SGT Capital’s Joseph Pacini: ‘Cybersecurity is an essential cost of a business’

'From PE’s perspective, you get very stable cash flows' with cybersecurity investments like Utimaco, he said.

SGT Capital completed the acquisition of cybersecurity and compliance solutions provider Utimaco earlier in June. The acquisition of the company from EQT Mid-Market Europe Fund was initially announced in August 2021.

PE Hub caught up with co-managing partner Joseph Pacini to learn more about the deal and why private equity is investing deeply in cybersecurity.

Pacini, who lived in Hong Kong for over seven years, has headed alternative investments in Asia for both BlackRock and JPMorgan. SGT is led by six partners, with Pacini and three others focused on investment activity in the portfolio.

Pacini declined to disclose the purchase price but described it as “fair.”

Utimaco, a firm co-located in Aachen, Germany, and Campbell, California, develops both on-premises and cloud-based hardware security models, and data intelligence solutions for regulated critical infrastructures. Its services are utilized by Visa, MasterCard, American Express, Vodafone and Nokia, to name a few.

SGT had kept an eye on Utimaco for years, waiting until it had reached a point where it fit the firm’s investment strategy, which is focused on acquiring market leaders in the sectors of software and data analytics.

Cybersecurity risks for individuals are growing, as technology advances. Pacini illustrated an example of a smart home of the not-so-distant future, one that will know when you leave for your vacation. That is information many would prefer to be kept secure.

“As society becomes even more interconnected, it needs higher degrees of cybersecurity to protect the individual from an escalating threat,” Pacini said. “From PE’s perspective, you get very stable cash flows, since it’s an essential aspect of different customer bases. You can have a very strong private equity type of experience with the sector.”

Pacini describes cybersecurity as an “essential cost of a business,” which makes the sector even more interesting for private equity players. Furthermore, in early March of this year, the SEC announced a proposal for SEC filings to include cybersecurity measures at each firm.

“Going forward, in all likelihood companies will have to announce not only their governance and processes around cybersecurity, but also who they are using for their cybersecurity,” Pacini said. “That is shifting the decisions around cybersecurity from the chief technology officer to the CEO.”

Identity management is a great concern for many, especially in an ever-connected world. It is also an area of further development potential for Utimaco. A standout aspect for Pacini, when it comes to identity protection, is that the firm “has no backdoors.” This is due to the regulations set by the German government.

“Your personal data is really your data,” he said. “It’s not being syphoned off to somebody behind the scenes.”

Utimaco has added six bolt-on companies in the last few years, and Pacini says that continued M&A is the way for the firm’s growth. SGT also aims to boost the firm’s global expansion, including across Asia.

SGT hinted at more cybersecurity deals in the future, as cybersecurity and comparable high-growth and high EBITDA margin technology businesses continue to be of interest to the firm.