Hugh Lam
5 minutes reading time
Slowing economic growth, uncertainty around US trade policy and elevated levels of interest rates pose challenges for the global M&A environment this year. Nevertheless, the cybersecurity industry has seen a pickup in dealmaking activity despite the challenging economic backdrop.
Cybersecurity M&A activity reached 102 deals in the first quarter of 2025, up from 95 in Q1 2024 according to data from research firm PitchBook1. There are several driving forces behind this growth:
Digital threats are rising
The rise of AI and new technologies has created cybersecurity challenges. While AI has the potential to unlock major productivity benefits, it is also being exploited by adversaries to attack critical network systems and infrastructure.
Additionally, we are in a geopolitically fragmented world with tensions between economic powerhouses forcing governments, businesses, and individuals to be more proactive in protecting their data. As a result, according to International Data Corporation (IDC), global security spending is forecast to grow at double-digit rates annually, surpassing $260 billion USD this year.
Source: IDC Worldwide Security Spending Guide (July 2024), Gartner Worldwide IT Spending (October 2024). Actual results may differ materially from forecasts.
This projected level of spending provides a tailwind for incumbent leaders in the cybersecurity industry, including CrowdStrike and Palo Alto which currently protect thousands of organisations and their networks from malicious attacks.
Platformisation trend
Businesses are simplifying the management of their security infrastructure by reducing the number of software licenses they have with various vendors.
This trend signifies a shift to streamline operations, allowing security teams across industries to be more proactive in actively detecting incoming threats whilst safeguarding assets and freeing up resources to optimise workflow processes. This consolidation theme will likely support the larger cybersecurity companies, a number of which have been acquiring smaller companies that offer specialised solutions which they can then integrate on existing platforms.
Healthy private equity activity
Private equity firms have a lot of dry powder to deploy with reports2 from S&P Global Market Intelligence estimating that amount to be around $2.62 trillion USD (as at July 2024).
These firms are becoming increasingly attracted to the cybersecurity industry given its growth potential and recurring revenue models which tend to be sticky in nature (i.e., firms are unlikely to cut spending on security even during market downturns). This ‘stickiness’ may provide some level of resiliency for portfolios invested in cybersecurity companies.
Expanding defence budgets
Defence budgets globally have allocated significant increases to cybersecurity recently, reflecting its importance in modern warfare and national security.
For example, the US National Defence Authorisation ACT (NDAA) has allocated approximately $30 billion to cybersecurity initiatives in FY20253. And as part of NATO’s total defence spending target of 5%, 1.5% of that would be related to “defence-related outlays” which includes spending on cybersecurity.
All of these factors together have helped drive substantial acquisition activity over the last year, including:
- Google’s US$32 billion acquisition of cloud security startup Wiz (March 2025)
- Cisco’s US$28 billion acquisition of Splunk (March 2024)
- Thoma Bravo’s US$5.3 billion acquisition of Darktrace (October 2024)
- Mastercard’s US$2.65 billion acquisition of Recorded Future (December 2024)
- CyberArk’s US$1.54 billion acquisition of Venafi (October 2024)
Investment Implications
In a world mired by rising geopolitical tensions and uncertainty, the Betashares Global Cybersecurity ETF (ASX: HACK) provides a simple way for Australian investors to gain exposure to the growing global cybersecurity sector.
HACK has benefited from strong M&A activity occurring in the cybersecurity industry with 28 portfolio companies having been taken over since the fund’s inception.
Over the 5 year period to 30 May 2025, HACK has returned 18.0% p.a. * and includes key holdings such as Broadcom, CrowdStrike, Palo Alto Networks, Cisco and Infosys4.
Future results are inherently uncertain. The information above may include opinions, views, estimates, projections, assumptions and other forward-looking statements which are, by their very nature, subject to various risks and uncertainties. Actual events or results may differ materially, positively or negatively, from those reflected or contemplated in such forward-looking statements. Forward-looking statements are based on certain assumptions which may not be correct. You should therefore not place undue reliance on such statements. Betashares does not undertake any obligation to update forward-looking statements to reflect events or circumstances after the date such statements are made or to reflect the occurrence of unanticipated events.There are risks associated with an investment in HACK, including market risk, cybersecurity companies risk, concentration risk and currency risk. Investment value can go up and down. The Fund’s returns can be expected to be more volatile (ie vary up and down) than a broad global exposure. An investment in the Fund should only be considered as a part of a broader portfolio, taking into account your particular circumstances, including your tolerance for risk. For more information on risks and other features of the Fund, please see the Product Disclosure Statement and Target Market Determination, both available on this website.
* Past performance is not an indicator of future performance. See the Fund’s webpage at www.betashares.com.au for further performance information.
Sources:
1. https://www.itbrew.com/stories/2025/04/18/cybersecurity-m-and-a-activity-momentum-continues-into-2025 ↑
2. https://www.spglobal.com/market-intelligence/en/news-insights/articles/2024/7/private-equity-dry-powder-growth-accelerated-in-h1-2024-82385822 ↑
3. https://www.csoonline.com/article/3632164/us-military-allocated-about-30-billion-to-spend-on-cybersecurity-in-2025.html ↑
4. No assurance is given that these companies will remain in HACK’s portfolio or will be profitable investments. ↑
1 comment on this
It seems to me that the boom in cybersecurity will be in the companies that specialise in cleaning up the mess. Large corporates seem to be prepared to take the risk rather than spending money up front to prevent the hacking. Witness Optus, Medibank, and now Qantas.