2023 IT and Cyber Market Reflections

Despite dire predictions at the end of 2022 from many macro-economists, many of whom infamously forecasted recession as a 100% certainty, 2023 was a year of recovery rather than recession for the US economy. But don’t tell that to the hundreds of thousands of technology workers who were laid off and the thousands of once-promising startups that shuttered their doors in 2023. Indeed, the road to recovery has been quite bumpy for most enterprise software, IT, and cybersecurity companies. We entered 2023 at the low point of a “tech recession” that was driven by increased interest rates and made all the more painful by a COVID spending hangover. As investors, startup founders, and big company CEOs shifted from investing in growth to cutting costs, paving a path towards profitability, a wave of layoffs rippled across the technology industry, reaching a crescendo in January 2023.

IT Services: Moderate Strength from Public to Private             

Still, while 2023 was a tough year for software startups and the employees of large technology companies, it was a relatively strong year for IT services providers. According to the latest analysis from Gartner, overall IT spending grew around 3% across 2022 and 2023, burdened by a significant decrease in device spending each year. IT services spending experienced over 5% of healthy annual growth across the same two-year period. And growth in IT services, which is expected to supplant communications services as the largest portion the ~$5 trillion global IT market, is now expected to accelerate to over 9% in 2024. As CIOs and CTOs struggle to retain talent and face mandates to cut their workforces, outsourced and managed IT services providers will continue to be big winners. Our experience owning and buying IT services companies aligns with the conclusions drawn by Gartner analyst John David Lovelock: in short, labor is shifting “from CIOs to the IT services firms.”  

The performance of leading publicly-traded IT services providers confirms Lovelock’s hypothesis. As of the end of 2023, Accenture, Capgemini, and Cognizant had all seen their revenue and profitability grow at rates north of 10% over the last couple of years, with current industry leader Accenture leading the pack at 24% revenue growth and 18% EBITDA growth over previous 24 months. Investors have taken solace in the steady, reliable growth of IT services leaders, as Accenture and Cognizant stock prices each rose 32% in 2023, significantly outpacing the S&P 500’s healthy 24% growth over the same period. But digging a layer deeper, it’s interesting to note that much of Accenture’s growth has been inorganic – the M&A machine churned out a remarkable 27 acquisitions in 2023 alone, and they haven’t shied away from “paying up” for high-growth IT services firms with critical capabilities around cloud and proven experience integrating and managing in-demand software solutions like ServiceNow. So far, the market has rewarded the active corporate development team at Accenture. Surely, they are betting that Accenture is as good at integrating companies as they are at buying them.

While most public IT services leaders focus primarily on enterprise customers, the MSPs and VARs that serve middle market and SMB customers faced a bit more turbulence in 2023. Still, Worklyn Partners’ investment analysis of nearly 100 private IT services providers in 2023 suggests that, on average, MSPs and VARs experienced moderate demand growth in 2023. Unfortunately, from what we’ve seen, revenue expansion did not translate to increased valuations in private IT services M&A the way it did for the public leaders. Still, while overall IT services M&A volume ticked down from its frenetic heights in 2021, the year of exit valuation maximization, we do believe that 2023 saw valuations increase moderately from their late 2022 lows. The second half of 2022 and the early months of 2023 were characterized by bargain hunting and the consolidation of companies struggling to weather the economic headwinds on their own, but deal velocity and valuations seemed to increase in the second half of 2023.

Cybersecurity: An Impressive Recovery

Similarly, it took until the second half of 2023 for most of the technology sector, led by the booming “Magnificent Seven” to emerge from its recession and join the broader economic recovery. But what about smaller software and cybersecurity companies? While they lagged the growth of the Magnificent Seven, enterprise software stocks, and in particular, cybersecurity companies, recovered impressively in 2023. We’re not quite back to the peak salad days of Q4 2021 –  valuations may never again be so generous, at least for high-growth, unprofitable companies trading on forward revenue multiples – but publicly-traded cybersecurity and SaaS companies are entering this year feeling good.

Public technology companies that recalibrated to focus on profitability by cutting costs (employees) were rewarded handsomely in the second half of 2023. The Bessemer Emerging Cloud Index, a bundle of mostly growth-stage SaaS stocks rose by over 30% in 2023, and HACK Cybersecurity did even better, growing approximately 37% over the year. After declining by a shocking 62% in 2022, software valuation multiples recovered more than halfway (32%) in 2023, while the median multiples for leading cybersecurity stocks expanded from 6.3x to 10.6x. The stars of the cybersecurity recovery, Crowdstrike (CRWD) and Palo Alto Networks, saw their stock prices grow 142% and 111% respectively. Interestingly, while industry darling Crowdstrike is now trading at over 20 times its annualized revenue, its direct competitor SentinelOne (S) is trading down closer to 10 times its annualized revenue, despite a significantly higher revenue growth rate (on a lower base, to be fair). Though the companies enjoy similar gross margins, and do virtually the same thing, CRWD’s market capitalization is nearly ten times that of S. This dichotomy illustrates the extreme premium that public investors have attached to profitability in 2023, as CRWD’s LTM free cash flow margin is 29% while S’ is a concerning -13%. It’s also worth noting that S was beset by a series of issues, including poor ratings by security analysts, leadership churn, and some financial reporting missteps. But despite these missteps, SentinelOne’s 81% growth is nothing to shake a stick at, and the company looks like a bargain relative to its largest competitor.

