Targeted Cyber Attacks on Healthcare