Discover more from Cybersecurity Investors Anonymous
What makes a good PE acquisition target?
A look at recent public cybersecurity acquisitions and what they have in common
Within the past year or so, a multitude of public cybersecurity companies have been bought (mostly) by PE. So before the next one goes, I thought this would be a good time to talk about what makes a public cybersecurity company a good PE acquisition target. When I think about these characteristics, my goal is to own stocks of companies I think are going to get bought, and to start buying them at levels where I think PE might be interested in them. Let’s look at some recent acquisitions in the space and outline what they have in common, so you can do the same.
Recent PE Acquisitions of Public Cybersecurity Companies
SAIL - acquired by Thoma Bravo
PING - acquired by Thoma Bravo
FORG - acquired by Thoma Bravo
SUMO - acquired by Francisco Partners
MNDT - acquired by Google (Obviously not PE, but PE was sniffing around this one before Google acquired it, and some of its characteristics were in line with what I’d consider a good PE target, so I’m including it)
It’s my job as a cybersecurity research consultant for institutional investors to understand what these cybersecurity companies do, how they operate, their management teams’ backgrounds, how they compete in the market, and their financial profiles. It’s also important for me to understand how analysts and investors think about the companies I research, and the reason is that I can’t present my research in a way that is helpful unless I understand what it is they want to know about a company.
After almost 6 years of doing this type of research and seeing companies get acquired over that period of time, it becomes very evident when a company on my coverage list starts looking like an acquisition target. So what are those common characteristics? Using the 5 companies above as examples, let’s take a look.
There are several reasons a company might be misunderstood by the broader investing community, and not just by retail, but by institutional investors and analysts as well. It might be that the company is a niche player, or competing in a niche space, or it may be that their category is too complicated or boring, that they are the only public company in their category, or that they are a small player in a very saturated market and investors don’t understand how they could possibly compete in it (this was the case for SUMO for a long time). Sometimes a company goes through a lot of change in management or strategy over a period of time, and the stock gets extremely beaten down and no one wants to own it. You might even say these stocks are hated (I would place MNDT in this category of misunderstanding). No matter the reason, companies that get bought by PE are usually misunderstood.
The first three companies in my list up above, SAIL, PING, and FORG, were all part of the Identity Governance, Management, and Federation spaces. If that sounds extremely boring to you, you’re not alone. The identity sub sector of cybersecurity isn’t sexy, and you can tell just by attending their conferences, which are not designed to be flashy, but are educational. By contrast, companies like CRWD and ZS dump a ton of money into marketing and big, fancy booths at the big security conferences. That type of promotional activity also helps their stock because the analysts walking around trying to understand what all of these companies do are naturally going to gravitate to the ones that are more interesting and fun. Interesting and fun companies on the surface do not generally make good PE acquisition targets.
If it’s well understood, it’s probably too expensive and doesn’t need PE help anyway, which brings me to the next characteristic…
A lot of companies in my coverage list are way too big and expensive for PE. CRWD currently has a $30B market cap and is trading for ~10x revenue… forget it. We are generally looking for companies that are trading around a $5B market cap or below, which was true for all 5 of the companies in my list up above before they got bought. They should be trading for single digit multiples of revenue, and if they are down in the 2-3x revenue range, that is ideal.
There are times when a good company goes through a tough time and becomes an excellent value. OKTA is a good example of a company that went through a tough time recently, and if it had remained at the beaten up level it was trading at, I thought it would be an acquisition target. The stock traded down to around $45, which meant OKTA had a roughly $7.5B market cap (a little high for a PE target) and was trading for 3.2x forward revenue. This was a relative bargain though since the other identity companies I listed above were getting bought in the 7-10x revenue range, and OKTA is a market leader with solid growth. As you can see, the stock did not stay that low for long, as many investors understood the relative value and bought it up right away. It now trades around $83, and has a $13.25B market cap. I was buying OKTA heavily below $50.
Side note: This is where understanding fundamentals can have a positive impact on your trading strategy. If you want to see how I use fundamentals to inform my trading, check out my SavvyTrader portfolio. Coincidentally, OKTA was one of my first entries there.
You may be wondering why I thought a company as big as OKTA might be an acquisition target. Especially since I just said we’re generally looking for things under $5B in market cap. Well, it’s more than just the relative value of OKTA, and that brings me to the next characteristic…
It Fits the Bill
If you follow a space long enough, you start to notice patterns. A really obvious pattern to the cybersecurity community was that Thoma Bravo seemed to be buying up every identity company on the planet over the past couple of years. They bought SAIL, PING, and FORG just last year. The reason I thought OKTA might be a target for them as well wasn’t just because it was a relative value, but because Thoma Bravo is clearly building a large Identity portfolio and has some kind of plan in place to dominate the Identity space. For that reason, OKTA fit the bill of a company they might be interested in.
If you look at the firewall space, you’ll see that the major players (PANW, FTNT, and CHKP) have all added cloud security capabilities over the past several years, and especially for PANW, it’s become a huge part of their growth strategy. I bring this up because if you look at the portfolio companies of PE firm Francisco Partners and sort by the Security sector, you’ll see they have invested in several cloud security solutions already. Further, they own Sonicwall, a mid-market firewall company. It’s easy to see how a company like SUMO, which offers a cloud observability and security platform, can fit into Francisco Partners’ portfolio of security companies. (If it isn’t easy to see yet, it will be as you get to know the cybersecurity space. That’s what I intend to help with)
So what about MNDT? I think of all the traits MNDT had that made it a good PE acquisition target, this trait was the weakest. It made a lot more sense for Google, a company that is trying to get enterprise customers to take Google Cloud seriously from a security standpoint, to buy MNDT, which for all its weaknesses had some of the most brilliant minds in cybersecurity working for it. I was a huge believer in MNDT, and I might write a separate piece about them because I think there is a lot to learn from their journey if you are trying to better understand the space and how investors think about the companies in it.
