Data security is suddenly a sexy topic again. Last fall, it was because of a wave of consolidation sweeping across the security software sector. This time, the attention-getter is far more ominous: A bushel of large companies have seen their systems hacked or attacked recently.
Will this trigger a second round of juicy buyouts?
The story so far
Lockheed Martin (NYSE: LMT) saw hackers sneaking into its computer systems, though no sensitive customer data was stolen. EMC (NYSE: EMC) division RSA Security has offered to replace SecurID tokens -- not just the compromised ones at Lockheed but nearly all of them across government and enterprise customers worldwide. "Because of these attacks and the changing threat landscape, there has been an incredible heightening of public awareness," said RSA Chairman Art Coviello.
In other news, Google reported break-ins into its Gmail service. This became a minor international incident as Big G pointed fingers at China, following the larger spat in 2010 that sent some Google servers over to Hong Kong.
And then there's repeat offender (or is that "repeat victim"?) Sony. In a series of attacks against the consumer-electronics veteran, hackers have obtained the personal information of 77 million Sony users, including at least 12,700 credit card numbers. The company estimates an operating cost of about $170 million to handle that massive breach alone, not accounting for smaller attacks in its wake or the damages as the inevitable lawsuits start flowing in.
In short: ouch. Cyber-security -- or the apparent lack thereof -- is a big, painful pimple on today's business world.
What's bad for the goose is good for the gander
But one man's disaster is another's opportunity. Much of Sony's $170 million cleanup bill goes toward beefing up the company's security systems, which is great news for security vendors.
But that's just the beginning. I fully expect another round of industry consolidation here, because enterprise security is suddenly a big deal again -- and a very fragmented industry to boot.
Recently acquired McAfee and standalone titan Symantec (Nasdaq: SYMC) are the two biggest names in both retail and enterprise security. According to analyst firm Gartner, these two giants combine for a mere 30% market share. And while EMC and some other vertical tech conglomerates sell a fair amount of security products and services, many others still don't have that essential component of a complete top-to-bottom infrastructure. Oracle (Nasdaq: ORCL) is perhaps the biggest example of a company with marketwide ambitions but not a serious security option.
Where are the targets?
To my mind, the most likely buyout targets at a time like this would be small to midsized security specialists with full-featured solutions for the enterprise. The big boys are running scared now that they've seen fellow giants Lockheed and Google taken to the cleaners, and the attackers may have been emboldened by these successes, too. Anything's a fair target.
With that in mind, I'd peg Check Point Software Technologies (Nasdaq: CHKP) as the most likely buyout target for a big and rich acquirer such as Oracle or Hewlett-Packard (NYSE: HPQ). Armed with a complete business-class security portfolio, the company looks even sweeter in the light of consistent double-digit revenue growth and a deliciously fat 42% net margin. This buyout would immediately add to its sugar daddy's bottom line.
On a smaller scale, Blue Coat Systems (Nasdaq: BCSI) could appeal to a less richly endowed buyer. In this case, there are some inefficiencies to squeeze out of the operation, but the price tag is much smaller than Check Point's. This company might be more amenable to buyout talks anyhow, considering the limping progress of its long-running turnaround story.
The IT industry is transforming itself as we speak. Old business models are headed to the trash heap as the hyperconnected new business world emerges. Whatever buyouts might happen in this environment will surely lean heavily on the targets' expertise in cloud security. Watch a free video that explains cloud computing in portfolio-changing detail.
