dark reading threat intel and cybersecurity news

US private equity firm Thoma Bravo, which has been on a cybersecurity vendor buying spree lately, has walked away from plans to add British cybersecurity firm Darktrace to its portfolio.

The two sides parted ways after failing to come to an agreement on the terms of a deal. The news sent shares of Darktrace plunging nearly 35% Thursday on the London Stock Exchange, falling from 514.6 pence per share (about US$5.91) at close of trading Wednesday to 337.1 pence per share (roughly $3.87) on Thursday.

Darktrace — a provider of AI-based cybersecurity technologies — on Aug. 15 announced that it had received several “preliminary and conditional proposals” from Thoma Bravo to purchase the company. The security firm said Thoma Bravo was in early discussions to buy it out in an all-cash transaction, but it had cautioned at the time that there was no certainty that an offer would be made.

On Thursday, Darktrace said those discussions had broken down, and that an agreement could not be reached on the terms of an offer.

“Further to the announcement made earlier today by Thoma Bravo that it does not intend to make an offer for the Company, the Board of Darktrace confirms that discussions with Thoma Bravo have terminated,” the company said. “As a result of the announcement made earlier today by Thoma Bravo, the Company is no longer in an offer period for the purpose of the UK Takeover Code.”

Thoma Bravo did not immediately respond to a Dark Reading request for comment on the development.

British rules governing proposed mergers and acquisition prohibit Thoma Bravo from making an offer for Darktrace for another six months, unless another firm makes a formal offer to buy the company, Reuters and several British media outlets noted.

Darktrace was founded in 2013 and currently claims to have more than 7,400 customers in 110 countries. It reported revenues of $419.3 million for fiscal year 2022 before revising that number down to $415.5 million after determining that $3.8 million in revenues should have been attributed to fiscal year 2021. Darktrace went public on the LSE in April 2021. At one point, the security vendor’s market cap hit more than $8 billion, but questions over the company’s valuation drove its stock down shortly thereafter and kept it there for most of this year.

Darktrace also has had its share of controversy related to British billionaire Mike Lynch, who is one of the biggest shareholders in the company. Lynch is currently fighting extradition to the US after a British court held him culpable earlier this year of artificially inflating the value of his previous company Autonomy before selling it to HP for $11.1 billion in 2011. HP filed a lawsuit against Lynch after the company was forced to write-down the value of Autonomy by $8.8 billion one year after acquiring the firm.

Market Valuation an Unlikely Factor

All of that said, Richard Stiennon, chief research analyst at IT-Harvest, says Thoma Bravo’s change of plans likely had little to do with Darktrace being overvalued. In fact, most publicly traded cybersecurity companies are way down from their highs last summer and, if anything, are dramatically undervalued, Stiennon says.

“I don’t think Thoma Bravo is backing off of Darktrace because of valuations,” he says. “I think strategically there is not a clear market for the AI-enhanced threat hunting that Darktrace touts. The market is pretty much equal to Darktrace’s revenue today.”

Thoma Bravo’s Cybersecurity Buying Spree

The Darktrace acquisition, if it had gone through as planned, would have added yet another company to Thoma Bravo’s rapidly growing roster of cybersecurity acquisitions. Recently the private equity firm has spent tens of billions of dollars acquiring the likes of identity service provider SailPoint
for $6.9 billion, Ping Identity for $2.8 billion, Proofpoint for $12.3 billion, and Sophos for $3.9 billion.

Overall, 2021 marked a record year for merger and acquisition activity in the cybersecurity sector, with some $77.5 billion in M&A volume and $29.3 billion private equity and venture capital investments, according to Momentum Cyber. Through the end of the first quarter of 2022, Momentum reported $12.2 billion in M&A activity and $7 billion in financing from VCs and PE firms.