Investment Trends

The number of technology mergers and acquisitions is growing rapidly at present, with PACS M&A activity contributing significantly to this growth. Ernst and Young highlight several key megatrends highlighted that are contributing to security demand and growing interest in security technology companies – namely (1) smart mobility, (2) cloud computing, (3) social networking, (4) big data analytics and (5) accelerated technology adaptation. These megatrends are driving increased security requirements across a broad range of technology contexts, resulting in security related investments occurring at a greater rate than the IT industry as a whole. Such security investments are being made for both “pure play” security deals, as well as being bundled as part of companies with a wider scope of emphasis. 

The cyber security industry has received $5.2bn across 807 deals over the past five years, according to recent analysis from CBInsights, with steady increases in investment in terms of both funding dollars and numbers of deals, as depicted in Figures 7.1 and 7.2 below.


cybersecurityfinancinghistory 14

Figure 7.1 – Quarterly breakdown of cyber security investing – number of deals and dollars (Source: CBInsights)


In 2013, combined deal values reached $1.71bn over 240 deals, representing 18% deal growth and 31% funding growth over 2012. Data from the first two quarters of 2014 (Figure 7.1) indicates a continued growth trend in more recent times.

cybersecurityfinancingtrends 7 2

Figure 7.2 – Cybersecurity financing trends 2009-2013 (Source: CBInsights)

Figure 7.3 highlights that there is also an increasing portion of dollar spend at both extremes of company maturity, with increasing share allocations going towards early stage seed and Series A funding (3% and 35% respectively in 2013), as well as for more mature stage funding – e.g. Series E funding has increased from 1% of dollar share in 2009 to 19% in 2013.

cybersecurityfinancingallocation 7 3

Figure 7.3 – Funding allocation by stage of funding (dollars), 2009-13 (Source: CBInsights)

Additionally in absolute deal number terms (Figure 8.4), seed and Series A allocations now account for 68% of deals (in 2013), up from 43% in 2009, leading to an estimated 1100+ PACs startups now in existence, according to US innovation association SINET).

cybersecurityfinancingdealshare 7 4

Figure 7.4 – Funding allocation by stage of funding (by deal number), 2009-13 (Source: CBInsights)

Notable PACS Deals and Exits (2013/2014)
Table 7.1 below summarises some of the key deals and exits over 2013 and 2014 (to date), with several large deals occurring in the space – the largest deal being Cisco’s acquisition of SourceFire for $2.7 billion, making it the highest value transaction in the cyber-security subset since 2010, when Intel acquired McAfee for $7.5 billion. Other notable deals are VMWare’s $1.54bn acquisition of mobile device management player AIrwatch, FireEye’s acquisition of Mandiant, Vista Equity Partners' acquisition of Websense for $942 million in Q2 2013 and IBM's acquisition of Trusteer, an endpoint security software company that protects financial institutions against fraud and data breaches.

Notable deals involving European players include the acquisition of Finnish next gen firewall firm Stonesoft OY for $389 million by McAfee, NCR’s acquisition of Alaric Systems (UK) for €57 million, and Babcock’s takeover of UK based ContexTis for $53 million. Alaric Systems provides a range of payment solutions, its most well-known products being Authentic (payment platform) and Fractals (fraud detection and prevention software). ContexTis is one of only four accredited suppliers of cyber security services to the UK Government. Cassidian, a division of European Aeronautic Defense and Space Company N.V.(EADS), acquired unified threat management systems and software provider Arkoon Network Security, of France, for $19 million. Spanish open source SIEM outfit Alienvault is another notable recipient of investment capital, receiving €19.8m in its latest round of funding. More recently, French outfit Atos have acquired Bull SAS for $847m, with Bull’s security capability being a key enabler in the deal. 

Table 7.1 – Notable PACs deals and exits, 2013-2014

Year Seller Seller Focus Buyer/Target Value
2013 SourceFire Advanced intrusion prevention and network attack prevention. Cisco Systems $2.7bn
2014 AirWatch Mobile device management VMWare $1.54bn
2013 Mandiant Incident Response FireEye $1.05bn
2013 Websense Unified email, data and mobile security solutions Vista Equity Partners $942m
2013 Trusteer Malware detection, fraud prevention IBM $902.8m
2014 MobileIron Mobile application security [IPO] $672bn (post IPO)
2013 Stonesoft Oy Next gen firewall McAfee (Intel) $389m
2013 Prolexic Technologies Anti-DDOS detection Akamai Technologies $370m
2014 Imprivata Identity and Access Mgt [IPO] $342m
2013 41st Parameter Ltd

Device identification technology and

web fraud detection.

Experian Group $310m
2013 FireEye APT/Honeypot technology [IPO] $304m(post IPO
2013 Validity Sensors Biometric authentication Synaptics $255m
2014 Cyvera Advanced zero day attack prevention Palo Alto Networks $200m
2013 Barracuda Security, Storage, Application Delivery [IPO] $75m (post IPO)


Key Dynamics Driving PACs Investment Deals
A higher volume of digital attacks and increasing awareness among clients of the need to increase defences means innovative PACS organisations are in a good position to be acquired. In the US alone, estimates around the cost of organisational failures ranges from between $70 billion to $400 billion in IP Theft per annum [MCA14]. An estimated 1110+ startup companies exist globally in various segments of the security market, defending and protecting against advanced persistent threats. Many of these organisations present ideal targets for acquisition by larger PACs and ICT enterprises, if their niche offering strengthen their overall portfolio and meet their client’s broadening range of security and privacy issues.

