We’re only one month into 2018 and have already witnessed a surge in M&A activity in the IAM space. Since January 1, 2018, four major IAM related deals, totaling over $1 billion (based on reported amounts and Forrester estimates on certain transactions), have been announced:

• KPMG acquired Cyberinc.
• One Identity acquired Balabit.
• RELX acquired ThreatMetrix.
• Bomgar acquired Lieberman Software.

There are several factors driving this recent surge:

  1. Positive global macroeconomic outlook and capital market performance are accelerating tech M&A activity. The continued strength of US equity markets and other positive global macroeconomic data are driving optimism about their growth targets for enterprises as well as for security vendors. This optimism, coupled with tech vendors’ traditionally strong cash position, is driving M&A activity, especially since the other options for excess cash, such as paying down debt, don’t always apply to the many software vendors that have little debt.
  2. The broad vendor ecosystem provides opportunities for vendors to fill in product portfolio gaps with M&A. The cybersecurity vendor landscape has expanded dramatically in size and scope over the past five years, fueled by many new venture-backed entrants and by private equity capital. Although this creates challenges for enterprises, which must navigate a broad and diverse group of suppliers, the vendor breadth also means that companies can fill the gaps in their portfolio by acquisition and avoid the whole buy-versus-build decision. Coupled with a strong economy, the buy side will remain the preferred choice, for financial and time-to-market considerations.
  3. Enterprise demand for identity and access management (IAM) remains strong. Throughout 2017, Forrester fielded a large volume of IAM inquiries related to authentication and privileged identity management. In many cases, these discussions stemmed from audit findings or concerns around mitigating the risks of data breaches. These January deals all involve technologies that can help enterprises meet these PIM and authentication challenges and protect data.

While past behavior is not usually a guaranteed predictor of future activity, the surge in IAM M&A activity in the identity space in the past four weeks is notable, especially compared with 2017. Continued health in the global economy, combined with the projected influx of repatriated cash into US tech vendors’ coffers because of the changing corporate tax structure, means that M&A activity will remain strong across all cybersecurity sectors, including IAM, throughout 2018. This will require enterprise security teams to keep close tabs on their supplier landscape and be prepared for further consolidation and disruption.