Download PDF


The cybersecurity market has undergone major changes over the past decades. With the increased digitalization of companies, the importance of data has become critical. “Data is the new gold” wrote Sandro Shubladze (Forbes author) in March 2023, referring to the growing importance that data has in the modern society where we live. For this reason, as history teaches us, when an object or tool becomes very valuable, the number of malefactors who try to profit by expropriating these assets from their rightful owners also increases. To the rescue of companies and individuals comes cybersecurity, i.e., the system with which a given entity protects itself from lack of data or hacker attacks. In recent years, the Technology, Media, and Telecommunications (TMT) sector has seen significant growth due to various drivers, the biggest catalyst being the pandemic.

According to an Accenture report released this year, an interview of 3,000 executives from 15 industries and 14 different countries revealed that more than a quarter of companies are beginning to recognize the vital importance of cybersecurity within their operations. This study could have practical relevance in the consolidation market, leading to more deals aimed at the cybersecurity sector. Tech companies with large customer bases and long histories need to expand their product offerings and therefore will find opportunities in the area where revenues could quickly shift, namely cybersecurity.

At the same time, the benefits of cybersecurity are also present in other fields. Sufficient empirical evidence has been found in the correlation between companies that are increasing their level of cybersecurity and the level of effectiveness of digital transformation, resulting in 6X compared to other companies.

Source: LSEG, Sep 2023

Looking at the data on deals closed in the software sector, 2021 was the year with the highest value of deals closed, worth almost $500bn. Currently, the global M&A market is plagued by a downturn, caused by various factors including (1) rising interest rates, (2) uncertainty in global markets, (3) high inflation, and thus the software and cybersecurity market has also been largely affected. The M&A market for tech companies may be at a turning point, considering the significant drop recorded in the first 8 months of 2023, recording a 61% drop compared to the previous year. Also, valuations tend to be historically low for software companies. The trailing 12M EV/Revenue multiple is 5.8 times, compared to an 8-year-historical multiple of 7 times (excluding the temporary impact of COVID-19 in early 2020). Therefore, summing up all the considerations both from a financial and business perspective, it is plausible to expect an increase in M&A deals in the software industry.

French Cybersecurity Industry

Among the various global markets, the French market offers an interesting example of cybersecurity implementation. Historically, the French industrial fabric has never been at the forefront of technology and cybersecurity. However, the increasing interconnection of machines, networks and systems brought about by the new industrial revolution has made French companies extremely vulnerable to an increasing number of cyber-attacks.

Recent data published by France’s Direction Générale des Entreprises (DGE) and a study by Check Point Research indicate a significant increase in cyber-attacks, with a 26% increase in 2022 alone compared to the previous year. The estimated annual cost of cybercrime globally is around $1tn in 2021, affecting all sectors. Although it is impossible to achieve 100 percent effective security, software companies are working to create complex computer systems that deter cybercriminals. Some sectors, such as defense, have recognized the importance of cybersecurity from the earliest beginnings and implemented it in their daily operations.

Major industrial players could take a leading role in the trend towards greater cybersecurity, especially to protect the upstream supply chain, thus having demands on suppliers. In general, the increasing interconnectivity of industries has exposed them to cybersecurity risks and efforts to protect the entire ecosystem are essential, with a focus on the value chain.

Thales Group [EPA: HO] is a French multinational group operating in the tech industry. Despite being a “societè anonyme” – a French public limited company – with its board of directors, the relationship with the government is highly significant. In fact, the composition of the board is governed by the shareholders’ agreement between its two main shareholders: the public sector (i.e., French Government) and the industrial partner Dassault Aviation [EPA:AM].

The company recently got increasing attention after its CEO Patrice Caine stated that “Thales is interested in pursuing new inorganic growth solutions” by acquiring smaller companies in the various segments in which the company operates. Thales has recently completed one relevant acquisition, by closing a $3.6bn deal for Imperva, with an EV/Revenue multiple of 6.1 times. Imperva is a US-based company operating in the cybersecurity industry and Thales estimates to obtain $110m pre-tax synergies, including $50m of cost saving and $60m linked to revenue opportunities. The acquisition is Thales’ biggest since it bought digital identity company Gemalto in 2019 for $5.6bn. Thales said the deal would close in 2024 subject to approvals and did not anticipate significant hurdles.

