Increasingly, physical security integrators have a role to play in helping end users protect their digital assets. Here’s how to capitalize on companies moving cybersecurity requirements to the forefront of budgeting and planning discussions.
As the physical and digital world become ever more interconnected, threats from bad actors have become more sophisticated, complex and impactful.
Practitioners in the security industry must remain aware of the development in both the physical and digital segments of the sector to continuously stay ahead of the ever-evolving threats.
Company boards and C-suites have never been more focused on security as incidents become more public, and costs and consequences become more severe. The industry continues to grow quickly as companies have come to realize they can’t afford to under-invest in security.
Publicity surrounding recent large-scale security breaches such as the customer data loss at T-Mobile in August 2021, and the resulting impacts have forced organizations to move security requirements to the forefront of budgeting and planning discussions.
The rapid evolution of threats in the cybersecurity space has nations, governments and companies scrambling to increase investment in this critical area, driving strong innovation, growth and activity in the industry. In an effort to stay ahead of the increasing sophistication of hackers, large security providers will acquire innovative and effective companies and solutions, which they can rapidly deploy to protect their customer base from the latest threats.
Ahead, we’ll take a closer look at trends, threat vectors, ongoing challenges and more, with an eye on services expansion possibilities for physical security systems integrators. An overview is also provided of recent M&A activity in the cyber and physical security realms that further sheds light on marketplace dynamism.
Surging Sector Growth
As companies continue to realize the need for increased physical and cybersecurity, both sides of the industry continue to expand. The physical security market is expected to grow from $102.7 billion in 2021 to $140 billion in 2026 or a CAGR of 6.4% (MarketsandMarkets), led by industry behemoths such as ADT and Honeywell that are investing heavily in the crossover of physical and digital security.
As digitally connected physical security products such as video surveillance and remote access systems continue to be exploited by cyber criminals, the convergence of the two segments of the security market will continue.
The cybersecurity market is one of the fastest growing industry verticals in the world, projected to grow from a value of $180 billion in 2021 to $270 billion in 2026, with five-year spending forecasts at both the government and enterprise level expected to exceed $1 trillion.
The rapid evolution of technology has provided continuous opportunity for small companies with innovative cybersecurity solutions to grow rapidly and make a large impact on the market, as large corporations and governments continue to spend more on the most effective solutions available.
As the world recovers from the worst of the COVID-19 pandemic, the impacts on the security industry remain lasting and likely irreversible. The drastic increase in employees working remotely across many industries has had a meaningful impact on the way the corporate world works, connects and utilizes networks.
As more tablets, phones, cameras, access control systems and alarms are connected to the Internet, the need for increased cybersecurity becomes heightened.
As seen by security integrators, without proper cybersecurity, attackers may access a company’s network via its online security system to access company secrets, intellectual property and data.
Consequently, the ability to bring both traditional physical security and cybersecurity capabilities for customers’ benefit is becoming a requisite skillset for today’s systems integrators. These security solution providers must evolve their internal capabilities or partner with cybersecurity providers to create a compelling customer value proposition in today’s rapidly changing environment.
Those companies able to keep pace and provide more automated and better integrated security solutions can rapidly build enterprise value and command premium valuations from acquirers. Leading providers of physical security solutions are addressing the convergence of physical security and cybersecurity.
Notable examples of companies embracing this opportunity are ADT, Convergint Technologies and Converged Security Solutions.
MSSP Market Expansion
As remote work has become more prevalent and the Internet of Things (IoT) continues to grow, the number of interconnected devices has exploded. Traditional IT departments that were once able to handle the volume of traffic and connectivity by funneling it to a central data center that they could defend the perimeter of are no longer able to due to the demands for increased speed and bandwidth by users of the network.
To enable and protect a network that can handle the bandwidth and interconnectivity demanded by today’s environment IT departments are increasingly utilizing managed security service providers (MSSPs), who deliver 24/7 security and monitoring of the network.
MSSPs often offer a more cost-effective solution than building out in-house IT infrastructure support, especially for small to medium-sized businesses (SMBs). Providers of outsourced real-time threat prevention, network and firewall protection, and data encryptions can optimize operators’ digital business processes.
Based on a study done by Mandiant in 2020, 51% of organizations partially or completely outsourced their network security operations at the time, with an estimate by Kaspersky that up to 70% of organizations will utilize such outsourced IT security in the next 12 months.
