The first quarter of 2018 saw startups raising a total of $725.8m in cybersecurity funding  through 44 deals. This marked a notable increment in cybersecurity investments as compared to the Q1 of 2017. Today we have a look at the biggest cybersecurity mergers and acquisitions activity of 2018.

Mergers and acquisitions in the cybersecurity space picked back up where they left off at the end of 2017. The market is simultaneously expanding with VC investments into startups, and consolidating with large tech vendors acquiring pure-play cybersecurity companies – Cybersecurity Ventures.

Cybersecurity Opportunities in Numbers

Strong Market Demand – Global cybersecurity market is projected to reach a size of $165.2 billion by 2023.

Projected Growth – Global cybersecurity market is projected to be growing at a CAGR of 10.7%.

• Increased Transaction Activity – Venture firms invested $7.6 billion into cybersecurity companies last year via 548 deals.

High Valuations – Average EV/Revenue Multiple – 4.6x (2014-2016).

Equity Funding – Global Cybersecurity Equity Funding since 2013 – $21 Billion.

“Cybersecurity is a magnificent market because the problem can never be solved entirely. Fix one hole, the bad guys find another. It’s a ping-pong match for hackers.”

2017 – Record Year for Multiple Reasons

On one hand, 2017 was a year of poor security practices and some of the worst data breaches ever. On the other hand, it was a record year for unique investors, mega-rounds and deals and forecasts that beat the traditional forecasts.

In terms of M&A activity, the cybersecurity market saw more than 200 mergers and acquisitions over the past year. The entire deal flow is available on quarterly basis by the Cybersecurity Ventures M&A Report.

Billion Dollar Deals & More – Top Cybersecurity Mergers and Acquisitions of 2018

1) In the month of January, Iron Mountain Incorporated, the global leader in storage and information management services, completed its acquisition of the U.S. operations of IO Data Centers LLC, a leading colocation data center services provider based in Phoenix, Arizona. The total purchase price at closing amounted to $1.34 billion subject to working capital and other customary adjustments and including additional cash consideration related to company performance.

2) In the same month, the RELX Group (formerly known as Reed Elsevier) acquired ThreatMetrix – for £580 million (about $817 million) in cash to ramp up in risk-based authentication and detection. This was big exit for ThreatMetrix, which was last valued at around $237 million in its last funding round, in 2014.

3) On the last day of January month, On Assignment, Inc of Calabasas, CA acquired ECS Federal – one of the largest privately-held government services contractors delivering artificial intelligence, cyber security, cloud computing, DevOps, IT modernization and advanced science and engineering services to commercial and government enterprises. The deal was signed at $775 million.

4) The month of February saw Sunnyvale, Calif.-based cybersecurity firm Proofpoint, a provider of cloud-based email security, e-discovery & compliance solutions, acquiring Wombat Security Technologies, a cybersecurity training company, for $225 million.

“Because threat actors target employees as the weakest link, companies need to continuously train employees and arm them with real-time threat data,” Gary Steele, Proofpoint CEO, said in a release.

5) In the same month, General Dynamics and CSRA announced that they have entered into a definitive agreement under which General Dynamics will acquire all outstanding shares of CSRA for $40.75 in cash. The transaction is valued at $9.6 billion, including the assumption of $2.8 billion in CSRA debt.

6) In the mid of February, Private equity firm Thoma Bravo successfully completed the acquisition of data security firm Barracuda Networks for US$1.6 billion. The deal was announced in November 2017 and promised shareholders US$27.55 in cash for each share of Barracuda common stock they hold.

7) The last week of February month saw PhishMe, the leading provider of human-driven phishing defense solutions world-wide, announcing that the company has been acquired and has changed its name to Cofense™. The acquisition by a private equity consortium valued the company at $400 Million.

8) During the same time, Splunk Inc. announced a definitive agreement to acquire Phantom Cyber Corporation, a leader in Security Orchestration, Automation and Response (SOAR). As per the terms of the agreement, Splunk will acquire Phantom for a total purchase price of approximately $350 million, to be paid in cash and stock.

9) The first day of the month of March witnessed Cambridge-based Akamai Technologies Inc. paying $380 million in a pair of 2017 acquisitions meant to boost its web performance and cybersecurity offerings for the $11.5 billion company.

10) Around the last week of March, Palo Alto Networks announced that it had completed its acquisition of Evident.io, a pioneer and leader in public cloud services infrastructure protection. Under the terms of the agreement, Palo Alto Networks will acquire Evident.io for a total purchase price of $300 million to be paid in cash.

As you can see from the list above – Iron Mountain, General Dynamics, and Thoma Bravo, close the biggest deals in the first quarter of 2018 with a combined deal value of around $12.54 billion.


With the increments in Venture Capital, increased CISO Demand, growth in Cybersecurity spending and rise of Cybercrime damages, the year seems positive for the growth of the Cybersecurity market.

Now is the right time to favor a career in cybersecurity. Still need more reasons? Check out our blog post highlighting the top three reasons that establish the fact that this is a lucrative career path to be on.