The next point is going to sound obvious, but hear me out…
Management has to want to sell
Imagine you spend a decade or more building a software company. You put your blood, sweat, and tears into it. You take the company public and learn how to deal with analysts and investors breathing down your neck. Then one day you have a bad quarter or a bad analyst day and your stock takes a nose dive. It probably seems to you like an over-reaction… wouldn’t years of strong performance be enough to buy you a little slack over a rough quarter? Not so fast. The market is forward looking, and it doesn’t take much for the narrative on the street to flip and for the viability of your beloved company’s future to be called into question. Analysts are building financial models out over several years, and so any change in the numbers today or next quarter can alter those models pretty quickly and crush your valuation via your stock price.
The question is- can you fix it before or after that happens, and do you want to?
For many companies bought by PE, the answer is no. The conditions really have to be right (or wrong) for a management team to want to sell. What contributes to those conditions? This is going to be the most speculative part of this article, but here are some things I think contribute:
Deteriorating market conditions: Maybe spending has rotated to other areas of security and the outlook is uncertain, or maybe a recession is imminent. Uncertainty is bad for public companies, especially those who are not market leaders or are operating in sectors that are not considered a priority.
For example, SAIL offered identity governance solutions which allowed customers to automate and manage the rollout and revocation of employees’ access policies. Before that, they were doing it manually, which they could theoretically do again. In a recession, will a customer buy that tool, or allocate dollars to securing endpoints? Endpoint security cannot be done manually.
They’re tired: Some of these founders and management teams have just been doing it forever, and I think they are just tired. The founder of SAIL has been working in the space for 35 years, and the CEO of PING has been running the company for 21 years.
Kevin Mandia, who took over as CEO of FEYE before it became MNDT, is just a super smart guy who wants to make the world a more secure place, and he got stuck with trying to run a product company after Dave DeWalt blew up FEYE’s stock price. Kevin Mandia was a services guy, not a product guy. I think he was tired of fighting to show investors the value, and getting folded into Google will give him an opportunity to focus on what he actually cares about.
SUMO’s CEO didn’t found the company, and had some bad luck with timing, going public shortly before the pandemic, and having to do layoffs right as they were gaining traction going upmarket into enterprise, and then just fighting to get that company to a good place with a new management team around him.
By contrast, OKTA’s CEO founded the company and is younger and hungrier to keep going, and I think that would’ve prevented a sale to PE anyway. No way a bad quarter or two is going to convince him to sell the company for less than what he thinks it will one day be worth.
Watch management teams present at their analyst days and pay attention to the level of enthusiasm on earnings calls to get a hint about how they’re feeling.
They’re distressed or going through a transition: In many cases, companies can see the writing on the wall due to internal and external factors. A PE firm might buy a company and take it private, help them through a transition, and take them public again. An example of a transition might be a company that is struggling with transtioning from a perpetual licensing model to subscription, and they may be doing that as they’re trying to get their customers moved over to a cloud-based version of their product. Maybe they are also transitioning to a new management team.
When public companies go through these types of transitions and they don’t go as smoothly as expected, it gives investors a view into the sausage being made, which can tarnish the image of a public company from an investor’s eyes. I think SPLK is a company whose stock price is suffering from a prolonged and muddy transition, but other characteristics do not make it a good PE target.
Final Rule of Thumb: The acquisition price needs to clear 52 week highs
Investors are not likely to agree to a PE buyout of a stock that has had a temporary pullback due to a bad quarter or a broader market selloff. For example, SentinelOne ($S) is an excellent endpoint security company that currently has a market cap under $5B, and is trading for ~5.5x revenue. What PE firm wouldn’t like to own it for that price given it’s very high growth rate? The trouble is if you look at the stock price, it’s 52 week high is $41.68, and no PE firm is going to pay that much per share to acquire it. Why does the 52 week high matter? Because if you’re an investor you are expecting the stock to get back there eventually, only time can cause you to lose hope. Why would you take $20/share when it was trading at twice that less than a year ago?
Now, starting in Q4 of 2022, it started getting down into the $15/share range, which is where it’s currently trading. If the stock hasn’t rallied much from where it’s at now, then in Q4 of this year, once it’s 52 week high is in the $15 range instead of $41.68, I will be looking at it as a certainty for acquisition. That could be by PE or another cybersecurity platform company. I think it’s a good value at this price, but it could dip lower into the $12-13 area, where I will be a heavy buyer. Could a non-PE buyer try to swoop in now? Of course, but remember, management has to want to sell.
The companies that get bought by PE have generally been trading lower or sideways for over a year.
Going Forward: Companies I Think Meet The Criteria
Now that I’ve outlined these common characteristics of companies that make good PE acquisition targets, I’m going to be writing about some I think are shaping up to be potential targets. Recessions are the perfect time for PE to go shopping, as multiples compress and valuations become more reasonable. This means good setups for investors who know what to look for.