January 6, 2014

One M&A trend we expect to enjoy continued momentum in 2014 is the robust appetite for cyber-security (such as threat protection and cyber-response) and analytics firms on the part of the entire data ecosystem: from the large, integrated players (such as IBM) through to specialist service providers in the cloud computing and data centre world.

We believe that this is the result of two newsworthy events of 2013: aggressive electronic espionage against corporations on the part of certain Asian governments and Mr Edward Snowden and his revelations of widespread electronic spying by the U.S. NSA (National Security Agency).

It is perhaps easy to forget that, prior to Mr Snowden’s series of revelations, President Obama had decided to forcefully challenge China over accusations of widespread electronic attacks led by the “2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department”. This group, publicly carrying the name (Orwellian or simply non-descript?) of “Unit 61398”, was exposed by a U.S. corporation called Mandiant as having been responsible for over 40 Malware families and economic espionage against a broad array of corporations (141 were identified in the survey). Mandiant’s map of the threat landscape, and China’s extensive economic electronic attack infrastructure, made the front page of the New York Times.

Cheverny learnt from cyber-security executives in Silicon Valley that corporate America, in particular the largest and leading names in high technology, had begun to partner with the NSA to respond to this, and other, cyber-attacks. M&A strategies were being designed around acquiring certain capabilities whilst depending on the U.S. security apparatus for other resources.

Mr Snowden’s revelations that the NSA and related agencies were engaged in gathering of meta-data of mobile telephone calls, emails and social media linkages on an impressively vast scale upended this growing collaboration.

U.S. technology and telecoms companies (indeed U.S. companies generally) came to realise – through the vociferous reactions of individuals, corporate customers and governments around the world – that perceptions of aiding or abetting U.S. electronic espionage would be potentially toxic for their global businesses. Silicon Valley security executives now describe a context wherein corporate/government collaboration on cyber-security is much-reduced and corporations building and managing security solutions for customers are much more in a do-it-yourself mindset. We expect M&A activity to reflect this.

The $1 billion ($900 million in shares and $106 million in cash) purchase of Mandiant by Fireye signposts the trend. Announced on 4th January 2014, the proposed transaction seeks to marry Fireye’s solutions to protect against cyber-attacks with Mandiant’s ability to respond to cyber-espionage.

Reaction to the deal varied, with a strong trend in the trade press asking “why such a lofty price” and institutional investors loudly applauding it.

Indeed to describe the stock market’s reaction as enthusiastic might be to understate it. Fireye’s market capitalisation leapt $1.6 billion on the news (on a sleepy post-Christmas Friday with many traders away from their desks the share price climbed 33% from $43 to $57): a sharp contrast to the normal penalty exacted on an acquirer for paying a premium and taking on the risks of integrating a big deal (this is closer to a merger than a takeover). Note that FireEye only went public in September and that its shares have been very strong performers.

Fireye had $158 million of revenue in 2013, and had provided the Street with guidance (pre-Mandiant) of $250 million in revenue in 2014. Combined guidance for FireEye and Mandiant is $410 million. The market has clearly judged that a multiple of 6x forward Mandiant revenues + synergies (10x trailing revenues) may, given the strategic and industrial logic of the deal, be absolutely reasonable. FireEye broadens from threat protection to threat response, and the deal offers the potential to start building product revenues on top of the services-rich sales mix of Mandiant.

We expect further deals in the sector as firms offering large integrated software suites (IBM), providers of software defined data centre technology, and major online service providers (Google) move to build cyber-armouries. The multiples established by FireEye may well soon be surpassed.

FireEye/Mandiant may also remind some of the recent crop of technology IPOs that going public gave them an acquisition currency. Amongst the firms to recently secure a stock market listing, and thereafter perpetuate a rich multiple, a great many have shunned M&A (Tableau Software being an example and Workday another) whilst others have kept their M&A ambitions modest (ServiceNow and Splunk being two members of this brigade).

Note: Manidant hired an independent M&A advisory firm for this transaction.