This latest acquisition was seen by the market as a clear intention of Thales to focus on the cybersecurity market for years to come. Indeed, the company has been steadily expanding its cybersecurity activities, intending to reach €2.5bn in sales by the end of 2024, according to the latest investor relations. Thales plans to maintain shareholder returns in terms of dividends and buybacks and is divesting a business to Japan’s Hitachi for €1.6bn to help manage its leverage to focus on new deals.

Also, it is important to mention the close relationship that Thales has with governmental agencies, such as National and European space agencies. Thales helps to ensure the security of satellite systems, in particular Europe’s Galileo satellite navigation program. Therefore, its close relationship with the government may help fuel further research in R&D, thus leading to higher consolidation to become a superpower in the European cybersecurity space.

Cisco’s History

Cisco Systems [NASDAQ: CSCO] was founded in December 1984, by Sandy Lerner and her husband, Leonard Bosack, who were overseeing computer facilities at Stanford University – they both contributed to the pioneering idea of using local area networks (LANs) to interconnect multiple computers. As a matter of fact, the company’s original product, Cisco IOS, was an adaptation of Stanford’s research engineer William Yeager’s “Blue Box.” However, due to this, in 1986 both Bosack and Lerner were forced to resign from their roles at Stanford and risked facing charges for the alleged theft of software and hardware designs. Cisco’s business, though, fared much better than its founders’ Stanford careers. Despite not being the one to pioneer dedicated network nodes, it was among the first companies to achieve commercial success with routers that could support multiple network protocols. It went public in 1990, with a $224m market capitalization, reaching a peak of $500bn during the height of the dot-com bubble in 2000 – surpassing even Microsoft as the world’s most valuable company at the time. To put things in perspective, Cisco’s current market capitalization is approximately $215bn.

Over the years, Cisco has expanded across various sectors to reduce its reliance on traditional network equipment, which has recently faced the challenges of supply chain disruptions and a post-pandemic slowdown in demand. The company currently offers a wide range of IT products and services spanning five major technology domains: Networking (Ethernet, optical, wireless, and mobility solutions), Security, Collaboration (comprising voice, video, and data solutions), Data Center, and the Internet of Things. Networking technologies, both hardware and software, still constitute the primary source of revenue – in the last reported quarter they accounted for more than 50% of proceeds. Conversely, Cisco’s security offerings contribute a smaller share, approximately 6%, to its overall revenue. Leading this product category, Duo and Cisco Umbrella, are derived from prior acquisitions.

As a matter of fact, Cisco has adopted a strategy of continuous M&A activity to fuel its business growth, having acquired over 240 companies since its inception. However, with the recent announcement of the $28bn acquisition of cybersecurity company Splunk [NASDAQ: SPLK], this would be the largest one to date. They have typically served the purposes of market acceleration, market expansion and entry into new markets; whatever their purpose though, Cisco emphasizes the importance of their effective systems of integration as a key component to the success of this approach.

Operating as a global technology firm that is active across multiple sectors, Cisco faces a diverse landscape of competitors. For its networking business, Juniper Networks [NYSE: JNPR] and Aruba Networks stand out as the most direct competitors – examining market shares in ‘enterprise network infrastructure’ Cisco does still redeem a consistent 40% figure. In the sphere of collaboration and communication, however, its largest competitors are Microsoft [NASDAQ: MSFT], counting on Microsoft Teams and Skype for Business, as well as Zoom [NASDAQ: ZM]. Lastly, for what concerns the security sector it mainly competes with Palo Alto Network [NASDAQ: PANW]’s firewall and cybersecurity solutions, as well as Fortinet’s [NASDAQ: FTNT].

