Cybersecurity: At the crossroads of risk
White & Case Private Equity Viewpoint

The path to exit: Scaling up a cybersecurity investment

Alan Rassaby*, general counsel and company secretary at Avast, on scaling up through acquisition

The next field of endeavor is the Internet of Things. People are just starting to realize how insecure their networks are, with the weak link being the router.

There is no doubt that the cybersecurity market is growing. The more that people communicate and the more that information is digitized, the greater the incentive there is for individuals with malicious intent to steal sensitive data and for governments to breach each other's defenses.

In 2017, the total financial cost of consumer cybercrime globally has been estimated at US$172 billion. The number of ransomware attacks quadrupled in 2016 and continues to rise sharply. It is therefore no surprise that investments in cybersecurity are increasing. Based on our own market study, we believe that the market Avast operates in will increase by a 10 percent CAGR between 2017 and 2021.

This means there is a huge opportunity for investors to see returns. However, the market is not without its challenges. You have to make the right bets on what technology to develop—it has to be deep enough, it needs to be broad enough, and you need the right business model. People's use of technology is also in constant flux, and there are very different environments and operating systems that are in continuous development.

In 2013, when I joined Avast following Summit Partners' investment and prior to CVC Capital Partners becoming a major shareholder, the company was much smaller than it is today. We were growing rapidly and had attractive margins—but we saw that our exceptionally high growth couldn't last forever. We were heavily dependent on our desktop business and were unable to cross-sell into adjacent products because all we had to sell was our desktop security and anti-virus product.

So the task was to diversify into mobile and develop multiple products, both organically and through acquisitions. Mobile usage has exploded in recent years, which has created both security issues and opportunities for Avast to expand, particularly with the introduction of Google Android.

Mobile is a separate proposition in many ways—the software is built and monetized differently. Mobile is more dependent on advertising, and people do not pay as much for apps as they do for desktop programs. You cannot simply transpose the same business model from desktop to mobile and expect it to take root. So we have had to apply lots of ingenuity on our path to acquiring our 145 million mobile users.

Our growth has come from a mix of organic development and acquisitions. Getting the balance right between build versus buy is a key to success. The largest M&A we were involved in came in 2016 when we acquired AVG in a US$1.3 billion take-private transaction. It was ambitious; we were a private company of 600 people at the time, while AVG was a NYSE-listed company with about double the headcount and higher revenues but a lower profit margin.

We felt we were a better-run company since we sold similar products but had a much higher profit margin. The synergies were compelling. Both companies used a freemium model, which was highly disruptive and enabled each of us to develop large user bases. Today, we use the existing Avast technology engine but continue to run two brands with separate user interfaces. Avast was stronger in developing markets, whereas AVG led in English-speaking markets. So our strategy was to maintain the brand equity of each company while taking the best of what each of us had to offer.

The easiest part of all is getting the deal done. It's everything that comes afterwards that is challenging. It is essential to have a clear strategy in mind and, once the deal is completed, to begin monitoring the integration of the two companies to ensure that no one drops the ball. Inevitably, you're striving for integration to achieve synergies, and since our products duplicated each other, to a significant extent, those synergies were obvious. You must then identify the right phase to draw the target into your mainstream business and stop monitoring it independently once it's fully embedded. There's many a slip between the cup and the lip in those processes.

Before we made the acquisition, we sat around the executive table and agreed that the deal would make Avast less of a natural M&A target because at that scale it's less easy to be swallowed whole, by private equity or a strategic acquirer. Ultimately, we chose to take the IPO route in order to provide liquidity.

The London Stock Exchange is a good fit for the business because investors in the London market appreciate real businesses that make real money. Our cash generation ability makes us an attractive dividend play. We have 435 million users, which means we manage petabytes of data that are analyzed through machine learning as part of our threat identification strategy. That creates very high barriers to entry, so it is attractive from an investment perspective.

The next field of endeavor is the Internet of Things. People are just starting to realize how insecure their networks are, with the weak link being the router. As they build out the number of connected devices in their homes, the security challenge magnifies and people are increasingly taking their work home, exposing a new weakness in corporations' and governments' defenses. The scope for growth is immense.


* Alan Rassaby has served as Avast's general counsel and company secretary since February 2013. He has also held similar roles at RightNow Technologies, Powerhouse Technologies and Anchor Gaming after Anchor's acquisition of Powerhouse.


Cybersecurity: At the crossroads of risk


This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2018 White & Case LLP