Sumit Dhawan, CEO of Proofpoint, took the reins as head of the cybersecurity company in 2022, a year after it was acquired by Thoma Bravo for $12.3 billion. He’s been pushing the firm to consider strategic opportunities such as mergers and acquisitions of smaller cybersecurity players to boost the company’s market expansion and stimulate industry consolidation.
Proofpoint
LONDON — Privately-held cybersecurity firm Proofpoint is exploring tapping external investors for pre-IPO financing and the consideration of mergers and acquisitions of smaller cyber companies as it seeks a return to public markets in 2026, CEO Sumit Dhawan told CNBC.
“We are looking at potentially exploring public markets sometime in the next 12 to 18 months,” Dhawan, who took the reins as Proofpoint’s newly appointed chief in 2022, a year after the company was acquired by private equity firm Thoma Bravo.
Dhawan added that the timing of Proofpoint’s IPO would still remain dependent on general market conditions as well as the outcome of the 2024 U.S. presidential election.
Since Proofpoint’s 2021 buyout by Thoma Bravo and Dhawan’s subsequent appointment as CEO, company management has been pushing the firm to consider strategic opportunities such as mergers and acquisitions of smaller cybersecurity firms to stimulate industry consolidation.
Noting that there are currently too many players in the cybersecurity market, Dhawan said that Proofpoint is looking for acquisition targets that offer a “strategic fit” for the company — for the right price.
“It’s happened in many other technology spaces — it happened with infrastructure, it has happened in the application platform space — where you start building fewer providers but richer platforms and, as a result, there will be consolidation,” Dhawan told CNBC in an exclusive interview this week.
“There are at this point in time, 2,000 or so non-profitable cybersecurity companies that are venture-backed, so clearly they’ll either get consolidated or potentially not exist. Because there’s no way any market can have that many players. So it’s going to happen, it’s bound to happen.”
Dhawan said he’s finding there’s a bit of a “bid-ask spread” in the market currently when it comes to cybersecurity opportunities, meaning target companies are asking for more money at the sale price than the valuations they’re being offered. But he added that he’s seeing some “great opportunities” in the market.
A key priority for Proofpoint as it hunts for M&A targets is geographic expansion, Dhawan noted, adding that the company sees major growth opportunities in non-English speaking countries like Japan, South Korea and the Middle East, where cyber breaches are skyrocketing due to the rise of generative AI.
The number of business email compromise attacks grew by 35% in Japan, 31% in South Korea, and 29% in the United Arab Emirates, according to figures shared by Proofpoint with CNBC. This is happening because generative AI is making it easier for hackers to personalize emails in multiple languages, according to Dhawan.
The road from private to public
Founded in 2002 in Silicon Valley, Proofpoint makes technology that helps companies prevent phishing attempts and other cyberattacks across a range of platforms, including email, social media, mobile devices, and the cloud.
The company competes with the likes of Palo Alto Networks, CrowdStrike and Fortinet, all three of which have seen their shares rise sharply in the past 12 months. CrowdStrike — the company that caused a global IT outage this year due to a software issue — is up 65% year-over-year.
Palo Alto Networks and Fortinet shares are up 44% and 32% respectively over the same period.
Proofpoint went public in the U.S. in 2012, but subsequently delisted after Thoma Bravo acquired the company in a $12.3 billion deal in 2021. The buyout came after investor concerns over a deceleration in revenue growth.
Now, Proofpoint is once again looking to tap the public markets.
“We are a little bit different from typical companies going to IPO,” Dhawan said. “They tend to be smaller. They tend to have a very different profile. They tend to have uncertainty in terms of profitability, and they tend to not be in position to easily consolidate.”
Taking Proofpoint public wouldn’t mark the first time a company Thoma Bravo acquired in a private equity buyout has done an IPO for a second time. In 2019, cybersecurity firm Dynatrace, which Thoma Bravo took private in a 2014 buyout, went public again in a New York listing.
Proofpoint could go through “multiple rounds” of financing to expand ownership of the company by other private equity investors, Dhawan told CNBC, adding that private placements — sales of shares to pre-selected investors as opposed to general sales to the public — are among options it’s considering.
“We’re close to starting the process” for fundraising from investors beyond its private equity owners, Dhawan said. However, he stressed the firm hasn’t officially set off this process.
Proofpoint’s boss said he hopes that what separates his company from other tech and cybersecurity firms seeking a similar IPO route, is a good balance of growth and profitability, double-digit growth, and strong leadership in its market.