The global cybersecurity market is experiencing a wave of mergers and acquisitions (M&A). This is interpreted as the industry seeks to strengthen its security capabilities through M&A to combat the cyber attacks that are rampant against corporations and public institutions worldwide. In particular, as cyber threats utilizing generative artificial intelligence (AI) have surged, the 'growing' of security giants continues, focusing on companies that possess advanced AI-based security technology and identity security technology.
According to the security industry on the 4th, this year has seen the completion of massive M&A deals worth trillions of won in the security market. Palo Alto Networks, the world's largest security firm based in the United States, acquired Israeli security company CyberArk last week for $25 billion (approximately 34.5 trillion won). This is the largest M&A that Palo Alto has pursued to date. Palo Alto noted, "With this acquisition, we have expanded our business into the identity security field."
Identity security is a key factor in the Zero Trust principle of 'never trust, always verify,' helping to respond to AI-based deepfakes, voice cloning, and automated fraud attacks. It is considered one of the essential security technologies of the AI era. CyberArk, which boasts over 10,000 customers worldwide, is a strong player in the identity security field, possessing technologies that limit access to sensitive corporate information and confidential data, thus protecting against ransomware attacks.
Previously, Palo Alto accelerated its portfolio diversification by acquiring the AI security startup 'Protect AI' for $700 million (approximately 950 billion won) in April. Before acquiring CyberArk, Palo Alto invested about $7 billion (approximately 9.74 trillion won) in promising security firms.
Alphabet, the parent company of Google, also acquired the cloud security firm Wiz for $32 billion (approximately 45 trillion won) in March, marking a trend of massive M&A deals in the security market this year. Robins & Gray, a U.S. law firm specializing in M&A consulting, explained that "This year, the number of large-scale cybersecurity M&A transactions exceeding $250 million (approximately 330 billion won) is increasing," adding that "corporations and private equity funds are focusing on securing high-quality security assets with cutting-edge technologies to strengthen their response capabilities against increasingly complex cyber threats."
In May, Zero Trust-based security firm Zscaler acquired managed detection and response (MDR) company Red Canary for $675 million (approximately 900 billion won), and Israeli cybersecurity company Check Point acquired AI-based vulnerability detection specialist Verity Security for approximately $100 million (around 1.3 trillion won).
Financial Times (FT) reported that "As cyber attacks targeting corporations increase, the cyber security M&A market is booming." The cybersecurity venture firm Cybersecurity Ventures predicted that global damages from cybercrime this year could reach $1.05 trillion (approximately 1.47 trillion won). Corporations and institutions are also expanding their security investments to minimize damage.
Particularly with the spread of generative AI, the sophistication of cyber threats has increased, making it important to build integrated security platforms. Robins & Gray stated that the market for AI-based cybersecurity solutions is expected to grow at an average annual rate of 33.4%, reaching $40.1 billion (approximately 55 trillion won) by 2030, noting that "As corporations demand integrated solutions that encompass endpoint security, cloud, and identity security, the security industry is moving toward securing technologies and expanding portfolios through M&A."
In the domestic security market, where M&A activities are less active compared to the U.S., there were three acquisition and merger cases last month alone. MonitorApp, strong in network security, announced last month that it would acquire the threat-hunting-based endpoint detection and response (EDR) specialist 'Soma'. MonitorApp explained that through this acquisition, it aims to build an integrated security portfolio that extends beyond network-centric business areas to include endpoints.
Integrated security solutions company SGA Solutions announced last month that it will merge with its subsidiary SGN, which controls user permissions to servers and key systems and provides security solutions capable of history management. A representative from SGA Solutions stated, "Through this merger, we will secure our technological capabilities in system access control and further enhance our Zero Trust competitiveness." CyberDyne recently completed its merger with 'PentaLab', which possesses security technologies that control intellectual assets, such as source code security and web content leak prevention (Web DLP).