Cybersecurity Enterprise IPO M&A

Mergers & Money: Darktrace’s Upcoming IPO Could Light Way For More Cybersecurity Offerings

Illustration of a hand reaching out of computer screen to shake someone's hand.

Editor’s note: This is Mergers & Money, a monthly column by Senior Reporter Chris Metinko that covers dealmaking in the enterprise tech space.

Last year proved there is significant public investor appetite for tech IPOs; from Snowflake to Airbnb to C3.ai, investors welcomed both consumer- and enterprise-facing innovation.

Subscribe to the Crunchbase Daily

However, the IPO floodgates seemed well boarded when it came to cybersecurity. TELOS and Plurilock were the only venture-backed cybersecurity firms to hit the public market last year.

So what might 2021 look like for cyber IPOs?

This week saw the Nasdaq debut of Florida-based awareness training company KnowBe4, which saw shares soar in early trading. Darktrace seems likely to be first U.K. offering out of the gate after the detection and response firm announced its intention to go public on the London Stock Exchange.

That followed a Bloomberg report in late February that Mountain View, California-based AI endpoint security provider SentinelOne was preparing for an initial public offering later this year that could value it at more than $10 billion. Just last November, the company closed a $267 million Series F that valued the company at $3 billion — tripling its valuation from just nine months prior.

However, those who enjoy watching the market should get familiar with some other names — like Kirkland, Washington-based Tanium — that are likely eyeing the possibility of taking the public market plunge, both investors and advisers say.

“In addition to KnowBe4, Darktrace, Tanium and SentinelOne, we continue to keep a close eye on the IPO pipeline for companies such as ForgeRock, Netskope, Illumio and possibly even Pindrop — although they’re most likely on a late-2022 time horizon,” said Dino Boukouris, founding and managing director of San Francisco-based financial advisory firm Momentum Cyber.

SentinelOne and Tanium are interesting since they could mark a return to the IPO landscape for the endpoint market. Competitor CrowdStrike undertook its IPO in June 2019 and was one of the most successful cyber offerings ever — watching its stock pop and nearly double on its first day of trading — raising more than $610 million at an initial valuation of about $6.7 billion.

However, endpoint security and management is not the only sector that could whet investors appetites.

Securing the cloud

“Cloud security is still a sector to watch given the strong performance of companies like Zscaler in the public markets, coupled with the numerous $100 million-plus funding rounds we’ve seen in the private markets,” Boukouris said.

Umesh Padval, a venture partner at Thomvest Ventures, agreed cloud security could strike a chord with public investors, as seemingly every company has accelerated its adoption as workforces become more remote. Digital identity and authentication also has become popular — as illustrated by Okta’s $6.5 billion stock deal for Bellevue, Washington-based Auth0 last month — he added.

While not all these companies will go public, Padval said he’d keep an eye on several as IPO candidates, including Tanium, cloud security developer Netskope, open-source security company Snyk, security operations provider Arctic Wolf, data security analytics company Exabeam, and fraud detection platform Signifyd.

Padval said he believes the reason for the lack of cybersecurity IPOs has many facets. First, companies need revenue approaching $100 million annually — or ARR in that range — and be sure they can present a good growth rate to investors for the ensuing five to six quarters after going public. Darktrace, for example, in its filing to go public reported revenue of $199.1 million for the year ended last June 20 — that’s a 45 percent increase from $137 million in the same period a year earlier.

There also are so many predictability issues entailed with going public that some shy away — and that doesn’t even include the cost.

“It’s pretty expensive to go public,” he said. ”So why do you need the scrutiny?”

Growth by acquisition

Cybersecurity companies — certainly those that are acquisitive — could eye the public markets, however. Going public gives companies more financing options, especially in the sense of offering stock to make acquisitions, and dealmaking is popular in cyber with 70 deals done last year alone, according to a recent report by Crunchbase.

Nevertheless, valuations likely will play the deciding role. Many of the companies mentioned were able to raise large private rounds in the last couple of years, and valuations and funding in cyber is hitting all-time highs.

“During the pandemic, multiples were just ludicrous,” Padval said. “When you look at some of the software companies, they are really good companies — great companies that are amazingly strong — but the multiples are still ridiculous.”

With multiples for some cybersecurity companies hitting 50x, 75x and even 300x, it may just make economic sense to eschew the public markets and stay private as long as one can — following in the footsteps of companies like Uber and Facebook.

“If you can raise private money, maybe you just stay private,” Padval added.

Illustration: Dom Guzman

Stay up to date with recent funding rounds, acquisitions, and more with the Crunchbase Daily.

Copy link