Endpoint Security , Governance & Risk Management , IT Risk Management
Goodbye, Symantec for Consumers; Hello NortonLifeLock
Era Ends With Broadcom's Buy of Symantec's Enterprise Assets for $10.7 BillionSymantec anti-virus for consumers is no more.
See Also: Frost Radar™ on Healthcare IoT Security in the United States
In what marks the end of an era, Symantec on Monday issued a statement saying that it will henceforth be known as NortonLifeLock Inc. The reason for the Mountain View, California-based company's shift is the sale of Symantec's enterprise security assets and brand name to Broadcom in a deal worth $10.7 billion, which closed Monday.
On Tuesday, NortonLifeLock begins trading under the ticker symbol “NLOK” on the Nasdaq stock exchange. It says nearly 50 million consumers use its products and services. But can the new, pure-play consumer "cyber safety" business succeed where the combined consumer and enterprise business previously stumbled?
The Broadcom deal followed the surprise exit of Symantec CEO Greg Clark in May after the company missed its earnings forecast. Clark had been trying to revitalize the cybersecurity firm in the wake of declining consumer interest in its anti-virus products (see: Symantec CEO Exits as Company Misses Earnings Forecast).
By the summer, analysts were warning that Symantec was "rudderless" and ripe for acquisition. In stepped semiconductor manufacturing giant Broadcom, but only to acquire the company's enterprise security assets (see: Report: Broadcom in Discussions to Buy Symantec).
Clark's abrupt exit wasn't the only challenge facing Symantec, which had experienced a tumultuous 2018. In May 2018, the company's board of directors announced that it was launching an investigation into accounting irregularities after a whistleblower raised concerns. The U.S. Securities and Exchange Commission launched a formal investigation.
In November, Symantec's board concluded its investigation, saying that it had found that a $13 million fourth-quarter 2018 customer transaction was incorrectly recorded as revenue, and that it was deferring $12 million to a subsequent quarter. It also said it had found violations of corporate policies and promised to take unspecified human resources actions as a result. It also promised to put better controls in place.
Cyber Safety Play
NortonLifeLock will now attempt to go the consumer route alone. Of course, there is no guarantee that the new entity will flourish. But executives say they expect the company's cyber safety business - previously known as Norton LifeLock - to play a big part, together with a 12-month restructuring program that will include the sale of numerous real estate assets.
On an Aug. 8 earnings call, Richard S. Hill, then Symantec's interim president, CEO and director - and now interim president and CEO of NortonLifeLock - said that the new company has $1.5 billion in stranded costs.
Stranded costs refer to post-merger-and-acquisition costs that remain with a company after it's divested certain assets, such as call centers, contracts with vendors or infrastructure.
Hill says it will take about $1 billion cash to eliminate those stranded costs, which the company plans to do in part via the sale of real estate.
"We believe we can self-fund the majority of these restructuring costs using the value of the underutilized assets such as real estate, which is located in highly attractive locations," Hill said on the call. "We believe this transition period will take approximately 12 months from the close of this agreement to realize all of the cost savings, after which we will have a more nimble and unencumbered, pure-play consumer cyber safety business."
NortonLifeLock's CFO, Vincent Pilette, repeated that message this week. “The launch of NortonLifeLock today is a key step in our transformation towards a standalone, pure-play consumer cyber safety business,” he says. “As we move through the transition period over the next twelve months, we will realign our cost structure for the company to drive revenue growth, cash flow generation and earnings power.”
Norton Lives On
Norton, of course, isn't a new brand name, nor is LifeLock.
In 1990, Symantec purchased Peter Norton's software company, which developed DOS utilities, although no security software. In 1991, Symantec released its first-ever anti-virus product under the Norton brand. Nearly 30 years later, that still continues.
In 2016, Symantec purchased identity theft protection firm LifeLock for $2.3 billion, despite the company's somewhat checkered past. That included claims that the company could prevent identity theft, backed by a failed stunt by then-LifeLock CEO Todd Davis, who used his own Social Security number in advertisements, leading him to suffer 13 identity theft incidents. The company ultimately settled with the U.S. Federal Trade Commission (see: LifeLock Settles FTC Case for $100 Million).
For many industry watchers, however, Symantec arguably never recovered from its attempt to mash up its own security business with a major storage play.
In 2005, Symantec - then helmed by John Thompson - acquired storage vendor Veritas for $13.5 billion. But the supposed benefits of combining a storage firm and a security firm failed to materialize, leading to the company chewing through CEOs at an alarming pace. The refrain from many investors was clear: Ditch Veritas.
But this didn't come to pass until August 2015, when Symantec first promised to spin off Veritas as a storage business, before changing gears and offloading Veritas for $8 billion in cash to The Carlyle Group, an asset management firm.
Industry Consolidation Continues
Broadcom's Symantec acquisition is part of a wave of continuing cybersecurity industry consolidation large and small. Last month, private-equity firm Thoma Bravo said it would further bolster its cybersecurity holdings by bagging British security company Sophos in a $3.9 billion deal. Sophos is one of the 30 best-known anti-virus vendors, per testing firm AV Comparatives.
On Sunday, the Sunnyvale, California-based email security firm Proofpoint announced that it has reached a definitive agreement to acquire ObserveIT and its insider threat management platform for $225 million.