What drives private equity firms to acquire cybersecurity companies

Give us an overview of the Middle East cybersecurity landscape.
Digital transformation has moved to the top of corporate agendas in nearly every vertical in the region. Over the last couple of years, organisations have digitised at great speed to adapt to hybrid work and achieve greater efficiency and competitiveness. But this means cybersecurity is often not a top priority among IT and business decision-makers. In fact our recent research found that IT decision-makers in the UAE and Saudi Arabia face ongoing challenges with securing their digital transformation efforts against attack from cybercriminals.

The downside to increased digitisation is that attack surfaces are wider and there are more opportunities for bad actors to penetrate organisational defences, with many organisations stuck in a reactive mode regarding their security, leaving them unable to get on the front foot against attackers. The research found that more than two-thirds (68 per cent) of organisations in the region have had to postpone a digital transformation initiative due to cybersecurity concerns, with 65 per cent reporting they have cancelled such an initiative outright.

The Middle East region, like the rest of the world, continues to see a rise in cyberattacks with criminals evolving their techniques and continuing to get past organisational defences. With the number of publicly reported data breaches soaring past 2020’s total, 2021 appears to have been the worst year on record for cybersecurity.

We notice a larger trend among cybersecurity firms being acquired by private equity firms. What are your thoughts on this?
There is renewed interest in the cybersecurity sector, and we are increasingly seeing the strategy of acquisition to innovate across the industry. Over the last couple of years, cybersecurity is moving higher and higher up the priority list, following a series of high-profile attacks globally. There has also been an increased demand for security solutions as organisations have had to embrace hybrid working models and threat actors have capitalised on the fear and uncertainty around major world events such as the pandemic and geopolitical instability. Advanced security has never been more important. All these factors have made cybersecurity companies attractive to invest in and grow. We were approached by other private equity firms, and we’ve seen many other security companies being acquired in the recent past. Our biggest competitor was also acquired, and we’ve seen several others follow the same path. The most recent, big example is Broadcom announcing its plans to buy VMware.

Tell us about your partnership with Permira and why you selected this firm over others bidding for Mimecast.
Permira’s philosophy of ‘product first, growth first’ resonated with us and aligned with our values. They are focused on collaboration, long-term thinking and concern for employees which have always been important for Mimecast. They have deep experience in cyber and growing companies at scale and we felt that this was important for the next phase of our journey.

What is your company’s vision for continued growth – both organically and through strategic merger and acquisitions?
With Permira’s resources, network and deep experience scaling global technology companies, we will be better positioned to deliver the innovations that our customers and the world need. We are building out our product offerings thanks to Permira’s product-first growth-first mindset and we’re investing in R&D. When we were a public company, we were conservative in our merger and acquisition activity, but now that we’re private we can be bolder in this area. Permira operates very much like a venture firm and encourages product expansion.

What is Mimecast’s regional strategy for 2022 to tackle opportunities and challenges for the year ahead?
The Middle East remains an important market to the business, and we continue to see great opportunities to expand our customer base and regional footprint. For now, we remain focused on serving our existing customers and acquiring new customers in UAE and Saudi Arabia. But we’re looking to new countries to expand our geographical footprint in the region and are working with partners to tap into these markets. The region benefits from our product updates and new launches as they are rolled out in our core markets, which means customers are able to advance their security posture as the threat landscape evolves. That’s because we continue to innovate and adapt solutions to manage risk and protect our customers from increasingly sophisticated attacks.

Brandon Bekker is the SVP – EMEA at Mimecast

Read: Cybersecurity attack: It all begins with an email, says Mimecast