Splunk’s History

Founded in 2004, Splunk’s business can be largely described as a “Google for machine data”, for its innovative concept of developing a search engine capable of going through all the data generated by servers, network switches and other devices. The company’s name is no coincidence, as “Splunk” is a clever play on the term “spelunking”. On a more concrete basis, it provides software that allows organizations to search, monitor, and analyse in real time data sourced from different origins. The company has recently undergone a significant shift in its business model, from a perpetual license structure to a subscription-based model. This transition initially resulted in negative free cash flow because of the change to an annual invoicing system in 2019. However, as the company is now nearing the conclusion of this phase, it went back to generating positive free cash flow for the first time in 2022. Crucially though, a Cisco’s spokesperson stated that the $4bn in annual recurring revenue that Splunk would bring from its subscriptions was a key driver behind the acquisition deal. Another recent cause of concern for Splunk’s investors, the company’s former CEO Doug Merritt stepped down in late-2021 following several disappointing quarterly results.

The company went public with an IPO in April 2012, registering an incredibly successful first day of trading with shares gaining 108.7% from the offer price of $17-per-share. It raised over $264m, at a market value of just above $3bn. At the time, Splunk was yet to make any profit – with losses of $11m in 2011 and $3.8m the year before – due to heavy investments in its growth; it showed, however, rapidly increasing revenue (+83% the year preceding the IPO). Its stock prices have since increased significantly, peaking at $223 in September 2020, before the downward trend seen up until the end of 2022 – prior to the acquisition announcement they were trading at around $120.

In recent years, when the company experienced a decrease in profitability and share price, Splunk was the target of various activist investors and private equity funds. In June 2021, the company announced an investment of $1bn in senior convertible notes by the tech-focused PE firm Silver Lake. The objective of the investment has been to support Splunk in concluding its transition to a subscription model, as well as for completing a share repurchase program. The implied conversion price was $160, a 30% premium to the average closing price in the days prior to the announcement, and the maturity was set in 2026 with an accrued annual interest of 0.75%. A part of the deal was for Kenneth Hao, the Chairman and Managing Partner of Silver Lake, to gain a seat on Splunk’s board of directors.

About ten months later, in March 2022, the PE firm Hellman & Friedman communicated a 7.5% stake in the company for $1.38bn, equivalent to $116 per share. The involvement began in mid-late December, the period when Splunk’s shares took a hit due to the resignation of its former CEO and was solidified by the board seat granted to David Tunnell – Hellman & Friedman’s partner and a member of its investment committee.
Lastly, in October of last year, the activist fund Starboard Value disclosed the acquisition of a 5% ownership stake. Splunk fit the profile of the fund’s investment targets, having a strong top-line growth with a good market positioning but needing to optimize its margins – additionally, the prior appointment of Gary Steele as CEO seemed to be a measure appreciated by Starboard. Analysing the fund’s comments on the acquired stake, they highlighted the so-called “rule of 40”: mainly used for large software companies, it states that growth rate plus profit (usually EBITDA) margin should exceed 40%. With this composed measure, it is ideally possible to capture the trade-off between investing in growth and short-term profitability. At the time of Starboard Value’s strategic investment in Splunk, the company was operating with a growth rate of 17% and an operating margin of 11%, thus giving it a combined score of 28, notably below the peer median of 47. The thesis was that Splunk’s operating margins could significantly increase (median peers value was 26%), and that achieving this result may potentially double its valuation.

Looking back at these investments, there seems to be some common ground in their rationales. First, Splunk’s strategic transition towards a subscription-based business model – a much preferred business model by investors, for its revenue stream predictability. At the same time, issues like profitability declines, operational inefficiencies, and the CEO’s departure created an opening for activist investors and private equity firms to step in at a discount, while leveraging their expertise. All these factors added to Splunk’s good positioning in a fast-growing industry such as that of cybersecurity.

