There's been no better magic word than "cybersecurity" to crack open technology investors' wallets.
Corporate executives feared their companies could be the next victim of embarrassing digital incursions like the ones at Target, Sony and the U.S. Office of Personnel Management, so they earmarked big budgets for technology defenses. The rising tide of cyberattacks lifted all the companies selling cyber life preservers.
But now the cybersecurity industry has reached a critical crossroads. The industry's relative newcomers such as FireEye and Bromium are under pressure to prove they can be lasting winners or sell out as the fragmented industry gives way to consolidation. Members of the computer security old guard including Symantec, meanwhile, are scrambling to remake themselves and reduce reliance on technologies like antivirus software that are out of step with modern hacking threats.
Both trends have spurred a flurry of sale activity, both realized and potential. This month, the private equity owners of security firm Blue Coat sold the company on the eve of an IPO at a price that roughly doubled their money. Intel is pursuing a sale of its security division former known as McAfee, the Financial Times reported Monday. One of the most well publicized of the new crop of cybersecurity startups, FireEye, has fielded takeover offers, according to Bloomberg News.
This flurry is a sign the cybersecurity mania has peaked. If Intel sells McAfee at roughly the same price it paid six years ago -- a possibility floated by the FT -- the chip maker must be hoping it can ditch the onetime computer-security pioneer before the cybersecurity bubble completely deflates.
For a time, though, the money flowed nearly indiscriminately in the hunt for solutions to increasingly sophisticated cyberattacks. Investments in private cybersecruity startups tripled over five years, from $1.1 billion in 2011 to $3.8 billion in 2015, according to research firm CB Insights.
Members of the cybersecurity youth movement such as FireEye, Tanium and Skybox Security appealed to investors and customers because they took a different approach to dueling the cyber bad guys. The newer philosophy is that it's nearly impossible to prevent wily attackers from breaching corporate computing networks, as antivirus software sought to do for years. Instead, the younger companies emphasize technology that can quickly identify where the breaches are and limit the damage before it spreads to essential corporate information and causes Sony-level havoc.
But it got tough to tell the legitimate technologies from similar-sounding pitches made by "me too" types. Investors have started to rethink their indiscriminate bets.
At a recent Bloomberg technology conference, Roelof Botha, a partner at prominent Silicon Valley investment firm Sequoia, lamented the excessive hype and funding of young cybersecurity firms. "It's an area where there are just too many companies, too many niche products that don't deserve to be standalone companies," he said.
He compared cybersecurity to the markets for disk drives and e-commerce, both onetime fragmented industries where only a handful of companies thrived. (Not all panelists at the Bloomberg conference agreed with Botha's pessimism.)
In the public markets, cybersecurity is showing signs of strain. An index of cybersecurity companies has declined about 18 percent in the last year, according to Bloomberg data, compared with a 3 percent decline for the S&P 500. Dell had a tough time selling investors on the IPO of its cybersecurity spinoff, SecureWorks, although the firm's lack of profits may be the biggest factor in its market struggles. FireEye has shed about 81 percent of its stock market value since its peak of more than $13 billion in early 2014.
This is the stark new reality for cybersecurity firms: Companies with last-generation technology such as Blue Coat will flip to new owners who are happy for steady cash flow but no hyperbolic growth. Members of the new guard will need to grit their teeth and sell to Cisco, IBM or other tech industry consolidators -- and maybe accept prices below their lofty peaks. Hackers aren't going away, and companies still need to fight off cyberattacks. But for the cybersecurity industry, the moment of reckoning is here.
This column does not necessarily reflect the opinion of Bloomberg LP and its owners.
To contact the author of this story:
Shira Ovide in New York at email@example.com
To contact the editor responsible for this story:
Daniel Niemi at firstname.lastname@example.org