CyberSecurity: 2022 Valuation Multiples
With people’s lives increasing moving online, we’re constantly leaving behind a digital trail, which involves a rising risk for cybercrimes and an increased need for CyberSecurity.
Since 2020, CyberSecurity start-ups benefited from the accelerated cloud adoption of companies worldwide caused by the pandemic. Demand for CyberSecurity solutions, especially on the B2B side, has been growing ever since.
Funding to the sector nearly doubled from 2020 to 2021, reaching a record-setting $20bn, as reported by Crunchbase. The sector’s growth was strongly driven by the pandemic, but remains high even in the first quarter of 2022, marking a key benchmark in the crucial post-pandemic months.
The fast adoption of cloud computing for most businesses further boosted the fortunes of CyberSecurity companies. Cloud computing – used by firms to improve operational flexibility, support remote work, and gain access to new technologies – requires protections for managing and securing data access. Nearly half of CyberSecurity mega-rounds went to companies protecting cloud environments.
With sensitive personal and corporate data now flooding the web, between 2017 and 2020 alone cloud breaches have exposed over 33 billion records, costing affected companies an estimated $5 trillion.
With over 430 CyberSecurity deals announced in 2021 (two and a half times as many than the previous year), investor sentiment has been extremely positive for a tech subsector that has become a necessity for companies and consumers alike.
Google’s recent partnership with Munich Re and Allianz signals plans of integrating CyberSecurity with cyber insurance, further highlighting their presence at the forefront of businesses’ priorities.
As the cloud takes a more prominent role in companies’ strategy, CyberSecurity providers will play a key role in reducing associated risks, which is reflected in the rising valuation multiples of CyberSecurity companies.
CyberSecurity Valuation Multiples
SEG’s reports offer interesting insights into CyberSecurity valuation multiples. Their index comprises 99 publicly traded SaaS companies, broken down by sector.
The median trailing-twelve-months (TTM) revenue multiples for CyberSecurity Companies reached its highest level at 17.7x in the third quarter of 2021.
EV/TTM Revenue multiples for CyberSecurity companies had its best ever year throughout 2021, averaging 8x in 2020 and increasing by over 50% last year, stabilising just over the 12x mark in Q4 2021.
CyberSecurity’s median revenue multiple (12x) is now nearly on par with the SaaS one (13.9x).
Three CyberSecurity companies were in the Top 10 performers by EV/TTM Revenue in the SEG SaaS Index: Okta, Crowdstrike and Zscaler.
This could indicate that a few large and established companies in the CyberSecurity sector now command a premium valuation that reflects their position in the market. In the meantime, younger competitors who are still posting lower earnings, are relatively undervalued.
Because many CyberSecurity companies invest heavily in R&D and are still in the early days of making revenues, EV/EBITDA multiples are a less reliable metric that can hardly be used to justify a valuation.
Taking the SEG SaaS Index as an example, we can see how volatile EBITDA Multiples can be, jumping to over 700x in Q2 and Q3 2021 before falling back to a more reasonable 39.5x at the end of 2021.