Broadcom plugs into security buzz with $10.7bn Symantec buy

Some lucky gamblers would have made a pretty penny heading into the weekend as Broadcom officially announces it will acquire security firm Symantec.

At the beginning of July, share price in Symantec surged north as the rumour mill started turning. Broadcom was the co-lead of the drama which added 13% to share price in a matter of hours, only for the gains to be cruelly slashed as various news sources burst the bubble. It was nothing but gossip at the time, though the first rumours have turned out to be true.

In a $10.7 billion deal, Broadcom will acquire the enterprise security business of Symantec, expanding the chipmaker into new markets. Tan is looking to spread the wings of the technology giant, with Symantec to offer a stepping stone into an increasingly lucrative segment.

“M&A has played a central role in Broadcom’s growth strategy and this transaction represents the next logical step in our strategy following our acquisitions of Brocade and CA Technologies,” said Hock Tan, Broadcom CEO.

“Symantec’s enterprise security business is recognized as an established leader in the growing enterprise security space and has developed some of the world’s most powerful defence solutions that protect against today’s evolving threat landscape and secure data from endpoint to cloud.”

Some might question why one of the worlds’ largest chipmakers is venturing into the world of enterprise software solutions, but this is a transition which has been underway for some time. Broadcom is not giving-up on semiconductors whatsoever, but it is diversifying the revenue streams.

In November 2017, Broadcom closed the $5.5 billion acquisition of Brocade, a specialist in data and storage networking products, which was followed in July 2018 by the $18.9 billion purchase of CA Technologies, a company which offers various IT software products and solutions. Adding Symantec into the mix simply continues the drive towards enterprise IT.

Looking at the investor presentation, in two and a half years Broadcom has undergone considerable evolution. After the closure of the Symantec acquisition, semiconductors will account for 71% of the total revenues, with software solutions taking the remaining 29%. And of course, with new regulations, new consumer attitudes and new purchasing patterns, security has the potential to become a lucrative area.

The Broadcom management team suggest this acquisition is a foot-in-the-door of a $161 billion addressable security market, with Symantec market share leader in some interesting segments. In the stable markets of endpoint security and web security services, a combined value of $1.25 billion, Symantec is the market leader, where is also leads the way in the fast-growing data loss prevention segment.

One question which some investors might have is whether the Commander-in-Chief will get involved.

Will the White House weight-in?

Trump has been increasingly weighing into the technology industry over the last two years, perhaps seeing this influential segment as a means to counter the aggressive progress made by China in the global economy.

Although the Brocade and CA Technologies acquisitions passed without issue, who can forget the failed acquisition of Qualcomm for $117 billion. This was deemed a move contrary to national security, with Trump signing an executive order to block the acquisition. The Oval Office has remained quiet to date, but it would not surprise anyone to see the President wading in.

If Broadcom acquiring Qualcomm, a company critical to the US’ standing in the 5G race, was seen as a national security threat, who is to say the same theory could not be applied to Symantec. Security is a tender topic at the moment, and Symantec currently works with 86% of the Fortune 500. Blocking the deal is a long-shot, but it is worth keeping a weary eye on the White House.

Of course, should the transaction complete in a suitable period of time, Broadcom will have to make the security segment actually work. Just ask Intel how difficult this is.

Let’s not forget, security acquisitions can bite back

After acquiring security giant McAfee in 2010 for $7.68 billion, Intel endured years of pain trying to make the security segment work for it. After six years of struggle, Intel attempted to sell the security unit, before settling for a spin-off strategy after failing to find a hungry-enough buyer.

Although Intel failed, what is worth noting is the world is a different place nowadays. Thanks to numerous scandals and data breaches over the last few years, as well as the introduction of more punishing regulation around the world, companies are more aware of security threats and are allocating more funds to the various departments. This includes data management and front-line solutions.

In the past, security has been nothing more than political rhetoric or a means for CEOs to pacify investors and customers. Speeches were regularly made concerning the importance of creating security and resilient products, though this rarely translated into investments into security products and solutions.

Attitudes do seem to be changing, more investment is being made into hardening defences and managing risk, though the question is how quickly this evolution is taking hold. This will define whether this is a good acquisition for Broadcom.

The risks are very evident. Recent research from IBM suggests the average cost of a security breach in the US is $8.19 million, almost double the average worldwide. Those who are able to contain a breach to 200 days can reduce the financial impact by an average of $1.2 million; there is certainly financial incentive to take note of the increasingly complex security demands.

Security is now a major component of the digital mix. Few CEOs would have wanted to spend so much on a cost-centre, but reality has caught up; the risks are such that security cannot be swept aside or bolted onto new initiatives nowadays.

China responsible for one in seven attacks on UK business – report

Cybersecurity attacks directed towards businesses in the UK are on the up and it appears the source of these nefarious activities can be quite often traced back to China.

After years of being ignored or swept aside for another day, security professionals are finally being taken seriously in the world of IT. It might be considerably overdue, but it is at a very apt time; according to research from enterprise ISP Beaming, the number of cybersecurity attacks directed towards UK businesses increased by 179% year-on-year for the second quarter of 2019.

“The rate at which UK businesses are attacked online has soared over the last year and companies large and small are under sustained attack from hackers around the world,” said Sonia Blizzard, MD of Beaming.

