Governance & Risk Management
,
Security Service Edge (SSE)
,
Zero Trust
Is There Anything to Anonymous Reports About Talks of a $38B Broadcom-Zscaler Deal?
Reports last weekend that technology behemoth Broadcom had started discussions to acquire zero trust pioneer Zscaler for $38 billion raised eyebrows throughout the cybersecurity industry.
Much of the surprise came from the price tag since the deal would be the largest-ever acquisition of a pure-play cybersecurity vendor, dwarfing Advent and Permira’s $14 billion purchase of McAfee in March 2022. And while Broadcom is no stranger to acquisitions of this size, the Silicon Valley-based company closed its $69 billion buy of VMware just six months ago and is still digesting the virtualization giant.
The other unexpected element was the source of these reports. They didn’t come from publications with a track record of breaking cybersecurity M&A or funding scoops, such as Bloomberg, Reuters or The Information. Instead, an anonymous May 22 post on Medium predicted a Broadcom-Zscaler deal by summer, and an anonymous Substack post Sunday said the two sides started talks about a $38 billion deal.
Zscaler founder, Chairman and CEO Jay Chaudhry forcefully denied these reports, writing on LinkedIn on Monday, “Neither I nor the Zscaler board of directors are seeking or entertaining any offers to acquire Zscaler. Any reports stating otherwise are untrue. Zscaler is at the forefront of a major technology disruption, and I believe that we are in an excellent position to lead the future of zero trust security.”
Anonymous Posts Create Broad Ripple
Such a response is highly unusual, since most companies default to statements about “not commenting on rumors or speculation” to avoid unintentionally fanning the flames. In recent memory, only SentinelOne CEO Tomer Weingarten had responded so vociferously to M&A rumors, telling investors in August that reports of a deal with Wiz were “a head-scratcher,” “far from fact” and “pure speculation on their part” (see: SentinelOne CEO on Wiz M&A: ‘Pure Speculation on Their Part’).
Chaudhry’s sensitivity to M&A rumors involving Broadcom isn’t surprising given the company’s reputation for making deep go-to-market cuts and eschewing commercial and midmarket business to focus primarily on the Global 2000. The impact of Broadcom’s cost-cutting can be seen with Symantec, which fell from a SWG and CASB leader in 2019 to a security service edge niche player in 2022, Gartner found (see: How Broadcom Acquiring VMware Would Shake Up Cybersecurity).
Zscaler declined to comment beyond Chaudhry’s LinkedIn post, and Broadcom didn’t respond to an Information Security Media Group request for comment.
Although the sources for scoops such as these are typically anonymous since they’re divulging nonpublic information, the journalist who penned the report is almost always named to provide credibility to readers. Also, most publications prohibit journalists from buying or selling individual stocks of any company they might write about to ensure reporters aren’t profiting from stories that cause a change in stock price.
The anonymous Substack author – writing under the pseudonym Cyber Sec – says they’re a “CISO, cyber secure analyst, M&A expert, investor.” The author has written 10 posts exclusively about Zscaler since creating the profile May 22. Other sites that allow for posting under pseudonyms, such as Seeking Alpha, require that authors disclose any current or planned stock holdings or transactions relevant to the piece.
Zscaler’s stock is down $5.80 – or 3.3% – to $166.30 per share since the Broadcom talks were reported over the weekend, and it is down nearly 55% from an all-time high of $368.78 per share in November 2021. At the same time, like much of the cybersecurity market, Zscaler’s stock has recovered nicely over the past year, and shares have climbed nearly 86% since bottoming out at $89.46 per share in May 2023.
Despite the unorthodox source, a cyber acquisition of this size and scale isn’t out of the question given the push by vendors to stake a market-leading position in multiple security technology categories – aka platformization – and Broadcom’s track record of big deals, including VMware, the failed $103 billion buy of Qualcomm in 2018, and Avago’s $37 billion buy of Broadcom in 2015, which prompted a new name.
How Zscaler Would Fit Into Broadcom
Acquiring Zscaler would largely overlap with the secure web gateway and cloud access security broker capabilities Broadcom got through its $10.7 billion acquisition of Symantec in November 2019, which stem from Symantec’s $4.65 billion buy of Blue Coat Systems in August 2016. Zscaler in January 2020 agreed to pay Broadcom $15 million to settle patent infringement lawsuits filed by Symantec.
Overlapping technology isn’t a deal-breaker for Broadcom, which got Carbon Black’s endpoint detection and response business as part of its VMware acquisition despite already having endpoint security tools from Symantec. Broadcom originally planned to divest Carbon Black since it’s a “noncore focus,” but it ended up folding it into the Symantec security unit to generate more value for shareholders (see: Broadcom Axes Carbon Black Sale, to Merge Unit With Symantec).
Analyst perceptions of the Zscaler and Blue Coat Systems technology have diverged since Broadcom came into the picture, and Zscaler was recognized last month by Garner as a leader in security service edge, behind only Netskope and Palo Alto Networks. The analyst firm praised Zscaler for its viability and geographic and marketing strategy and criticized its sales execution, customer experience and product strategy.
Conversely, Gartner recognized Broadcom as a niche player in the SSE market, behind most of the 10 vendors evaluated by the technology analyst firm. Gartner praised Broadcom for its overall viability – like Zscaler, its market record and its product offering and criticized the company for its lack of regional security accreditations, a unified console and a control plane and for subpar customer experience.
Zscaler’s fate ultimately rests in the hands of the company’s largest investors: Ajay Mangal, Chaudhry and The Vanguard Group, which control 19.9%, 18.1% and 5.5% of the company’s shares, respectively. Media reports indicate the beneficiaries of Mangal’s trust are members of Chaudhry’s family, meaning a transaction of this size and scale is extremely unlikely to go forward without signoff from Chaudhry.
Zscaler would have a new set of eyes evaluating any acquisition offer put forward by Broadcom as James Beer joined the company’s board of directors yesterday. Beer served as Symantec’s chief financial officer from 2006 to 2013 and was a member of Forescout’s board of directors when Advent took the company private in a contentious $1.4 billion sale in mid-2020.
But if Broadcom wants a deal to happen, there’s one person it will have to convince: Jay Chaudhry. Does the 65-year-old serial entrepreneur believe Zscaler’s independence is key to its success, or does he believe the company can have more impact by becoming part of something bigger?