This view is being driven by the desire of corporate customers for a single source, end-to-end solution that takes charge and responsibility of all their security needs - which in turn is driving consolidation among providers of different types of security solutions [E&Y13]. A case in point was the acquisition of Mandiant by FireEye at the beginning of 2014 for just over $1 billion, fusing FireEye's advanced persistent threat technology with Mandiant's endpoint protection, offering corporate clients of either organisation a complete end-to-end security solution. 

According to investment firm Allegis Capital, a number of key PACs solution requirement categories are in significant demand and are driving this investment growth trend [PEH13]. Key desired solution aspects achieving investment include:

• Active defense solutions to protect websites from Botnet attacks
• Security/authentication/identity access and management for mobile devices as enterprises increasingly let employees bring their own devices to work (BYOD)
• Securing communications piece of infrastructures more effectively
• Identifying and mitigating malware once it’s gotten inside the network
• Innovative “big data” solutions applied to cyber security threats;
• Secure cloud computing solutions, a key requirement for enterprises to more broadly adopt cloud computing
• Integrated, enterprise-wide security solutions to replace collections of “point” products that solve a single problem

Rather than spending billions devising new technologies, larger organisations are starting to look at acquiring smaller, more agile organisations that have developed innovative technologies that can deal with these new threats. For the large organisation this can give them a cheaper and quicker alternative to developing in-house skills. For the smaller organisation, being acquired allows them to get their product to a wider corporate market.

European PACs Investment Context
It is traditionally accepted that the US has a more mature and established venture capital industry than its European counterparts at present. This is particularly reflected in more successful performance returns over time – while the US VC industry has achieved 13% returns since 1990, its counterparts in Europe have managed just 2.1% over that period [ECON14], with much returns in the latter sapped during the dot-com bust, followed by post 2008 stagnancy across Europe in recent years.

Compared to Europe, the European VC ecosystem is funded much more heavily by government participants, with 40% of available funding coming from them, up from 14% in 2007, with much of this coming from the EU-backed European Investment Fund (EIF), which contributed €600m to European startups across all domains in 2013. Mixed views exist on the impact of public funding on startup investment, particularly when it is used to match funding from a public source, particularly VCs. Some private investors fear that any strings attached to government money (e.g. to create jobs in certain countries, or focus on certain sectors) may limit outcomes from their investments. There is also a perceived lack of transparency in how EIF-backed investments have fared, with no data available on investment performance. There is also the perception that European funds backed by government money can cash in on successful investments too early, selling companies to boost short term returns that make it easier to get follow-up government funding, thereby losing out on huge gains that can arise by staying with longer term bets. Pan-European rules placing limits on allowed investment (to ensure a perceived level playing field across individual European nations) are also viewed as being restrictive versus the US model, where no such limits exist [WSJ13]. Getting later stage financing is also seen as a challenge in Europe, where as few as 20-30% of European companies funded at seed stage are able to secure follow-up investment. Labour laws in many European countries are viewed as prohibitive to encouraging start-up activity, for example making it harder for companies to pay staff with stock options, often a key carrot to encouraging employees to take risks on working with start-ups.

However, in the PACs context more explicit funding supporting PACs-based start-ups in Europe is now emerging. For example, in June 2014 London-based C5 Capital became the first focused cyber security investment fund in Europe, providing a $125m fund for PACs start-ups. So far two investments have been made, an $8m investment in monitoring provider Balabit, as well as investment in Qinetiq spinout Metrasens . Managers of the fund now believe that European ICT and PACS companies are now at an increased competitive advantage in Europe as a result of recent NSA surveillance scandals in the US, as such firms are not subjected to the same levels of data collection as their US counterparts. Traditionally, EU PACs companies have sought expansion funding to expand into US markets by default, but other markets such as the Middle East and Asia are now also seen as attractive alternatives [SCM14]. Local European vendors will also always benefit from understanding the local needs of the region, often giving them a competitive advantage over US and other non-European vendors over others, but there is now increased demand for Europeans to provide alternative services to protect citizens and their embodied data in their own markets.


[ECON14] "Innovation by fiat - Well-meaning governments are killing the continent’s startups with kindness", The Economist,

[E&Y13] Ernst & Young -$FILE/EY-Global_technology_M&A_update-Q313_highlights.pdf

[MCA14] “Net Losses: Estimating the Global Cost of Cybercrime”, McAfee, Centre for Strategic and International Studies, April 2014,

[PEH13] "What’s driving the surge in cyber security investing?", PE Hub, Oct 28th 2013

[SCM14] "VC funding for European cyber security firms", SC Magazine,

[WSJ13] "Europe Starved of Later Stage Venture Capital", Wall Street Journal, July 2013,


Return to Trends and Challenges



Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework


Joomla! Debug Console


Profile Information

Memory Usage

Database Queries