CyberSecurity: 2023 Valuation Multiples

CyberSecurity continues to be one of the most discussed themes in today’s venture environment, as well as throughout society at large. While pandemic-induced mass digitalisation forced companies, government and individuals to seriously think about the safety of their data, movements such as hacktivism and cyber warfare are becoming increasingly key in today’s fragile geopolitical balances.

Like most tech sectors, CyberSecurity start-ups benefited from the accelerated cloud adoption of companies worldwide caused by the pandemic. Demand for CyberSecurity solutions, especially on the B2B side, has been steadily rising from 2020 to the end of 2021, and with that valuations shoot up.

However, increasingly volatile public markets and a “cost of capital crisis” brought by a high-inflation, high-interest economic environment caused CyberSecurity stocks to plummet on the public markets.

Although the public market crash has sent shockwaves through the whole Venture Capital landscape, the CyberSecurity sector is still very active both in terms of early-stage deals, which were 60% of the total in Q2 2022 and M&A activity, which remained high through 2022.

According to Investment Bank Houlihan Lokey’s latest report, the correction in valuations and valuation multiples has more to do with the economic context investors are facing than the sector itself.

Firstly, high-growth CyberSecurity companies saw a disproportionate fall in their performance on public markets, as trust in more optimistic revenue projections faded. Secondly, as highlighted in the report, the severity of Cyber Security threats on a geopolitical scale is impossible for investors to ignore as a growth signal for the space. Finally, a staffing shortage in the sector, with 700,000 unfilled CyberSecurity jobs in the US alone, shows that demand is growing faster than current market players can keep up with, opening up market gaps for new entrants.

According to Gartner, the Information Security and Risk Management will add nearly $95bn to its TAM, to reach $267.3 billion in 2026.

CyberSecurity Valuation Multiples

SEG’s reports offer interesting insights into CyberSecurity valuation multiples. Their index comprises over 100 publicly traded SaaS companies, broken down by sector.

After peaking at 17.7x in Q3 2021, median trailing-twelve-months (TTM) revenue multiples for CyberSecurity Companies fell sharply throughout 2022, eventually clocking in at 7.3x in Q4 2022, just below pre-pandemic levels

Source: SEG

Two CyberSecurity companies were in the Top 10 performers by EV/TTM Revenue in the SEG SaaS Index: Crowdstrike and Zscaler, with the sub-sector being among the top three of the SEG index by Revenue multiples, behind Human Capital Management and Supply Chain.

EBITDA Multiples for CyberSecurity companies tell a whole different story, still recording some of the highest values among tech firms, but with many companies—including established, public enterprises—yet to record a positive EBITDA.

After falling to the high 30s in between the end of 2021 and the start of 2022, median EBITDA multiples for CyberSecurity companies shoot back up well into the hundreds, with a multiple of 122.7x in Q4 2022.

Source: SEG

Of course, with so many companies in the sector still unprofitable, there is limited reliability to this data. However, once again, this shows that a clear path to profitability in your business plan could be a game changer when negotiating your valuation.