The Expert's View with Michael Novinson

Governance & Risk Management

A Tangled Web We Weave: When Reported M&A Never Materializes

Why Acquisition Reports Emerge in the Media, and What It Means for Those Mentioned
A Tangled Web We Weave: When Reported M&A Never Materializes
Image: Shutterstock

Companies historically responded to M&A reports with milquetoast statements about "not commenting on rumors or speculation," but recently, aggressive clapbacks have become much more common.

See Also: How Active Directory Security Drives Operational Resilience

A public spat erupted in recent days between CrowdStrike and Action1 over whether the former ever seriously considered acquiring the latter. The dispute stems from an Aug. 7 internal email sent by Action1 CEO Alex Vovk - and later leaked to the media - which states, "I would like to confirm that CrowdStrike is interested in acquiring Action1 with an estimated transaction value close to one billion dollars" (see: Why CrowdStrike Is Eyeing a $1B Buy of Patching Firm Action1).

Less than two weeks later, Action1 put out a press release announcing its intent to walk away from M&A discussions and remain independent. Co-founder and President Mike Walters told Information Security Media Group, "We are creating a multibillion-dollar company, and $1 billion is not enough. When you become a part of a larger vendor, you get defocused because they have other priorities."

A day later, CrowdStrike fired back, as Vice President of Corporate Development Gur Talpaz said that a single 45-minute group conversation with Action1 took place following RSA Conference in May, and CrowdStrike disengaged after a surface-level conversation. Then, on Thursday, Action1 said it disagrees with Talpaz's post but declined further public comment since "our lawyers are in discussions" (see: No Deal: Action1 Rebuffs CrowdStrike's Interest in $1B Buy).

Although a handful of chief executives have forcefully pushed back on reported acquisition talks, none have publicly engaged in a back-and-forth as CrowdStrike and Action1 have done. But increasingly, executives are willing to attract more publicity by publicly denying M&A reports either to reassure customers, partners and employees that no major changes are occurring or in hopes of negotiating a more favorable deal.

Why Acquisition Talks Leak, and What It Means

Merger and acquisition reports leak in the press mostly because one set of stakeholders wants to apply pressure on another. This could be an investor or board member leaking that their company is considering a sale to drum up a bidding war or to get executives on board with the idea of an exit. Or it could be a financial or strategic buyer trying to convince a recalcitrant seller to engage in deal talks.

If investors, board members and executives are all aligned on whether or not they wish to sell - and if so, under what conditions - there's little reason for anyone to leak. When leaks start occurring, it's typically a sign that someone wants a deal.

Three months before the CrowdStrike-Action1 feud, Zscaler founder, Chairman and CEO Jay Chaudhry took the highly unusual step of denying reports from anonymous Medium and Substack posts that talks had started around a $38 billion purchase by Broadcom. "Neither I nor the Zscaler board of directors are seeking or entertaining any offers to acquire Zscaler. Any reports stating otherwise are untrue," he said (see: Why a Broadcom-Zscaler Deal Makes Sense - and Why It Doesn't).

The company with the highest volume of M&A reports over the past year is Wiz, with three separate high-profile transactions that have failed to materialize - yet. The reports kicked off in August 2023 when a spokesperson told press the cloud security firm "has openly discussed the possibility of acquisition" and added that Wiz has been following SentinelOne's "growth journey for the past several years."

Once SentinelOne emerged from its quiet period, CEO Tomer Weingarten fired back, telling investors that reports of a deal with Wiz were "a head-scratcher," "far from fact" and "pure speculation on their part." Then in April 2024, several media organizations reported that Wiz was in advanced negotiations to buy Lacework - which was once valued at $8.3 billion - for between $150 million and $200 million.

That deal never materialized, and Lacework was instead bought by Fortinet at the start of August for $149 million. Finally in July 2024, several media organizations reported that Google parent Alphabet was in advanced talks to acquire Wiz for $23 billion, with a deal expected soon. A week later, Wiz CEO Assaf Rappaport emailed employees to say the Google deal was off and that Wiz would proceed with an IPO (see: Why Google Is Eyeing a $23B Buy of Cloud Security Phenom Wiz).

Without spending a cent, these acquisition reports cemented Wiz's reputation as an aggressive player in the market that's willing to make bold and expensive moves to gain an edge on competitors. The report - with Google offering a 91.7% premium over the $12 billion valuation Wiz received in May - also set valuation expectations for investors who might consider buying into Wiz as it becomes publicly traded.

A Deal Deferred Isn't a Deal Denied

Just because a reported acquisition doesn't happen right away doesn't mean it's off the table for good. Media reports typically mean some key stakeholders want to make a deal happen. All that needs to happen is for the parties to agree on price. The economic downturn has led to valuations hinging more on profitability than growth, and it's taken some time for sellers to calibrate their expectations accordingly.

Recent cybersecurity history is littered with examples of media reports about potential acquisitions or companies being up for sale, following by protracted periods of silence, followed by a deal happening a year or even two years later. The Wall Street Journal reported in February 2022 that Cisco offered to buy Splunk for $20 billion, but a deal wasn't consummated until September 2023 at a price of $28 billion (see: Cisco to Bring XDR, SIEM Together With $28B Splunk Purchase).

Calcalist reported in March 2023 that Akamai and others were interested in buying API security unicorn Noname for "hundreds of millions of dollars," but the $450 million deal didn't come together until May 2024. And Thoma Bravo and Darktrace broke off deal talks in September 2022 after failing to reach an agreement on terms. Nineteen months later, the two sides reunited and agreed to a $5.32 billion acquisition.

Since May, five publicly traded security vendors - eSentire, Trend Micro, Tenable, Rapid7 and N-able - have reportedly been in talks about getting acquired, with private equity firms considered the most likely buyer. This follows a string of take-private deals since spring 2022 for smaller or lower-growth public cyber vendors including SailPoint, Ping Identity, ForgeRock, Darktrace, KnowBe4 and Sumo Logic.

Rapid7 has struggled over the past half-decade, with its stock price falling nearly 30% while vulnerability management rivals Qualys and Tenable have enjoyed 51% and 89% gains. It's unsurprising Rapid7 has been on the selling block since February 2023 - when the company reportedly hired Goldman Sachs - and continuing into June 2024, when activist investor Jana Partners pressured the company to sell itself (see: Why Activist Investor Jana Is Pressing Rapid7 to Sell Itself).

When it comes to acquisition reports, when there's smoke, there's likely a fire. That's because there's someone with financial skin in the game who wants to make a deal happen. Unless the acquisition target remains closely held by members of the founding team, the biggest questions remaining once deal reports emerge are when, with whom and for how much.



About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.