Security VCs: Security Market Will See Lots of M&A Activity In 2017

With an IPO market that was stagnant through 2016 – something that will likely continue into 2017 – cybersecurity venture capital executives said they expect to see significant M&A activity throughout the year to come.

"I think, for the near term, M&A is the biggest outcome for security opportunities. I think the M&A opportunity will be very robust in 2017," Menlo Ventures Managing Director Venky Ganesan, said.

Ganesan said he expects M&A activity in cybersecurity to pick up over the next year to year and a half, as there are "still way too many startups funded" in the market. At the 2016 RSA Conference in San Francisco this year, for example, there were hundreds of startups on the exhibit floor alone.

[Related: The 10 Coolest Security Startups Of 2016]

id
unit-1659132512259
type
Sponsored post

Ganesan said there is a "Game of Thrones" of sorts in the security space, where there are at least half a dozen startups competing for every technology and vertical possible. However, he said most of those startups are "features not companies," making them ripe for consolidation into larger, platform players.

"We will see a little thinning of the herd and if you're not the strongest of the fastest you won't make it [alone]. Evolution works." Ganesan said. "I think when the dust settles there will be true platform companies and the rest will be consumed by it," he said.

While the M&A trend will likely be strong in all areas of technology, it will be particularly robust in the cybersecurity industry, Alberto Yepez, co-founder and managing director of Trident Cybersecurity, a fund of prominent VC firm Trident Capital that focuses on cybersecurity investments. In 2016, there were only a handful of technology-related IPOs, including Dell SonicWall and Nutanix.

"The M&A market is very healthy right now. It's always been particularly healthy in cybersecurity," Yepez said. Yepez said he sees the vast majority of exits in cybersecurity through M&A, rather than through IPO, because of the innovation cycle in security, where larger, already public companies look to buy up smaller, innovative companies to bolster their own technology and people. That trend will only continue as security threats become more serious and the innovation cycle accelerates further.

Some of that consolidation has already started to occur, with 611 acquisition deals in the U.S. alone as of July, according to a study by CloudVolumes. Some of those deals included the acquisitions of Blue Coat Systems, LifeLock, Optiv Security, Intel Security, CloudLock, Lancope, Invotas and AccelOps – to name a few.

Bob Ackerman, founder and managing director at Allegis Capital, a cybersecurity-dedicated venture capital firm that focuses on early stage investments, agreed, saying that it is "very difficult for a public cybersecurity company to remain at the forefront of innovation because security moves so quickly," factors that he said will slow cybersecurity startups looking to go public, as well as speed up M&A activity by larger, already public vendors looking to keep pace with current technology innovation.

"The vast majority of exits will be M&A," Ackerman said. Ackerman predicted particular M&A activity around analytics, saying there is probably 10 to 15 larger vendors that need to acquire analytics capabilities in the short term.

Menlo Ventures' Ganesan said he expects most of the consolidation will occur in startups who have landed Series A funding, but will struggle to land Series B funding, which is focused more on revenue rather than technology, vision or ideas. That consolidation is coming, he said, as funding will dry up for those companies who have already landed a Series A or Series B round and might now look to make an exit.

"The rationalization hasn't happened yet. I expect it to happen over the next 12 to 16 months," he said.