As the U.S. Director of Silicon Valley-based Hampleton Partners, Henrik Jeberg and his firm are experts at technology M&A and corporate finance. Specializing in selling entire companies or significant equity stakes, Hampleton focuses on the cybersecurity, enterprise software and automotive sectors of technology. Across a 20 year career and four continents, Jeberg has overseen multiple exits (including one to tech titan Microsoft), and even served as Chief Information Officer / Director Deputy General at the Ministry of Finance of Denmark. Slone Partners Cybersecurity is pleased to present the unique insights of Henrik Jeberg regarding cybersecurity M&A and more.
You’re the U.S. Director of Hampleton M&A Advisors. Tell us about the firm and tell us about your role.
Hampleton Partners is a boutique M&A and corporate finance consultancy based in London, Frankfurt, Stockholm and San Francisco. We specialize in selling companies or significant equity stakes in technology companies across a number of subsectors including cybersecurity, enterprise software and automotive technology.
All of our senior people are from the tech industry, and most of us have either founded, built, sold, merged and /or IPO’d our companies before joining the M&A business, which gives us a very unique value proposition to our clients.
Personally, I oversee our stateside activities out of San Francisco and maintain contact with both strategic and financial buyers in Silicon Valley and beyond. I also advise owners and C-Suites on the sale of their companies. I joined Hampleton in 2013 after a long career in the international software sector, involving an IPO, an exit to Microsoft, and a couple of smaller exits.
As you analyze the marketplace and company performance, what’s your opinion on the state of the availability of world-class cybersecurity leadership? Certainly, there’s a huge shortage of cybersecurity workers and experts to meet market demand in the U.S., but are C-Suites endangered?
There are a lot of really smart people in the cybersecurity industry. Many iconic leaders came out of technical disciplines as founders - often with very strong mathematical backgrounds - when cybersecurity was synonymous with fighting viruses and spam, and heuristic analysis was the cure du jour. Today, cybersecurity is a much more multi-headed monster and I believe leadership both at vendors and customers need a wider set of skills. Cybersecurity needs to be deeply embedded in corporate strategy and the vendors need to develop for that reality and speak that language.
2019 had record cybersecurity M&A activity with hundreds of deals, punctuated by Broadcom’s $10.7 billion acquisition of Symantec’s Enterprise Assets and VMware acquiring Carbon Black for $2.1 billion. What’s your reaction to those large deals and deal flow in general?
I think there are a couple of different dynamics at play here. Broadcom’s acquisition of Symantec’s assets is more of a financial play than necessarily a product tug-in. They saw an underperforming asset and added it to a much wider asset class aimed at Fortune 2000 companies.
The Carbon Black acquisition (VMware), and with them Gemalto (Thales), Carbonite (OpenText) and Shape (F5), to name some recent $1+ billion acquisitions, are all strategic plays designed to strengthen or complete a CyberSecurity portfolio vision.
All these together with a slew of smaller deals confirms the desire in the industry to have credible responses to the heterogeneous threat scenarios that customer organizations face. As a CIO or CISO, mounting an effective defense against the multitude of cyberthreats or “attack vectors” has become increasingly complex, and as such the promise of a single vendor suite-strategy starts to look very appealing.
Looking to 2020 and then to a 5-year horizon, what is your crystal ball saying about the availability of capital flowing into (funding) and out of cybersecurity (exits)?
The Danish poet and philosopher Storm P. is credited with saying that “it’s hard to make predictions, especially about the future”, but look at it this way - cybersecurity spending has grown 3500% the last 15 years, and annual sales are expected to grow to a whopping $170 billion in 2022. The global cost of cybercrime, however, is estimated at $6 trillion in 2021. That is a huge gap. We are essentially spending only $3 to mitigate every potential loss of $100, knowing full and well that a cyberattack under the worst set of circumstances could kill our organizations for good. Where there is a massive market opportunity, there is going to be available capital to fund initiatives to address those opportunities. So in my mind, there is no danger of lack of funding for cybersecurity companies in any foreseeable future. As for exits, as I alluded to above, the industry is undergoing a roll-up or consolidation wave parallel to what we have seen in CRM and ERP in the previous decades. That means that many founders and employees are cashing out, and true to Silicon Valley form, a lot of them will spend their newly found riches to start and fund new exciting companies. That’s just one of the things that I love about Silicon Valley, how capital and talent is “recycled” over and over.
You’ve lived in Denmark, France, Australia and Singapore. How does life compare in Silicon Valley, and tell us about your passion as the owner and winemaker at Odin Wine in Sonoma.
I have been blessed with the opportunity to live and work on four continents and every place has its advantages and disadvantages. One of the many things I love about life in California, and SV in particular, is that almost everybody is an immigrant, so you never feel like a stranger. Nobody cares if you have an accent, or where your family originated from. It is in many ways one of the most meritocratic places I have ever worked in.
The fact that you can have a high-performance work culture combined with an outdoorsy and very laid-back lifestyle really agrees with me.
On a personal note, the opportunity to grow grapes and make wine on a small scale is an amazing hobby. It’s a very visceral contrast to my day job, which typically involves a lot of time on the phone or in front of the computer. The wine industry in California is surprisingly open and collaborative, so even as a complete novice you can literally access some of the world’s top talent and quickly climb a very steep learning curve if you are up for the challenge.
What deals have you personally been involved with in the last few years that you’re particularly proud of, or proved particularly difficult?
My involvement spans across a multitude of deals, as I typically participate to some extent in all deals where a US buyer or investor is a likely scenario. I tend to move on very quickly from the successes. You celebrate briefly when the pen hits the paper, and then you are on to the next thing. Intellectually, the difficult or failed deals are more interesting, as that’s where you learn. That’s probably a mindset that has been refined by my years in Silicon Valley. A deal that I remember for presenting some unique challenges was when selling a European software company. Several weeks into the process, while preparing the data room, it surfaced that none of the key employees were actual hires. They were all technically contractors and could walk away with a day’s notice. I often use this case as an example of how important it is to have all your ducks in a row before starting an M&A process.
What specific cybersecurity companies are the ones to watch in 2020? The companies that have tremendous opportunity to break away from the pack, either due to additional B and C funding rounds, the potential for upside growth, or that possess particularly exciting IP?
Starting with well-known entities who have already made a name for themselves, I would consider CloudFlare, Okta, CloudStrike and Tanium as good examples of players with great traction and the funding to capitalize on the market opportunity. An example of perhaps a lesser prominent player, I am keeping an eye on DarkTrace. I really like their vision of having AI/ML based technology monitor user behavior patterns and spot the outliers, deployed on the mainstream platforms like AWS and Azure, etc.