Has The Acquisition Spree Ended? Date:   Thursday , June 26, 2008 ONE SECTOR’S LOSS IS ANOTHER’S GAIN. THE security sector, to be sure, is a “hot” area of investment. The year 2002 saw a series of acquisitions in the security space, sending out signals that this was a sector set to soar. NetScreen Technologies acquired OneSecure. Symantec Corp. went on a $375 million buying spree acquiring four companies for cash: Security Focus, Riptech, Mountain Wave and Recourse Technologies. Cisco acquired Psionic for $12 million. As the conglomerates look to bolster their security stance by augmenting the depth of their products and services and extending their geographic reach, an appetite for mergers and acquisition will remain. And this is what excites VCs. Most VC firms see the M&A trend as a positive step toward industry consolidation. “Selling out to large players is the only viable exit strategy that we see today because the IPO market has shut down,” says Amit Bhargava, Principal at the $90 million ECentury Capital. Acquisition seems to be the only way out for security startups developing niche applications for a smaller market place, which do not seem to create a viable public company. Another piece of evidence that draws the VCs’ attention to this sector is the performance of public security firms. Apart from the big five security firms, small cap stocks are seeing accelerated earnings. “The valuation of security focused software companies by Wall Street is high because their revenue multiples are 2-3 times that of the software sector. The market is growing and there is potential for higher profitability,” says Bhargava. The Drivers Given the acquisitions of the last year and the interest shown by Wall Street, VCs are keenly watching the factors that are driving this space. “Proliferation of devices, creation of the extended enterprise, heterogeneous architectures and migration to ‘IP everywhere’ will fuel the need for security solutions,” says Neeraj Bhargava, Principal at Apax Partners, where he focuses on wireless and security investments. American corporations have scaled up security measures, resulting in increased security budgets that will fuel industry growth. Organizations recognize the importance of protecting data from external breaches (hacker, cyber-criminal). They are also protecting themselves from employees, consultants and contract workers who may be intent on diverting funds, research and development breakthroughs and other intellectual property, as well as sensitive and private corporate information. More than half of all information security breaches originate from within the enterprise. “Various surveys reveal that IT managers and CIOs are spending on security products and it is in fact first on their priority list. If you take a long-term view, security solutions will increase and so will investments. We are bullish on the market,” says Bhargava. Apart from enterprise spending, defense and homeland security will generate a growing appetite for new technology. Startups can benefit from the increasing demand if they can navigate the challenging process of government procurement. Strong management teams, and experienced partners and investors will be imperative to secure orders. Startups are likely to find selling their products challenging. In the down economy, smaller companies that may have better technology but less staying power are struggling to land clients. Often, it’s hard for them to attract big customers who need assurance that a supplier will be around to support its product. Over invested? Not all of the companies now billed as being in the “security” space will succeed. There are risks when the venture community tends to over invest in certain spaces. Some VCs believe that the sector is over invested and may soon become unpopular and finally collapse. It may be a bearish outlook, but surely investments in the sector are falling. According to venture-capital researcher Venture One, VCs put $1.58 billion into 138 computer-security startups during the boom year of 2000. That fell 37.6%, to $986 million invested in 102 startups during 2001. In 2002, $484 million was invested in 59 startups during the first three quarters. So the net year-on-year investment into this sector is decreasing. Does the slide in investments indicate that VCs are now turning away from this sector? “At a high level there is a lot of money, which has gone into security, especially into segments that are buzzwords today like intrusions,” says Bharadwaj, “But there are segments that are yet to be addressed. New startups in this space should have the ability to identify an emerging wave of technology and build products around it. Startups essentially start with niche products for a smaller market. But they must be convinced to grow to larger addressable market overtime.” Bharadwaj believes that the acquisition spree isn’t over yet. He predicts that system management vendors like CA, BMC and HP will need to acquire security expertise as security management is an integral part of system management. So one could expect system management firms to acquire security startups during 2003. Deepak Kamra, General Partner at Canaan Partners, which had invested in Recourse Technologies says, “There will be more acquisitions, simply because there have been so many companies funded by VCs in the security space. They need to go somewhere, and the technologies are of interest to the acquirers. The trick is to be differentiated enough and show enough traction to demand a reasonable valuation.” Kamra too believes that certain segments are over-invested. “But new segments keep popping up. Overall, growth is stronger than in most parts of the IT market, so it is still a relatively attractive area for investment.” Investment Themes According to Bharadwaj, security vendors are limiting the “pyramid of the enterprise” by entering into partnerships and establishing extended partner networks. This, he says, is not a valid way to approach security space. “Startups that look beyond the “pyramid of the enterprise” make an interesting area of investment,” he says. Yet another investment area that he is keen on is startups that offer security implementation based on business policy. Like Bharadwaj, Bhargava sees new themes of investment within the security space. “We see the value of the security moving from protocol layer to the application layer. As this happens, products built for lower layers become commoditized. Investments will flow into companies focused on application stack.”