A new version of ransomware swept the globe last week, affecting hundreds of thousands of users in more than 150 countries. Ransomware is malicious software (“malware”) that locks up a computer’s files and, in order to get access to them again, users must pay the hackers. Typically, that payment is made with untraceable Bitcoins. Ransomware has been around for decades, with the first documented outbreak happening in 1989.
Ransomware is typically spread either by a user clicking on a link to a website that then installs the malware on the user’s computer or when a user opens an attachment to an email that contains the malware. Once the malware installs itself, a screen will come up that gives the user instructions on how to retrieve their files by making a payment. Otherwise, the files will remain encrypted and inaccessible forever.
The latest attack, dubbed WannaCry or WannaCrypt, presented a new variation. While the initial attack vector was a malicious web link, once inside an organization, WannaCry spread wormlike via the organization’s network and infected additional computers in the environment. This behavior is what enabled this malware to impact more than 300,000 systems in a few days with systems withinthe National Health Service of the U.K., ATMs in China, Germany’s national railway Deutsche Bahn, the Interior Ministry in Russia and FedEx in the U.S. As of this past Sunday, WannaCry registers as the largest global ransom attack in internet history.
WannaCry has brought cybersecurity to the forefront of media attention. It is a wakeup call for all businesses to focus efforts on protecting their networks and data as the world becomes increasingly dependent on technology. We are now living in a new age of cyberterrorism and the worst is yet to come. The successful execution of Friday’s attack will draw the attention of WannaCry ransomware imitators to develop similar malware and carry out similar attacks.
The event also highlights the fact that cybersecurity is one of the fastest growing and largest technology sectors. In 2004, the global cybersecurity market was valued at $3.5 billion. By the end of this year, the market is estimated to be worth at least 35x that amount, according to numerous market researchers and analysts. Numbers will continue to grow as cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. There will be 1.5 million cybersecurity job openings by 2019, up from 1 million in 2016, and by 2019, the demand for cybersecurity professionals will increase to approximately 6 million jobs globally.
What does this mean for the M&A market? Cybersecurity incidents have been growing at a rapid pace, with a compound annual growth rate of 60% since 2009. The total number of incidents has been growing even despite increased spending on security and technology services. This increasing threat has led to a subsequent rise in demand for cybersecurity, specifically more effective cybersecurity solutions. As a result, cybersecurity valuations have hit a 4 year high in 2016 at 5.9x revenue.
Disruption, thanks to newer and more advanced technologies, leads to an innate need to stay on top of trends and consequently, a rise in M&A as companies seek to acquire stronger footholds in the market. The cybersecurity market is currently attracting investment from various types of companies including IT companies, defense contractors, technology businesses, professional services firms, telecommunications firms and a variety of financial investors. This convergence is driving innovation in the market as companies look to consolidate in order to strengthen their platform and service the growing demand caused by the increasing number of cyber-attacks.
Additionally, given the speed with which hackers change their tactics, it is imperative that organizations assess any target they are looking to acquire to ensure they are not potentially acquiring a firm with an inadequate cybersecurity program. The integration of an acquired firm into the buyer’s IT environment could compromise the buyer’s systems even if they are properly maintained. It is also a possibility that a firm’s true value could be impacted by inadequate security or could require substantial investment in order to become sufficiently secure.
Enterprises are increasingly contracting cybersecurity companies to assist them with securing their environment. In the wake of WannaCry, CrowdStrike announced a $100M US Series D with an enterprise value of $1B US. There has been a tremendous amount of activity in the space, and it will only accelerate as vendors look to consolidate their product portfolios. In essence, the need for innovation coupled with an increasing awareness of cybersecurity risks (motivated by the WannaCry outbreak) will continue to drive M&A activity for years to come.
To learn more, you can download the Cybersecurity Industry Report by the ONEtoONE office in New York here: