Thoma Bravo, a leading private equity firm whose investment focus is software and cybersecurity, announced last week the completion of fundraising for various buyout funds totaling more than $34 billion.
Considering that Thoma Bravo has been a major M&A predator of listed cybersecurity midcaps in the last couple of years with five acquisitions in a $2-7 billion range (Darktrace, ForgeRock, Ping Identity, SailPoint, Magnet Forensics), this fundraising could clearly reenergize M&A in the industry after a rather slow start to the year. Only one large-scale deal has been announced so far in 2025, the $33 billion acquisition of Wiz by Google.
In our view, the current environment is supportive of a new wave of M&A activity from private equity. First, the outlook for growth, profitability and cashflow generation has been improving. The rise of AI presents a dual opportunity for cybersecurity firms: it enables them to enhance their offerings with AI-powered products and data security, while also serving as a powerful tool for internal efficiency gains (code automation…).
Second, the regulatory environment has become more favorable since the arrival of the Trump administration, and in our view, antitrust concerns are unlikely to pose a significant obstacle. The industry remains highly fragmented, and market leaders still hold relatively low market shares.
Finally, there has been no major inflation in valuation levels of listed assets, with many midcaps trading at 4-5x EV/sales, well below M&A valuations that have been ranging between 6x and 11x EV/sales.
Against this backdrop, we continue to believe that threat detection and response specialists—such as SentinelOne—should remain a key area of focus. At the same time, AI-related businesses are gaining importance due to growing data security and governance requirements (e.g., Rubrik, Varonis) and the expanding “machine identity” theme, which involves identifying an increasing number of connected devices, AI agents, and copilots. This trend supports the relevance of identity and access management platforms from companies like CyberArk and Okta.
