Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • So Your Security Vendor’s Been Acquired
June 24, 2022

So Your Security Vendor’s Been Acquired

Tuesday, 25 February 2020 / Published in Blog

So Your Security Vendor’s Been Acquired

How-to-Address-Cybersecurity, So Your Security Vendor’s Been Acquired

How to Address Cybersecurity M&A in Your Security Environment

The role of cybersecurity and the overall importance of ensuring CISOs have a seat at the table for the acquisition process in its entirety is well documented; the value of data and the complexity of IT/IT security environments in today’s enterprises mean information security is a critical component of the traditional due diligence process in a deal, particularly due to the rate at which new threats can arrive. And, according to enterprise CISOs, 2020 is already set to be a landmark year for industry consolidation.

Cybersecurity M&A and industry consolidation is already underway

Twenty-nineteen was a busy year for deals in the security space; larger players snapped up smaller ones to expand their portfolios. VMware’s acquisition of Carbon Black and its recent purchase of Nyansa are good examples, as well as Broadcom’s acquisition of Symantec, and Palo Alto Networks’ purchase of Demisto. And, given the immense proportions of point tools that declutter organizations’ security environments, there is certainly the demand and the need for more unions.

Despite the benefits decluttered environments bring, the process of removing or updating tools that have been consolidated can be a challenge.

“We’ll have fewer vendors in 2020 because they’ll get consolidated away, so you must prepare for that,” Marc French, CISO & managing director of product security group, predicted. “If you had seven vendors, you could be down to three, and you have to be prepared for the projects you had planned that should be restructured due to market moves. Also, due to platform companies that offer endpoint solutions or other tools as a package, I predict organizations will end up with a handful of single-platform solution providers running the bulk of your security protection environment.”

“New companies are emerging like water from a fountain, and the rate of new startups isn’t likely to slow down at all,” according to Sam Curry, CSO at Cybereason. He argued, “The incentive is present for startups to dream about growing and getting acquired. This will all continue in 2020, and while no one is throwing out their SIEM or their antivirus, the industry is likely to see the brands that have dominated it for 20 years fade and a new crop of midsize companies emerge in a healthy rejuvenation of the industry.”

If new, midsize companies are expected to arrive on the scene this year, the implication is that customers must prepare now as well.

Assessing the impact of security vendor acquisition on your business

While the onus is on the newly-acquired company to provide future plans and timelines on its products and/or services deployed in your environments, CISOs can look to conduct their own reconnaissance to ensure business continuity.

  1. If your vendor has not yet communicated future plans and timelines after an acquisition has been announced, reach out and explore the possibility of having a meaningful conversation about changes that may impact your business – for example, will your product or platform be enhanced? How can you reach an understanding about the future product roadmap? Additionally, the acquiring company will want to keep existing business, making it likely there will be official communications about the deal that include product roadmaps.
  2. Review SLAs and contracts to understand the scope of service, because upon renewal, the new entity will likely want to institute new contracts, perhaps a new pricing structure, or another change that will impact SLAs.
  3. Conduct an audit of the security vendor’s performance – does it adhere to the SLA, and is it a mission-critical tool?
  4. Reflect on the goal of the acquisition; if the acquiring company purports to add value to existing customers by improving on existing products and broadening in other areas, the move may be a positive one. If, however, the deal was made as a cost-cutting measure, it will be prudent to review contracts and discuss future plans as soon as possible.
  5. Related to this, review whether the new vendor’s solution will be an add-on to its existing product suite, or if it is likely to be a multi-solution platform.

When using any third-party tool in your environment – security-related or otherwise – there’s risk involved.

“If you’re a customer who has selected an early-stage vendor for your security environment, you know there’s a chance they won’t be there tomorrow,” said Kristyn Ulrich, VP of corporate development at Mimecast. “You use the tool or service because it meets your business needs, and you hope that if they go public or get acquired, the terms and conditions that impact your business will protect you for the length of the contract.”

At the same time, more established cybersecurity companies can be a target for disruption acquisition if they fail to evolve with the changing landscape.

According to Chris­tina Van Houten, chief strategy officer at Mimecast, most companies use M&A to buy growth and revenue. But there should be greater value placed on the relationship well before the transaction takes place, using regular strategy discussions, participation and presentation in each other’s offsites, conferences, and customer accounts.

“All these different ways of getting to know the people, the product and the company overall are important,” Van Houten said. “It’s not about getting through the transac­tion; it’s about giving customers value and becoming a better company.”

Looking ahead to 2020 and 2021, Ulrich believes the cybersecurity market will continue to grow rapidly due to the nature of new threats, which opens the door for more security startups and point tool vendors. She added, “As we see the types of valuations that these firms will get as deal making heats up this year, it entices new companies to enter the market. There is a point at which any mature market reaches the peak of its consolidation, and growth rates tend to taper off. I don’t think we’re there yet, and the threats are so vast that it is hard to see that happening anytime soon.”

What you can read next

Best Practices to Block Ransomware Attacks,sophos_ransomware
Best Practices to Block Ransomware Attacks
increase in malware attacks
Why Ransomware Attacks Are On The Rise
pavilion newsletter logo image
IT’s About Time…for our Spring Newsletter

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP