CyberSecurity: 2021 Valuation Multiples

9 March 2021

The median trailing-twelve-months (TTM) revenue multiple for CyberSecurity Companies reached the highest level in 2.5 years, at 9.3x in the third quarter of 2020.

reports : Exit, Investment, Tech and Valuation

With people’s lives increasing moving online, we’re constantly leaving behind a digital trail, which involves a rising risk for cybercrimes and an increased need for CyberSecurity.

In 2020, CyberSecurity start-ups benefited from the accelerated cloud adoption of companies worldwide caused by the pandemic.

Going forward, CyberSecurity firms are going to be in record demand, as proven by last year’s data.

Funding to the sector was at an all-time high in 2020, reaching $11.4bn , a 50% increase from 2018, as reported by CB Insights. Various factors drove the record investment in 2020, from remote-working workforces to a surge in cyber attacks.

Mandatory work from home requirements triggered shift in demand for software providers. Investors are placing greater value on firms providing critical offerings to businesses that need to support operations and employees in remote locations.

Transaction volume has been high in the past 3 years, with 540 acquisitions. 2020 recorded 165 transactions, with over 30% of European targets.

The fast adoption of cloud computing for most businesses further boosted the fortunes of CyberSecurity companies. Cloud computing – used by firms to improve operational flexibility, support remote work, and gain access to new technologies – requires protections for managing and securing data access. Nearly half of CyberSecurity mega-rounds went to companies protecting cloud environments.

With sensitive personal and corporate data now flooding the web, in the past three years alone cloud breaches have exposed over 33 billion records, costing affected companies an estimated $5 trillion.

Working from home creates new threats to corporate security. Reflecting this rising corporate concern is the growing need to partner with tech companies to identify potential weaknesses and help fend off breaches.

Google’s recent partnership with Munich Re and Allianz signals plans of integrating CyberSecurity with cyber insurance, further highlighting their presence at the forefront of businesses’ priorities.

As the cloud takes a more prominent role in companies’ strategy, CyberSecurity providers will play a key role in reducing associated risks, which is reflected in the rising valuation multiples of CyberSecurity companies.

CyberSecurity Valuation Multiples

SEG’s reports offer interesting insights into FinTech valuation multiples. Their index comprises 99 publicly traded SaaS companies, broken down by sector.

The median trailing-twelve-months (TTM) revenue multiple for CyberSecurity Companies reached the highest level in 2.5 years, at 9.3x in the third quarter of 2020.

EV/TTM Revenue had a slight drop YOY in 1Q’20 and 2Q’20, picking up again in the second half of the year, driven by the heightened need for cloud security brought about by the pandemic.

Source: SEG

CyberSecurity’s median revenue multiple (8.8x) is almost 30% lower than the SaaS one (12.5x).

That is surprising knowing that 3 security companies were in the Top 10 EV/TTM Revenue SEG SaaS Index over the second quarter of 2020. Okta, Crowdstrike and Zscaler reported multiples of 33.9x, 27.7x and 24.2x, respectively.

This could indicate that a few large and established companies in the CyberSecurity sector now command a premium valuation that reflects their position in the market. In the meantime, younger competitors who are still posting lower earnings, are relatively undervalued.

Source: SEG

After a slight recovery in the first quarter of 2020 YOY, where it reached 50.5x, it sharply declined over the next two quarters, where it was around the lowest level it had been in the past 2 years.

Despite that, the multiple then picked up again in the last quarter of 2020, reaching 68.6x. Such a high EBITDA multiple, may indicate that profitable CyberSecurity companies enjoy much higher valuations.

In other words, investors tend to apply a discounted valuation to CyberSecurity companies until they remain unprofitable.