• Cybersecurity industry is fragmented with many players owning small market share
  • The established industry leaders, such as Symantec and ProofPoint, have been reporting slowing growth rates for the last 4 years
  • M&A activity has been on the rise as larger players are looking to expand product portfolios and drive growth

Gartner forecasts that the security software market generates about $32.1 billion in revenue and growing 10% annually. The overall growth is driven by a combination of established segments maturing (like anti-virus and sandbox) and emerging segments displaying strong traction (such as CDR & security awareness training software).

Fragmented Industry With Many Players

Aside from Microsoft’s security products, which come pre-installed on many Windows systems and cannot
be removed, the remaining cybersecurity vendors are fragmented and account for much smaller pieces of the market.

For example,  the anti-virus market is led by Avast, Eset, Malwarebytes and McAfee, all of which account
for fewer than 20% each.

Figure 1: Anti-Virus Q1 2019 Market Share

Industry Leaders Are Seeing Slowing Growth


As a result of the evolving nature of cybersecurity, the industry leaders are reporting lower growth rates. Their
once cutting edge products are not as effective, thus losing market share to newer, innovative entrants. It’s a game of cat and mouse. The smaller, more nimble companies are able to predict the next wave of cyber attacks and move faster on a potential defense.

Established leaders like Symantec (NASDAQ:SYMC), Proofpoint (NASDAQ:PFPT) and FireEye (NASDAQ:FEYE) have been reporting slower revenue growth for the last 4 years.

Figure 2: Declining Growth for Industry Cybersecurity Leaders 

M&A Activity on Rise as Industry Consolidates  

With slowing organic growth, established cybersecurity companies flush with cash are expanding their product portfolios to add emerging innovative technologies. By consolidating, these larger acquirers are betting that a few of the acquisitions will revive top line growth.


M&A advisor firm IMAP  tracked the volume of cybersecurity deals since 2012 and reported that acquisitions
are on the rise. As seen below, the average number of M&A deals was around 130/year between 2013-2016. In 2017, there were nearly 180 M&A deals announced.

Figure 3: Cybersecurity M&A Volume Jumped in 2017


In addition to the rise in M&A deals, a good number of these acquisitions are over $100 million in price. Hampleton Partners, an M&A advisory firm, charted acquisitions between 2015-2018 that were over $100 million in size.

The cybersecurity industry relies on innovation. It’s not a far reach to expect existing industry leaders to continue the M&A wave as they look to differentiate their offerings, expend pipelines and trigger growth.

The industry’s current landscape, fragmented and consolidating, bodes well for startup players with an innovative approach to future cyber attacks. CyberQuay’s CDR solution is in a sector that experienced more than $100 million in the form of M&A and investment during 2018.