Eighteen months after initial reports of M&A talks, networking giant Cisco announced the takeover of data analytics and cybersecurity software company Splunk in a massive $28 billion deal (both Cisco and Splunk are portfolio companies). The 32% premium is in line with recent sector transactions and the valuation multiple (6x revenue) is in the low-end of recent multiples (6-8x).
Splunk’s observability platform allows searching, analyzing, and displaying machine-generated data acquired from IT infrastructures and business websites, applications, sensors, or devices. Splunk is mostly utilized as an analysis engine when it comes to cybersecurity, allowing to correlate security events and to pinpoint the source or the risk of security breaches. From a strategic standpoint, the deal then makes great sense as it allows Cisco, which is a leading player in threat detection and response, to materially expand its threat prediction and prevention capabilities and to get closer to a full end-to-end cybersecurity platform.
From a financial standpoint, the Splunk acquisition also represents for Cisco the opportunity to accelerate its transition to software and cloud-based revenue (at the expense of hardware), to boost its revenue/EPS growth in the long run and, importantly, to materially expand its cybersecurity business which is considered critical in the networking space.
Interestingly, the acquisition of Splunk will double Cisco’s security revenue to roughly $8 billion, in line with Palo Alto Networks’ and well above Fortinet’s ($5.4 billion), Microsoft remaining ahead of the pack with $20 billion revenue in cybersecurity. And it looks like Cisco is determined to go even further as reports surfaced yesterday that the company also considered recently (and still considering?) the takeover of threat detection platform SentinelOne.
This confirms that the cybersecurity market is consolidating fast around a limited number of players consisting of pure players (Palo, Fortinet), Tech giants (Microsoft, Google, Cisco) and… one private equity firm (Thoma Bravo) that has collected a large number of security assets in recent years. Cybersecurity firms have indeed no choice but to offer comprehensive platforms as enterprises roll out an increasing number of security tools (from identity & access management to threat prevention, detection and response) and more and more demand packaged solutions from their security vendors for cost and ease of use purposes.
Against this backdrop, we believe that most cybersecurity firms that still have a niche positioning (e.g. Okta or CyberArk in identity & access management) will end up as natural takeover targets for the industry leaders and that M&A should remain a powerful theme in the foreseeable future.
Importantly, antitrust should not be a major hurdle in our view as the industry is still highly fragmented and as the leaders’ market share is still very low. As an illustration, Google’s recent acquisition of Mandiant for $5.4 billion didn’t attract specific antitrust scrutiny.