A catalytic year for cyber
The cybersecurity industry has been one of the big winners of the Covid-19 pandemic. Not only has distributed working led to new threats and data regulators flexed their muscles to drive cybersecurity up the board agenda, but the rapid acceleration of digitisation across all industries has meant that businesses have had to consider cybersecurity in the context of new systems and processes. All of this has led to frenetic activity in the mergers and acquisitions (M&A) and investment markets as the smart money seeks to spot the winners in an increasingly crowded market. We expect to see more of this in 2021.
Rising up the board agenda
During the early weeks of the pandemic, businesses drastically shifted from on-site to remote-working environments, while putting the importance of connectivity first to meet the needs of customers and the business. The daily and constant reliance by business on remote-working solutions has brought new cybersecurity challenges, and, unfortunately opportunities for cyber criminals. While the security of video-calling platforms such as Zoom has attracted much interest, it is the back-end systems that tend to be the focus of the cybersecurity professionals. Remote-working solutions sit within a tech stack that all needs to work together and fit within an appropriate set of technical and organisational measures that strike a balance between employee productivity and ensuring confidentiality, privacy and availability of the company's systems and proprietary information. In creating new or modifying existing business processes and customer experience, such as mobility services or cloud services, digitalisation also means increased connectivity. And with increased connectively comes increased cyber risk, as it is ultimately the internet that provides cyber criminals with a pathway into vulnerable businesses. The need for secure remote-working environments also involves continuous adaptation of security standards and solutions, which provides opportunities not just companies providing cybersecurity solutions but also for those setting standards and implementing them.
And if boards needed any more reminding of all of this, the Information Commissioner's Office in the UK recently published its long decisions against British Airways, Marriott, and Ticketmaster, each of which are full of onerous expectations on businesses that process personal data. With multi-million euro fines, group litigation and reputation damage awaiting the businesses that get it wrong, it is no wonder that boards are substantially increasing budget and spend on cyber services and software.
All of which is great news for the rapidly growing cybersecurity sector. A report from 2020 commissioned by the Department for Digital, Culture, Media and Sport in the UK, found that revenue from cybersecurity businesses increased 46% in a two-year period from 2017 to 2019 and the industry as a whole is now worth an estimated £8.3bn. This is reflected in the deal volumes, which have been trending upwards for a decade now. In respect of EU and UK-headquartered businesses, there were 115 M&A transactions in 2019 in the first quarter of 2020 with a cumulative value of £8.5bn and a median deal size of £103m. The UK is third in the list of most venture capital invested in cybersecurity (behind the US and Israel). Reviews of the market since the start of the pandemic also conclude that it has not slowed the pace of M&A activity in the cybersecurity industry. Valuations have remained strong despite the general economic downturn with the only impact really being seen in the very top end of the market where there are fewer £500m plus deals. More broadly, the impact of the Covid-19 pandemic across the global economy means there are fewer attractive businesses around for corporates and investors alike. As a result, industries like cyber that continue to perform strongly stand out even more. So 2020 was a good year for cyber but, as deal activity picks up in the new year, we expect 2021 to be even stronger.