“The majority of cyber-attacks on businesses are indiscriminate, malicious code that trawls the web seeking to exploit any weak point in cyber security systems. A single breach can be catastrophic to those involved.”

Unfortunately for those who would like international tensions to simmer-down, Beaming is also pointing the finger towards China as the source of many threats. China is seemingly the source of one in seven of these attacks, though Taiwan, Brazil, Egypt and the US are some of most persistent offenders.

Amazingly, on average UK businesses are under-threat from a cyber-criminal every 50 seconds, totalling 146,491 over the period in question. It might sound ridiculous, but it demonstrates the simplistic nature of some of these attacks. For the most part, large businesses will be able to avoid any serious damage by simply investing in basic security principles and systems, though you have to wonder how many SMEs are underprepared to resist the suspect fingers of the dark web.

According to Beaming, 63% of small businesses suffered a cyber-attack last year, with the average cost to the business being £63,000. The total cost of cybercrime for small businesses was £13.6 billion. The under-preparedness of SMEs is perhaps best indicated by its proportion of the total; £13.6 billion of the £17 billion total.

Although there is likely to be a fair bit of fear-mongering from Beaming here, security is considered to be one of the selling points of the business, the threat of cybercrime should not be undervalued.

One trend which presents as much of a threat as it does opportunity is IOT. This is a technology which has the potential to revolutionise business models but also give rise to new services and products. However, the threat is just as prominent. The more a company relies of IOT, the bigger the perimeter of its network and the more points of exposure. The number of gateways increases, increasing complexity of cybersecurity.

For those companies which are struggling to cope in the embryonic version of digital which we live in today, tomorrow could be a disaster.

The research has been released at a very intelligent time when you consider the number of GDPR fines which are potentially on the horizon. Earlier today, July 8, the Information Commissioner’s Office (ICO) announced its intention to fine British Airways £184 million for a data breach which occurred in September 2018.

This is the biggest fine handed out by the ICO, but it is worth remembering this is only one of the first examples of the watchdog swinging the GDPR stick. The number of ‘contacts’ the ICO has had with businesses, organizations and individuals has increased 66% since GDPR was introduced in May 2018. In terms of workforce, 200 additional employees have been drafted in since GDPR with plans to hire another 100 to take the total north of 800.

These numbers suggest the ICO is getting more serious about investigation and enforcement, though another consideration for the importance of security is the buying preferences of UK consumers.

If the number of complaints about personal data breaches are increasing, up to 14,000 for the 12 months to May 1 from 3,300 in the prior year period, consumers are clearly more aware about security and data protection. With more products incorporating connectivity, and consumers becoming more away of the dangers of the internet, the security credentials of an organization will become a factor in the purchasing decision-making process.

If start-ups are going to challenge the status quo in the digital world, they will need to sort out security systems and processes. It might surprise some that SMEs account for such a large proportion of the cost of cybersecurity to UK businesses, but such statistics will start to become more prominent as digital increasingly becomes the norm.

Theoretically, the digital world levels the playing field, affording the opportunity for start-ups to challenge the status quo, but if they aren’t up-to-speed when it comes to security, it might well turn out to be a non-starter.

Cisco forks out $2.35bn for Duo – the acquisition train thumps on

Cisco has announced its intent to acquire Duo Security for $2.35 billion in its quest for more subscription based deals.

Michigan-based Duo Security was founded in 2010, growing to 700 employees with offices across the US and in London. The company’s cloud-based two-factor authentication is becoming a much more common tool for employees around the world who want to access sensitive information from multiple devices, in various locations. The deal is expected to be completed in the first quarter of 2019.

Combining the words Cisco and Acquisition is not uncommon, as the business seems to believe acquisition is a much more efficient means to success than organic growth. This is the fourth acquisition to be announced by Cisco in 2018, with the company swallowing up another nine organizations across 2017 and another seven in 2016. Eleven were added to the mix in 2015.

“When we started Duo, the security industry was badly broken,” Duo CEO Dug Song wrote in a letter to employees. “Users were blamed and victims were shamed for what were really design failures in IT – or worse, vendors spent more time admiring attackers versus defeating them.

“The complexity of security products often introduced more problems than they solved, and for every dollar of product, twice as many dollars were spent on services to support them. A new philosophy and approach to security was needed; one that demonstrated respect for people, both in the design of the products and in how business is done. And so we formed Duo.”

The move itself is another step forward for Cisco which has been striving to prove its security credentials in the competitive world of cloud services. Aside from this acquisition, the networking giant has also brought OpenDNS, Sourcefire and Cloudlock into its armoury to bolster resources and offerings to customers. For the moment, the companies will continue to act as separate entities, with Song continuing as GM, though the business will fit into Cisco’s Networking and Security business led by EVP and GM David Goeckeler.

“I’m excited to welcome the Duo team to Cisco,” said Goeckeler in a blog post. “I’m even more excited about the impact as part of Cisco’s intent-based networking portfolio that Duo is going to make for customers deploying multi-cloud models.”

For Cisco, Duo fits into the intent-based networking strategy, adding another arrow to the quiver; identity and access. It does sound like a good fit for Cisco, as identity and access is becoming much more of a headache for CTOs around the world, especially considering the continuous flood of data breaches hitting the headlines. That said, acquiring Duo provides another step into the world of recurring revenues for the business, which is never a bad thing.