Cybersecurity M&A volume reaches $77.5 billion in 2021: report

There were 83 cybersecurity company capital raises that surpassed $100 million.
Written by Jonathan Greig, Contributor

Mergers and acquisitions in cybersecurity grew to $77.5 billion in 2021, according to research from cybersecurity consultancy Momentum. 

In a report on 2021, the firm said 83 cybersecurity company capital raises surpassed $100 million. There were fourteen $1 billion mergers and acquisitions, including deals involving McAfee, Augh0, Mimecast, Thycotic, Proofpoint, and Avast. 

Proofpoint was acquired in August 2021 for $12.3 billion in cash, while NortonLifeLock merged with Avast PLC in a $8.4 billion deal. Okta acquired Auth0 for $6.4 billion, and Symphony Technology Group bought McAfee's enterprise security business for $4 billion. 

There were more than 1,000 financing deals involving cybersecurity companies and 286 mergers and acquisitions. There were five cybersecurity IPOs in 2021 -- KnowBe4, DarkTrace, SentinelOne, Riskified, and Forgerock -- with an average IPO raising $467 million.

The numbers far surpassed 2020, which saw 728 deals with cybersecurity companies and $19.7 billion in mergers and acquisitions activity. 


The top categories for financing, mergers, and acquisitions include security consulting/MSSP, risk and compliance, cloud security, data security, and threat intel/incident response. The top categories for VC financing ranged from risk and compliance to data security, network security, and infrastructure security. 

Dave DeWalt, founder of late-stage cybersecurity VC firm NightDragon and a contributor to the report, told ZDNet that the industry is in the midst of a perfect storm of factors that are causing the greatest level of cybersecurity risk that we have ever seen. 

"This includes factors like geopolitical tensions and crises, increasing digitization of technology, work from home, spread of IoT devices, cloud and more. The cybersecurity industry must innovate to match these new trends, and we are seeing a significant increase in funding to fuel that growth," DeWalt said.

"We are entering a new era of cyber ubiquity, where cybersecurity needs to be a piece of every technology and service available, from the cars we drive, to our corporate networks to our mobile devices. I expect we will see cybersecurity investment continue to increase for at least the next decade as we evolve into this new era."


Bob Ackerman, founder of VC firm AllegisCyber Capital, added that the venture ecosystem "has a herd mentality" and will tend to over-capitalize sectors they believe have tremendous promise.  

Investment capital is flooding into the cybersecurity ecosystem, driven largely by explosive demand for cyber defense, according to Ackerman. 

"The level of investment is a pure reflection of both the need and the opportunity. In cyber, the stakes are incredibly high; the consequences of getting it wrong -- unacceptable; the landscape complex; and the pace of change hard to fathom. You cannot over-invest in cutting edge innovation in this environment. That said, you can over-invest in commodity capabilities and under-invest in essential next generation innovation," he explained. 

"The digitization of the Global Economy has fueled explosive growth in the cyber attack surface. Seeking to exploit this environment, the entire spectrum of bad human behavior at every level is also digitizing. The consequence is that every aspect of our lives -- business, education, healthcare, critical infrastructure, government, travel, finance, etc. is at extreme risk. Cyber is truly one of the existential risks of the 21st century. The stakes could not be higher, and that drives the demand for effective cyber defenses, which in turn fuels investment in cyber innovation."

The report comes amid news that Microsoft was considering acquiring Mandiant and that Cisco was mulling a $20 billion deal for Splunk. 

Editorial standards