A Landmark Acquisition in Cybersecurity History
In one of the most significant cybersecurity acquisitions ever, Google announced its intention today to purchase Wiz, a fast-growing cloud-native security firm, for an unprecedented $32 B. This historic deal dwarfs other notable cybersecurity transactions in recent history, including Thoma Bravo’s acquisition of Proofpoint for $12.3 B in 2021 and Broadcom’s $10.7 B purchase of Symantec in 2019. Google’s aggressive move marks a strategic milestone, reinforcing its commitment to cybersecurity after entering the space significantly in 2022 with its $5.4 B acquisition of Mandiant.
Strategic Rationale: Why Wiz and Why Now?
Understanding Google’s strategic rationale behind this deal requires recognizing the surging growth of enterprise cloud investments, coupled with a notable lag in cloud security spending. According to our recent Cloud Workload Security Quarterly Report covering the CNAPP (Cloud-Native Application Protection Platform) market, enterprise cloud spending skyrocketed from approximately $81 B in 2020 to an estimated $285 B in 2024, representing an impressive 5-year compounded annual growth rate (CAGR) of 29%. However, security investments have not kept pace, presenting a significant opportunity for vendors like Wiz that provide comprehensive cloud-native security solutions.
CNAPP, as defined in our Dell’Oro Group reports, is a unified platform that combines software security, deployment security, and runtime security technologies to secure the entire lifecycle of cloud-native applications. This platform approach fosters essential collaboration among development, security, and operations teams to protect applications and data throughout their deployment cycles effectively. Wiz, an innovative pure-play vendor, exemplifies this integrated approach, rapidly capturing market share with near triple-digit revenue growth rates.
Interestingly, Palo Alto Networks’ recent decision to reboot its CNAPP strategy, shifting from Prisma Cloud to Cortex Cloud, underscores the evolving competitive landscape. As detailed in my recent blog, Palo Alto Networks’ rebranding signals a necessary pivot toward deeper integration and a more cohesive security offering that directly addresses customer challenges around fragmented security management and operational complexity. Google’s acquisition of Wiz strategically positions it to avoid similar pitfalls, acquiring a purpose-built CNAPP solution with better cohesion from day one, potentially accelerating adoption among enterprise customers.
Valuation Concerns and Regulatory Risks
Yet, at $32 B, the valuation Google placed on Wiz raises critical questions about market dynamics and valuation metrics in cybersecurity. For context, Google’s purchase price slightly surpasses Zscaler’s current market capitalization of approximately $30 B, despite Zscaler having significantly higher annual revenue of $2.4 B. Furthermore, the price represents a substantial premium compared to cybersecurity giants like Palo Alto Networks (market cap: $126 B, revenue: $8.6 B) and Fortinet (market cap: $84 B, revenue: $6.0 B). Meanwhile, we estimate Wiz’s annual revenues were between $300 and $400 million in 2024. Although Wiz’s exceptional growth rate—94% year-over-year according to our Q2 2024 CNAPP report—partially justifies the valuation premium, it inevitably raises the question: Has Google overpaid?
Additionally, regulatory scrutiny in the technology sector has intensified, exemplified by the Department of Justice’s recent blockage of HPE’s $14 B acquisition of Juniper, despite approval by other global regulatory authorities. Google’s Wiz acquisition, at over twice the value of the blocked deal, is sure to attract rigorous antitrust examination, potentially complicating or delaying the transaction. Google’s willingness to navigate this regulatory environment underscores its confidence in the strategic necessity of securing a market-leading CNAPP platform to compete head-to-head not just against cloud service providers like Microsoft and Amazon Web Services but also standalone cybersecurity leaders.
Google aims to achieve recognition as a leading security vendor and replicate Microsoft’s success, which leveraged its dominant position in endpoint via Windows to build a $20 B annual cybersecurity business across endpoints and the cloud. Google believes that a similar leadership role can now be achieved in cybersecurity purely from a cloud perspective, marking a significant strategic pivot toward securing recurring revenue from cloud workloads.
Synergies and Market Opportunities
Despite valuation concerns and regulatory risks, Google’s aggressive move could be precisely what the company needs to solidify its cybersecurity portfolio and enhance the appeal of Google Cloud. Wiz’s impressive AI-driven security features will significantly bolster Google’s capabilities, enhancing its appeal to enterprises increasingly deploying AI workloads in multi-cloud environments. Moreover, the opportunity to leverage Google’s expansive cloud infrastructure and customer base promises substantial synergies that could rapidly accelerate Wiz’s revenue growth beyond current projections.
Industry observers and participants will closely monitor how this landmark deal influences competitive dynamics, growth trajectories, and customer perceptions in the CNAPP market. I plan to publish my next CNAPP market share report covering 2024 within the next month. It has been a tight race between Palo Alto Networks, CrowdStrike, and Wiz—stay tuned!
Ultimately, Google’s Wiz acquisition underscores a pivotal moment for cybersecurity valuations and strategic priorities, reflecting an industry evolving rapidly in response to enterprise needs for robust, integrated cloud security solutions. While the road ahead is challenging—given valuation expectations and regulatory hurdles—the strategic fit between Google and Wiz is compelling. If executed well, this deal could set a new benchmark for cloud-native security, ultimately benefiting enterprises worldwide by accelerating innovation and elevating the overall security posture in the digital economy.