Ironically, the other big winners in public cybersecurity last year were the private equity firms prescient enough to orchestrate take-privates in the first half of 2023, when multiples were closer to their 2022 lows and the prospects of recovery were dimmer. Francisco Partners, Vista Equity, and Thoma Bravo all placed bets on undervalued cyber companies in the first half of 2023. Francisco Partners’ acquisition of Sumo Logic for $1.7B on a revenue multiple of just 5.6x looks like a steal to us, especially after Cisco announced its intention to acquire Sumo’s larger but less strategically positioned competitor, Splunk, at a 7.3x revenue multiple later in the year.

If we accept that Splunk is, at its core, more of a cybersecurity company than an IT operations player (even this is debatable), Cisco’s $28B acquisition of the SIEM provider is arguably the largest pureplay cybersecurity transaction in history. The effects of this deal will reverberate around the industry, but we don’t know if the deal will have the transformational effects that Cisco is hoping for. Enterprise customers have been complaining for years now about Splunk’s unpredictably high pricing, and its sale may prove to be the catalyst for a growing number of disaffected customers to abandon the platform entirely. We believe that, in the 12 months after the deal closes, Splunk will lose more customers than it will gain via cross-selling into the broader Cisco customer ecosystem. And in the time it takes for Cisco sales teams to figure out how to sell Splunk licenses, cloud-native SIEM and IT and security orchestration vendors like Datadog and Snowflake, as well as growing MDR providers and cybersecurity platform leaders, like Palo Alto, will continue to seize market share from Splunk. Already a leader in networking and network security, Cisco leadership rationalized the Splunk deal as an attempt to push further into cloud security, AI and security analytics, and observability, making them a legitimate cybersecurity platform capable of offering full-stack security solutions, from on-premise networks to cloud to endpoints, and positioning Cisco to compete with leading platform players like Palo Alto. But, in truth, Splunk itself has not yet managed to morph from an on-premise solution into a cloud-first provider, and moving under the Cisco umbrella will not help them solve this problem. It is also worth pointing out that $28B, at a 31% premium on previous closing price, is pretty damn expensive.

We think a more transformative play would have been for Cisco to acquire fast-growing SentinelOne (S), a true cloud native that now has some of the same log management and security analytics capabilities as Splunk thanks to its acquisition of Scalyr. It is rumored that Cisco did consider this route, but quickly pulled out after due diligence revealed inaccuracies in how SentinelOne was calculating recurring revenue. Still, with EDR becoming a “must have” for any company that takes IT security seriously, we believe Cisco would have gotten more value out of SentinelOne, while likely paying less than a third of what they had to put down for Splunk.

Venture Capital Pullback:

While leading publicly traded cybersecurity growth stocks exhibited an impressive recovery, the venture capital landscape for cybersecurity experienced a significant pullback, particularly after several high-profile disappointments in highly valued cyber companies. VC funding for North American and European cybersecurity companies fell off a cliff after the market downturn in Q3 2022, with security companies raising $8.2B in 2023 compared to $16.3B in 2022. Despite investor optimism for deal volume rebound, only six megadeals were tracked in Q3, with AI model security emerging as a notable growth theme, exemplified by high valuation step-ups for pure-play AI security startups HiddenLayer and Protect AI. Indeed, the largest three funding rounds in Q3 2023 constituted nearly 30% of all VC funding in the sector. 2023 also saw a number of notable “down-rounds” for previously hot cybersecurity startups. Perimeter 81 was acquired for a 51% mark-down from its prior private valuation and according to rumors, Snyk saw its valuation more than halved from $8.5B in a 2021 Series F to less than $4B in recent secondary transactions. On the bright side, at least many of these former highflyers are managing to stay alive and cut their cash burn. The same cannot be said for IronNet, a network security vendor founded by the former chief of the NSA, which recently filed for bankruptcy after completing a SPAC transaction that enriched its directors and officers, but now has them in Delaware courts facing shareholder lawsuits. With investors showing a relative lack of interest in conventional SaaS compared to AI and pushing their existing investments to chart the path towards profitability, cybersecurity startups must navigate a landscape where capital of all kinds is more expensive.

Still, the cybersecurity startup landscape saw some major winners emerge, suggesting that 2023 was a year of haves and have nots in VC. For instance, at the beginning of the year, Wiz, the new Wizkid of cloud security, raised another massive $300M funding round at an eyewatering $10B valuation, with investors valuing the business at over 50x forward revenue. And now, as they head into 2024, they’ve eclipsed a $300M recurring revenue run rate, less than four years after launching in market. With the public markets finally becoming more friendly, Wiz may even consider an IPO in 2024. We predict that the venture-backed cybersecurity and enterprise technology vendors to go public in 2024 are those that have achieved some real scale, but are a bit longer in the tooth, with investors who are itching for a liquidity event. We believe that relatively slower-growth, established vendors like Rubrik, a data security leader with sticky customers, and Netskope, a leader in the SASE space, are most likely to pry open the doors to the public markets in 2024. Public markets finally reopening in 2024 and technology companies successfully IPOing will create positive downstream momentum, leading to increased financing and M&A activity. In fact, we’re already seeing it in the first few months of 2024!

If you liked this blog, be on the lookout for a full report with more reflection on 2023 on MSPGrowthHacks.com