The Acquisition

Cisco’s acquisition of Splunk would mark the company’s biggest acquisition yet at a whopping $28bn valuation. The agreement includes a $157 per share value which comes at a 31% premium to Splunk’s closing share price. Last quarter’s performance was extremely strong on Splunk’s behalf showcasing an annual recurring revenue increase of $3.9bn which is a 16% increase relative to last year. The quarter saw revenue beating analysts’ expectations, coming in at $910m. The deal comes at a time where Cisco hopes to boost its gross margin within the year that the deal is hoped to close. Cisco executives have stated that they hope the acquisition will be cash flow positive and will be finalised by the 3rd quarter of 2024. Through this acquisition, financial sponsors Hellman & Friedman and activist fund Starboard value have garnered strong returns from their initial investments. In 2022, Hellman & Friedman acquired a 7.5% stake in Splunk for $1.38bn, which at $116 per share value means a 35% return on investment with regards to the agreed upon purchase price.

Silver Lake is expected to approximately break-even due to their 2021 convertible bond of $160 per share, factoring in a customary make-whole provision upon deal closing in 2024, which should result in a small profit. Hellman & Friedman’s investment, instead, should grant a 35% return. Finally, Starboard Value should have had purchased its stake at around the mid-$80s per share; with its most recent disclosure indicating a remaining 2.46% stake as of the end of June, its current position should be worth $628m with an estimated 85% increase in price per share – the exact number of Splunk’s shares bought and sold by the fund before the announcement, though, remains undisclosed.

Another interesting point regarding the deal includes CEO stock offloading. As stated by Bloomberg Journalist Matt Levine:

“One thing that happens a lot is that the chief executive officer of a public company sells a bunch of stock, and then the company announces bad news the next week, and people are like “hmm suspicious timing!” Often, when this happens, the CEO points out that she did not decide to sell the stock with that fortuitous timing: Ages ago, she had set up a Rule 10b5-1 plan that would automatically sell some stock at particular times or prices, and it just so happened that the automatic 10b5-1 plan sold stock at a fortuitous time.”

In this particular transaction an interesting point was that the two companies had discussed a merger in the past, and when the deal had not gone through – Cisco stock fell nearly 4% while Splunk shares jumped 20%. Recently, Splunk’s CEO disclosed the sale of 9,600 shares at a mean price of $120.08 through a 10b5-1 plan. Although he probably knew the merger would have raised the stock price, Gary Steele went ahead and stayed true to his plan by selling his stock.

Where we see the Cybersecurity Market going

Another question raised by this deal; is how it positions Cisco in the broader Cybersecurity landscape. The global cyber security market was valued at $153.7bn in 2022 and is projected to grow to $172.3bn in 2023 and eventually reach $425bn in 2030. The projected compounded annual growth rate of the cybersecurity industry is 13.8%, which signifies a fast-growing industry with room for growth, particularly thanks to the AI revolution. A major driving force within the cyber security sphere is the increased frequency and sophistication of cyber threats and the growing importance of digital security. According to an IBM Institute report, the average total cost per data breach in 2022 was $4.35 million on a global scale. The U.S. breaches were the most expensive at $9.44 million. Partly due to the shift to remote work, the sub sector of cybersecurity that is estimated to grow the most is the section of cloud-based security products. Cisco is one of the market leaders within this vertical and is hoping to benefit from its growth within the larger market. According to a report by “MarketsandMarkets”, the cloud security market is anticipated to grow from $40.8 billion in 2022 to $77.5 billion by 2026. A report done by ESG global research found that in 2023, 52% of organizations are increasing their spending on IT, while 65% of the organizations had plans to increase spending. The strategic acquisition of Splunk has the potential to be fruitful in the broader market as companies plan on upping their investment into cybersecurity.

Lastly, due to Lina Kahn’s crusade as chairperson of the Federal Trade Commission, several concerns amongst technology giants such as Amazon [NASDAQ: AMZN] and other large companies like JetBlue [NASDAQ: JBLU] have arised. The transaction is likely to capture the attention of antitrust regulators in the US capital who have been critical of large deals, particularly in the tech sector. Any in-depth scrutiny by competition watchdogs could slow down the process of completing the transaction and slow down Cisco in their quest to gain market share in an ever-growing sector.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *