The Takeaway: A Q&A With Sara Napolitano on Why All Eyes Are on Cybersecurity in 2024
How is the cybersecurity sector performing, and what has this meant for deal activity?
Over the past year, the cybersecurity sector has continued to perform well, with specialist providers recording an increase of more than 20% in organic growth rates, which is a contrast to the slowdown experienced in other areas of the technology world.
One notable theme in the near future will be the emergence of multi-country cybersecurity specialists, driven by an increasing requirement to tackle cross-border threats. Those focusing solely on domestic coverage will likely limit their ability to attract top talents and secure large contracts. Moreover, cyber consulting firms and system integrators are increasingly looking to add managed security services capabilities to address the growing complexity of their clients’ digital and operational environments.
It is partly due to these factors that we expect to see greater consolidation within the cybersecurity industry. This, combined with the nascent nature of the sector, means it is highly attractive to private equity investors. Additionally, the sector’s business model—and particularly managed services and security operating centre offerings—provides scalability and visibility advantages that resonate with PE investors seeking lucrative opportunities.
Are you seeing any notable trends within the cybersecurity market?
Automation and Generative AI (GenAI) are key, especially when it comes to improving security outcomes. It is highly advantageous for the sector, given their ability to quickly process large amounts of data and automate time-consuming tasks, enabling experts to focus on more strategic work and get the best out of their teams.
GenAI is a fantastic tool to increase scalability and efficiency, which, in turn, leads to cost savings. We’ve also seen the market leverage these technologies to reduce false positives and improve the accuracy of threat detection, leading to better incident response. Given their ability to quickly learn from data, detect patterns, and generate new insights, GenAI models can also play a key role in adapting to emerging threats—including those from GenAI tools themselves.
In addition to AI, we’re also seeing business models continue to evolve as companies look to become one-stop shops. Many businesses that were initially focused on a relatively narrow set of expertise are now adding significantly more capabilities and services. This trend is particularly evident within companies focused on enterprise-level clients and will likely apply to midsized clients, favouring by nature a more integrated and comprehensive approach. Operational technology (OT) security is also a huge upcoming theme that will offer a great reservoir of growth and is still not covered by most specialist cyber players today.
Comparisons are often drawn between the US and European cybersecurity markets, but what are the key differences between them?
The US market is significantly more mature than Europe. This is illustrated by the fact that it is home to 16 of the top 20 cybersecurity firms by market capitalisation, whereas only one is headquartered in Europe, as well as 200 out of the 250 largest managed security service providers (MSSPs) globally.
Overall, cybersecurity companies in Europe tend to be smaller and more specialist. There is also less capital available to support their growth—both from investors and public bodies—when compared to their US counterparts. That said, European cybersecurity businesses grew by more than 10% in 2023, up from 3% growth the year before, so the signs are positive.
What needs to happen in Europe to take the market to the next level?
Consolidation is key and is already underway. The European market is currently fragmented, and this needs to change before it can become as robust as the US. We’re likely to see the emergence of 20 to 30 consolidated cybersecurity platforms across Europe, which will help these businesses become one-stop shops for their clients.
Another important step in strengthening the European market is to ensure offerings are consistent in terms of quality across different regions and countries. While each local team might have a unique speciality, the global nature of cybersecurity means all services must be working in unison on the largest clients, regardless of location, on combating any meaningful threats on a global scale.
There is a tendency to focus only on serving the domestic market, as it is what management teams know best, and domestic markets offer comfortable growth. However, thinking beyond this is key. Management teams with international growth ambitions are likely to win the upcoming consolidation race.
To make all of this happen, it is crucial that European businesses make themselves as attractive as possible to investors. This includes merging with companies of comparable size covering complementary geographies or acquiring smaller competitors abroad.
So, what’s The Takeaway?
Consolidation, internationalisation, platformisation: This is what 2024 will be about—driven by demands for full-service cyber businesses. But 2024 is just the start for Europe, and this will be a far longer-term phenomenon as companies scale. Watch this space.