Chris Metinko | August 17, 2018

Cybersecurity Training Sees Flood Of M&A

As seen on Forbes...

While cybersecurity remains popular with investors, one of its many subsectors — awareness training for employees — has witnessed an avalanche of deal-making and investment in the last year, and those in the space are not anticipating a break.

Companies specializing in cybersecurity awareness training help train employees about phishing as well as provide alerts that help IT departments manage phishing threats and more. Chief information security officers have spent millions of dollars on high-priced security solutions, but are now just starting to realize they have not addressed the weakest link — the human element, says Tyler Winkler, CEO at MediaPRO, a cybersecurity training company.

An estimated 90% of organizations have seen phishing attacks increase through the last year, but only about 11% say they continuously train employees on how to spot cyberattacks, according to Ed Jennings, COO at Lexington, Massachusetts-based Mimecast.

That promise has already led to significant deal-making.

In February, Proofpoint acquired Pittsburgh-based Wombat Security Technologies for $225 million in cash. That same month, Leesburg, Virginia-based PhishMe — which offers awareness training —agreed to a $400 million sale to private equity groups BlackRock and Pamplona Capital Management, and subsequently rebranded as Cofense. In July, Mimecast acquired Bethesda, Maryland-based Ataata, also in the training sector.

In addition to those deals, there have been investments. Tampa Bay, Florida-based KnowBe4 received a $30 million investment from Goldman Sachs Growth Equity (GS Growth) and venture firm Elephant in October, and has subsequently made three acquisitions to grow its training platform. Then in June, Bothell, Washington-based MediaPro secured a majority growth equity investment from Frontier Capital. While the amount of the investment was not disclosed, CEO Tyler Winkler agrees it was between the $15 million and $75 million Frontier lists as its investment criteria.

Private equity has shown the most interest in the space thus far, notes KnowBe4’s Sjouwerman.

With the acquisition of Ataata, the number of independent companies in the space that are not private equity-backed are shrinking.

But strategics looking to enter the space could still include large technology giants like Cisco Systems, Microsoft, IBM, Sophos, Trend Micro, Proofpoint and Symantec, say the executives.

“There is an interest, and I don’t think it’s going away,” says Winkler.

 Read this article on Forbes