Cybersecurity Partnerships and Joint Ventures
A Booming Landscape of Deals and Collaboration
CYBERSECURITY PARTNERSHIPS are surging as companies, governments, and individuals demand more advanced solutions to address the growing threat of cybercrime and other technology vulnerabilities. Recent trends such as cloud computing, bring your own device (BYOD), and the Internet of Things are only serving to accelerate these concerns — and with it, the rapid proliferation of cybersecurity partnerships. Between 2014 and 2016, cybersecurity partnership deal volume jumped by 250% — and involved a wide variety of deal structures, economic and operating models, and partner goals and combinations. There were nearly 70 material partnership transactions in 2016, compared to 60 the previous year and less than 30 in 2014. In surveying the industry, we are seeing a few partnership hotspots on the landscape.
Vertical solutions. To date, many cybersecurity partnerships have been traditional team-ups between two or more high-tech companies to offer a cross-industry solution. Hewlett-Packard’s partnership with leading cybersecurity firm FireEye is a good example. The two companies paired up to provide HP’s enterprise service clients with access to FireEye’s suite of threat detection, incident response, and compromise assessment offerings. From 2014 and 2016, however, traditional team-ups have been increasingly focused on delivering more tailored “vertical” solutions to specific industries like healthcare, telecom, financial services, infrastructure, and oil and gas (Exhibit 1). For example, information technology firms CSC and HCL formed an equity JV to deliver next-generation cybersecurity solutions specifically for global banks.
A subset of vertical solution partnerships have invoked direct collaboration between high-tech companies and major players in different industry verticals. For example, Cybereason formed an exclusive JV with its customer and investor Softbank — the Japanese telecommunications conglomerate — to provide endpoint detection, incident response, and managed security services to the Japanese market. In this deal construct, Cybereason contributed the technical product solution and an exclusive licensing arrangement, while Softbank contributed its sales channels, including an extensive network of broadband and mobile customers in Japan, and local market knowledge. This general construct applies to most cross-border ventures: the foreign company brings a technical solution and the local player brings their sales channels and nuanced understanding of local customer and regulatory requirements that help adapt product offerings and accelerate go-to-market. Still, there are other partnership deal constructs that are focused on developing vertical solutions. DNV GL, the oil and gas industry certification body, established a one-year joint industry partnership (JIP) with Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson, Kongsberg Maritime, and the Norwegian Petroleum Safety Authority. The JIP consortium will produce guidelines for industrial automation and control systems to protect oil and gas installations against cyber-security threats.
Military-to-Commercial (M2C). In the ongoing land grab for cybersecurity market share, defense companies with military-grade cybersecurity solutions continue to seek ways to parlay their expertise into the commercial realm. In 2015, several defense industry Primes tried to break into the commercial cybersecurity market, but ended up divesting their assets and redeploying capital to core programs. For instance, Boeing divested Narus to Symantec, General Dynamics offloaded Fidelis to Marlin Equity Partners, and Lockheed Martin announced its intention to sell or spin off the firm’s IT business. Northrop Grumman took a slightly different tack and spun-out its assets into a partially independent business called Acuity Solutions.
Exhibit: Cybersecurity Partnerships