Labor market dynamics in the cybersecurity industry have also contributed toward MSSP growth, as the number of unfilled cybersecurity roles stands at 2.7 million, according to a 2021 (ISC)2 report. The shortage of available talent has caused many operators to employ MSSPs, especially among smaller operators that lack the resources to hire full-time IT expertise.
Partnership with MSSPs create an opportunity for traditional security integrators to resell these services to their customers without the requisite investment in a security operations center (SOC). Examples of some of the larger MSSPs include SecureWorks, Verizon and AT&T.
Many emerging and rapidly growing companies also provide managed security services, including Arctic Wolf and Proficio.
Specialized Integration Services
The digitization of operational technology (OT) among critical infrastructure and industrial operators has promoted increased automation, efficiency and data transparency. The continual convergence of IT and OT has driven advancements in industrial control systems (ICS) through the integration of data analytics and machine learning capabilities.
However, it has also broadened the penetrable vectors for cyber criminals to access ICS and supervisory control and data acquisition systems (SCA-DA) with 83% of critical infrastructure companies reporting an OT cybersecurity breach over the past 36 months, according to Skybox Security survey.
Rising geopolitical tensions have contributed toward elevated cybersecurity risks among electricity, oil & gas, mining and public works operators, fostering heightened demand for robust and fully deployable OT and ICS security solutions.
“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” said Secretary of Energy Jennifer M. Granholm in 2021 while announcing a part of the Biden Administration’s effort to safeguard U.S. critical infrastructure.
To combat persistent and sophisticated threats, the U.S. Department of Energy (DOE) launched an initiative to enhance the cybersecurity of electric utilities’ ICS and secure the energy sector supply chain. This 100-day plan — a coordinated effort between DOE, the electricity industry and the Cybersecurity and Infrastructure Security Agency (CISA) — represents swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to U.S. national and economic security.
Industrial and critical infrastructure operators increasingly combat the challenge of improving the security of legacy OT systems that are integrated into modern IT networks. Historically, these operators have lagged sectors such as financial services and healthcare in relation to its allocation of their budget toward security.
In addition, the severe shortage of qualified cybersecurity professionals has stalled OT operators (businesses dependent on ICS and other OT) efforts to construct and improve the security of operating systems.
As a result, out-sourced MSSPs that offer automated and interoperable platforms have attracted increased demand as OT operators look to build resilient operations to prevent and minimize any system disruption caused by a cyber-attack.
System downtime, business disruption and revenue loss are the costliest consequences of a successful cyber-attack, with the average cost of lost business for organizations across all sectors in 2021 amounting to $4.2 million (up from $3.9 million in 2020), according to IBM Security.
Providers of OT and ICS security advisory and integration services are specialized and in high demand by customers in today’s market. Examples of service providers in this space include Siemens, Rockwell Automation, Honeywell and Booz Allen Hamilton.
Robust M&A Illuminates Cyber-Physical Security Connection
Transaction activity in the physical and cybersecurity industries underlies the strong growth rates and opportunities for the sectors independently and on a converged basis.
In 2021 there were 410 announced cybersecurity transactions totaling $85.6 billion in disclosed deal value, a 21% increase in number of transactions and a 294% increase in disclosed transaction value over 2020.
Strategic buyers continue to comprise the majority of transactions (63%), while private equity buyers (37%) have displayed continued interest in utilizing add-on acquisitions to expand the offerings and the geographic reach of portfolio companies.
Some notable transactions in the physical security space include:
▶ Thoma Bravo’s acquisition of Proofpoint for $12.4 billion, representing the largest Cloud software purchase in history.
▶ CDW’s acquisition of Sirius Computer Solutions for $2.5 billion, creating one of the largest IT solutions organizations in the world.
▶ Peraton Corp., a leading provider of IT services to federal government agencies acquired Perspecta for $6.8 billion through its financial sponsor Veritas Capital.
▶ Symphony Technology Group through subsidiary McAfee Enterprises acquired the product business of FireEye for $1.2 billion, creating one of the largest pure-play enterprise cybersecurity companies in the world.
In the physical security sector there were 204 deals in 2021, representing a 43% increase over the 143 transactions in 2020. Private equity sponsors represented 57% of transaction volume in 2021 as they continued to acquire companies to bolster the scale of their existing portfolio companies.
To view some of the most notable transactions in the physical security space in 2021, click here.
Thomas McConnell is a Managing Director of investment banking firm Capstone Headwaters where he focuses on mergers, acquisitions and capital raise transactions in the physical and cybersecurity industries. Patrick Hashmall serves as an M&A Associate at the company.