FTSE 250 cybersecurity company Sophos has accepted a $3.9bn acquisition offer from private equity group Thoma Bravo.
This is the latest in a string of billion-dollar cybersecurity acquisitions for private equity group Thoma Bravo, but it’s the most expensive one so far, and the first outside the US.
“Today marks an exciting milestone in the ongoing journey of Sophos,” said Sophos CEO Kris Hagerman. “Sophos is actively driving the transition in next-generation cybersecurity solutions, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more. We continue to execute a highly-effective and differentiated strategy, and we see this offer as a compelling validation of Sophos, its position in the industry and its progress.”
Sophos, based in Oxfordshire, was founded in 1985 and has been publicly traded since 2015, when its IPO raised £1bn. While it has offerings in a range of security areas and serves businesses of all sizes, it’s probably best known for offering endpoint security and managed services to medium-sized businesses – according to its annual report for 2019, 86% of its customers had fewer than 5,000 employees.
Over the past year its stock prices have taken a few hits, with concerns about slowing growth being primarily to blame, though Sophos attributed this to ‘unusually elevated’ growth in FY2018 rather than an overall decline. Albeit more modestly this year, revenues have continued to grow (11.2% year-on-year in FY19) particularly in Sophos’ ‘next generation’ security business, as has its customer base (35,000 net new customers in FY19).
However, growth was particularly strong among MSP customers (119%) – meaning smaller companies, and monthly billings rather than long-term contracts. With Sophos selling primarily through the channel and operating a fairly lean company of only 3,400 employees, customers of this type are likely to reflect an increasing proportion of its customer base.
“We are excited by the opportunity to partner with the Sophos management team and employees as we further develop Sophos as a best-in-class software franchise and nextgen security leader,” said Seth Boro, a Managing Partner at Thoma Bravo. “Sophos has a market-leading product portfolio, and we believe that by applying Thoma Bravo’s expertise, operational framework and experience, we can support the business and accelerate its evolution and growth.”
The acquisition certainly makes sense for Thoma Bravo. With sterling relatively weak, this is a good time to target UK companies. And endpoint security, particularly ‘next generation’ endpoint security, continues to attract significant investment – recent examples including CrowdStrike’s $6.7bn IPO and Symantec’s $10.7bn acquisition by Broadcom.
While Thoma Bravo already has a sizeable cybersecurity portfolio, including a stake in McAfee (one of the biggest names in endpoint security), many of its current companies are more specialised – e.g. LogRhythm for SIEM, Imperva for web security, Centrify for Zero Trust.
GDPR has prompted a new wave of investment in cybersecurity from small and medium sized businesses, primarily because it’s made the ROI much easier to calculate. Under the new regulation, being able to point to ‘appropriate measures’ can significantly downsize the cost of a fine, as well as reputational fallout.
But developing and managing a tailored security architecture is challenging (not to mention time-consuming), and particularly given the much-discussed shortage of experienced information security professionals, hiring is similarly problematic. So especially for companies building security almost from scratch, outsourcing as much as possible makes sense, and a provider such as Sophos – which offers a fairly comprehensive range of solutions, plus the option of managed services, while benefiting from advanced-sounding ‘next generation’ branding – is an attractive option.
“It is the view of the Sophos board that this is a compelling offer for Sophos shareholders which secures the delivery of future value for shareholders today,” said Sophos chairman Peter Gyenes.
“Thoma Bravo has deep sector expertise in cybersecurity software as well as a long and successful track record of partnering with and investing in its portfolio companies to support long-term growth and success.”
