In a new survey, KPMG LLP suggests that a shifting enterprise landscape is paving the way for a strong year of tech mergers and acquisitions in 2015. As evidenced by security M&A activity over the past week, KPMG's prediction is already coming to fruition.
The U.S. audit, tax and advisory firm's "2015 M&A Outlook Survey Report" reveals how more than 735 M&A professionals from U.S. corporations, private equity firms and investment banks responded to questions about future acquisitions.
According to the report, 82% of respondents were planning at least one acquisition in 2015, while 19% were planning two, 11% were planning three, and 10% were planning on more than 10 acquisitions.
Sixty-two percent of those polled believe the tech industry will see the most activity, second only to healthcare (84%). Respondents cited key trends within the tech landscape driving M&As, namely mobility (54%), cloud (48%), data analytics (47%) and security (38%).
Besides increasing revenues and cutting costs, the survey found access to intellectual property and content, product enhancement, innovative technology and product acquisition, the ability to enter new markets, and expanding existing technology platforms as the major reasons for 2015 M&As.
Despite global concerns, KPMG believes M&As are likely to continue as a result of low interest rates, record stock prices, improving employment numbers and an abundance of cash.
As evidence of that, several notable security M&As have been announced in recent days.
SingTel acquires Trustwave
Trustwave Holdings Inc. announced Tuesday it was to be purchased by Singapore Telecommunications Ltd. (SingTel). The addition of the Chicago-based managed security vendor will expand SingTel's existing portfolio of cloud-based technologies.
"SingTel is the perfect partner for us as we continue to help businesses fight cybercrime, protect data and reduce security risk," said Trustwave chairman, CEO and president Robert J. McCullen, "and the Trustwave team is thrilled to become a part of such a prestigious and innovative organization."
In a SingTel press release, CEO Chua Sock Koong said, "Our extensive customer reach and strong suite of ICT services, together with Trustwave's deep cyber security capabilities, will create a powerful combination and allow SingTel to capture global opportunities in the cyber security space."
Trustwave will operate as a standalone company post-acquisition and will remain in the Windy City led by the same management team. The deal, subject to regulatory approvals and other closing conditions, is set to be completed within the next 3-6 months.
Early Warning acquires Authentify
Multifactor authentication vendor Authentify Inc. announced Tuesday it was set to be acquired by fraud prevention and risk management provider Early Warning Services LLC. The acquisition of Chicago-based Authentify will help Early Warning integrate digital authentication methods into its services.
Scottsdale, Ariz.-based Early Warning CEO Paul Finch said, "With the acquisition of Authentify, Early Warning is well on its way to realizing its vision of providing both the powerful multi-faceted authentication needed today plus the advanced authentication needs of the future."
"Guarding businesses and consumers from fraud is becoming more critical each day," Authentify CEO Peter Tapling said. "This acquisition represents two companies with a common objective uniting to reinforce that goal."
Terms of the deal were not disclosed, and a timeline for its completion was not given.
Check Point acquires Lacoon Mobile Security
Check Point Software Technologies Ltd. announced April 2 its intent to acquire Lacoon Mobile Security, based in Tel Aviv, Israel. Check Point's addition of the mobile security company will expand mobile security technology in its existing Internet and network services.
"Mobility has become the norm in business operations now more than ever before, because it enables employee productivity with anytime, anywhere access," said Gil Shwed, CEO and chairman of Check Point. "However, companies are not necessarily protecting the data on mobile devices properly."
This is the second acquisition for Check Point this year; in February the company purchased early malware detection startup Hyperwise. Check Point has focused on a series of smaller acquisitions in the decade since its attempt to acquire network security vendor Sourcefire was scuttled by U.S. government regulators. Sourcefire was acquired by Cisco Systems Inc. two years ago.
While details of the Lacoon acquisition were not disclosed by Check Point, reports suggest the deal was around $80 million.
Salesforce acquires Toopher
"While we will no longer sell our current products, we are thrilled to join Salesforce, where we'll work on delivering the Toopher vision on a much larger scale as part of the world's #1 Cloud Platform," said Toopher co-founders Josh Alexander and Evan Grim in a message on the company's website. "We can't imagine a better team, technology and set of values with which to align."
Auxilio acquires Redspin
Auxilio Inc., based in Mission Viejo, Calif., announced March 31 it signed a definitive agreement to acquire healthcare risk assessment provider Redspin Inc. The Carpinteria, Calif.-based Redspin is a HIPAA risk assessment and penetration testing services provider.
Auxilio President and CEO Joseph J. Flynn said, "This acquisition fits squarely with our strategy of identifying complementary technology and services, led by dynamic leaders who understand the market, have the ability to scale and who can help us take this business to the next level."
The transaction is expected to close within the next few weeks. In a filed Form 8-K, terms of the purchase included $2,050,000 in cash and shares with an aggregate value of $500,000.
Opera Software acquires SurfEasy
Opera Software announced March 19 it acquired VPN security service provider SurfEasy Inc. The Oslo, Norway-based browser developer announced the acquisition of the Toronto-based SurfEasy would help its users boost security regardless of the device they use -- smartphone, tablet or desktop.
"Privacy and security has always been top of mind for Opera's users, making the acquisition of SurfEasy a seamless fit," said Opera software CEO Lars Boilesen. "Opera has evolved beyond our browser roots and this step will add a critical building block towards a broader portfolio of application."
Terms of the deal were not disclosed.
In other news
- Venafi Inc. released a report Tuesday claiming three-quarters of the world's 2,000 largest organizations with public-facing systems vulnerable to Heartbleed are still at risk of a breach, but security expert Robert Graham claims this isn't necessarily the case. In a blog post published Tuesday, Venafi Labs' Gavin Hill cited a 2% improvement in the number of large firms that have remediated Heartbleed in one year's time. However, as Errata Security researcher Graham explained in a blog post, Venafi's language may be deceiving -- and the devil's in the details. "It's not saying three or four out of all systems," Graham wrote, "but only those that were vulnerable to begin with (a minority). They aren't saying they are still vulnerable to Heartbleed itself, but only that they are vulnerable to a breach -- due to the certificates having been stolen."
- Hackers reportedly gained access to an unclassified White House network last October through a State Department system. Though unclassified, hackers may have infiltrated sensitive data, including non-public details of President Obama's schedule. CNN reports the FBI, Secret Service and U.S. intelligence agencies are jointly investigating what is being called "among the most sophisticated attacks launched against U.S. government systems." Though unconfirmed, many sources are linking the attack to malicious actors based in Russia. Investigators believe the attack, which allegedly began with a phishing email, allowed attackers to "own" the State Department system for months, and they may still have access to the network.
- Virginia Governor Terry McAuliffe has signed an electronic identity management bill into law, becoming the first state in the Union to enact a digital identity standard. Bill authors Jeff Nigriny, president and founder of CertiPath Inc., and Timothy Reiniger, director of digital services at law firm Future Law LLC, told SecureIDNews the bill has three main purposes: to create a common legal framework, to address identity provider liability, and to establish a public-private standards body that will create guidelines to be followed providers. The bill goes into effect on July 1.
Check out SearchSecurity's corporate M&A security learning guide
Learn more about Heartbleed lessons, the White House hack and digital identities