Now that Vista has closed the $4.6bn buyout of KnowBe4, what’s next?

'Our focus right now is continuing the company’s profitable growth and scaling the business efficiently,' Michael Fosnaugh told PE Hub.

Vista Equity Partners earlier in February closed its previously announced buyout of cybersecurity awareness training provider KnowBe4 in an all-cash transaction valued at $4.6 billion. To discover more about the tech-focused PE firm’s plans for the company in particular and cybersecurity investing in general, PE Hub turned to Michael Fosnaugh, senior managing director and co-head of Vista’s flagship fund.

How does the KnowBe4 acquisition represent Vista’s investment thesis?

Michael Fosnaugh, Vista Equity Partners

According to third-party research, over 80 percent of all security breaches are caused by human error. Recognizing this, bad actors are increasingly targeting employees through a process known as “social engineering” or “phishing” attacks using deceptive and tailored means to gain unauthorized access to internal systems.

Despite the prevalence of these threats, most traditional cybersecurity tools cannot protect or help organizations to prepare for these risks. This layer of human vulnerability has also historically been an area of underinvestment for cybersecurity and IT leaders, despite its clear mission-criticality and frequency as an attack vector.

That’s why we are so excited about KnowBe4, which is a company that focuses solely on protecting customers against these social engineering attacks through a core training and testing platform which helps create organizational cultures of vigilance. KnowBe4 has emerged as a clear leader and pioneer in security tools that address the ever-important human variable of cybersecurity.

How do you expect to grow the company?

We believe KnowBe4 possesses outstanding fundamental growth drivers. KnowBe4 delivers a best-in-class solution in a large, fast-growing and extremely underpenetrated space. The company has also developed a number of add-on products that enhance its core platform to allow security teams to more easily manage and automate responses to social engineering and phishing threats across their organization.

Finally, KnowBe4 has a strong leadership team headed up by its founder and CEO, Stu Sjouwerman, with a demonstrated track record of marrying strong vision and execution, which has translated into the business’s excellent financial profile.

What’s the ultimate exit plan for KnowBe4?

Our focus right now is continuing the company’s profitable growth and scaling the business efficiently. We first invested in KnowBe4 in 2021 and since then, we have been consistently impressed by their ability to drive disciplined and profitable growth both organically and inorganically.

Given the importance and increased demand for KnowBe4’s market-leading cybersecurity solutions, the company’s diverse, loyal and sizable customer base, and its strong mix of growth and profitability, we see multiple pathways for value creation that can drive this next phase of growth at scale.

What’s driving deals in cybersecurity?

Cybersecurity is not a check-the-box compliance task – it is a foundational business priority with board-level visibility, support and focus. These solutions are extremely important for businesses of all sizes across the globe who are operating in a continuously evolving and increasingly sophisticated threat landscape. Naturally, investments in this space tend to have meaningful growth and penetration runway due to large market addressability, increasing overall relevance, and the core mission-criticality of the solutions to protecting organizations and their most valuable assets.

What is Vista focused on when it comes to cybersecurity?

Vista has long been an active investor in various segments of the cybersecurity software market. Over the last year, we have invested in businesses in many areas of cybersecurity including security analytics, threat detection and response, and identity solutions. In addition to agreeing to acquire KnowBe4 in 2022, Vista led growth investments in Securonix and Critical Start, and generated liquidity by exiting our positions in Ping Identity and SecureLink.

Overall, it’s not one specific security tool or enterprise need that we’re focused on with respect to cybersecurity – our goal is to find and invest in A+ businesses in spaces with mission-critical solutions and attractive end-market dynamics.

What are the opportunities for tech take-private deals in 2023?

With public valuations still well below 2021 highs, public company boards and even private company investors are starting to accept that the current valuation environment is perhaps more indicative of the “new normal” moving forward.

We expect GPs will continue to look for value in the public markets, particularly in the technology sector. However, while there will be pockets of activity, we are unlikely to see a significant pick-up in deployment size or volume until the debt markets have more appetite to underwrite new deals. But there is still value to be had, especially for GPs who were judicious and remained focused on capital efficiency when valuations were at their peak.

What can we expect from Vista this year?

Our conviction in the growth and resiliency of the enterprise software sector is as strong as ever. We are coming off a strong year and believe we have considerable momentum, which we look forward to continuing to demonstrate in the year ahead.

For more on Vista’s strategy, see PE Hub’s recent interview with president and COO David Breach.