CyberSecurity: 2024 Valuation Multiples

CyberSecurity continues to be one of the most discussed themes in today’s venture environment, as well as throughout society at large. While pandemic-induced mass digitalisation forced companies, government and individuals to seriously think about the safety of their data, movements such as hacktivism and cyber warfare are becoming increasingly key in today’s fragile geopolitical balances.

Like most tech sectors, CyberSecurity start-ups benefited from the accelerated cloud adoption of companies worldwide caused by the pandemic. Demand for CyberSecurity solutions, especially on the B2B side, has been steadily rising from 2020 to the end of 2021, and with that valuations shoot up.

However, increasingly volatile public markets and a “cost of capital crisis” brought by a high-inflation, high-interest economic environment caused CyberSecurity stocks to plummet on the public markets.

Although the 2022 public market crash has sent shockwaves through the whole Venture Capital landscape, the CyberSecurity sector is still very active both in terms of early-stage deals, which were 60% of the total in Q2 2022 and M&A activity, which remained high through 2022.

However, research seems to show that last year the tide has turned for the CyberSecurity sector. In September 2023 CBInsights data showed that M&A deals and exits for the sector saw a jump in Q2 2024, which at the time hadn’t happened in over a year and even went against broader market trends.

Still, Pinpoint Research Group reported an overall decline in M&A volume and value in 2023 compared to 2022, although funding volume saw a sharp increase dominated by seed-stage deals. Software Equity Group reported that publicly traded security SaaS companies increased their median revenue growth from 21.4% in Q4 2022 to 29.5% in Q4 2023, and the European Union found that the CyberSecurity budget of Operators of Essential Services is increasing.

Overall, the data seems to indicate that while the sector is suffering the broader market challenges of cash shortage and high cost of capital, there are indeed growth opportunities for both incumbents and new entrants in the sector.

CyberSecurity Valuation Multiples

SEG’s reports offer interesting insights into CyberSecurity valuation multiples. Their index comprises over 130 publicly traded SaaS companies, broken down by sector.

After peaking at 17.7x in Q3 2021, median trailing-twelve-months (TTM) revenue multiples for CyberSecurity Companies fell sharply throughout 2022, reaching an all-time-low of 5.9x in Q1 2023. However, throughout last year the metric showed a slight upward trajectory eventually reaching 7.3x in Q4 2023, matching the same quarter of the previous year.

Source: SEG

Two CyberSecurity companies were in the Top 10 performers by EV/TTM Revenue in the SEG SaaS Index: Crowdstrike and Zscaler, with the sub-sector being among the top three of the SEG index by Revenue multiples, behind Human Capital Management and Supply Chain.

EBITDA Multiples for CyberSecurity companies tell a whole different story, still recording some of the highest values among tech firms, but with many companies—including established, public enterprises—yet to record a positive EBITDA.

After falling to the high 30s in between the end of 2021 and the start of 2022, median EBITDA multiples for CyberSecurity companies shoot back up well into the hundreds, with a multiple of 122.7x in Q4 2022.

Source: SEG

Of course, with so many companies in the sector still unprofitable, there is limited reliability to this data. However, once again, this shows that a clear path to profitability in your business plan could be a game changer when negotiating your valuation.