SILVER SPRING, Md.—Google is fortifying its cloud services with a $5.4 billion acquisition of the cyber security firm Mandiant, the companies announced Tuesday.
The acquisition is the first of many that analysts foresee in the cyber security sector following Russia’s invasion of Ukraine. Analysts and government officials have said they expect a wave of cyberattacks from Russia and others as geopolitical tensions rise.
“In a massive growth backdrop for cyber security and further tailwinds seen during this Ukraine invasion from Russia bad actors/nation state attacks, we believe today’s deal is the tip of the iceberg to a massive phase of consolidation potentially ahead for the cloud space,” Wedbush analyst Dan Ives wrote Tuesday.
Google, a subsidiary of Mountain View, California-based Alphabet Inc., will pay $23 per Mandiant share in all-cash deal expected to close this year. The price represents a 57 percent premium on Mandiant’s share price in early February, when speculation about a deal between the companies first surfaced.
Mandiant, based in Reston, Virginia, and its 5,300 employees will join Google Cloud as soon as the transaction closes.
“The Mandiant brand is synonymous with unmatched insights for organizations seeking to keep themselves secure in a constantly changing environment,” said Google Cloud CEO Thomas Kurian. “This is an opportunity to deliver an end-to-end security operations suite and extend one of the best consulting organizations in the world.”
On Tuesday, Mandiant reported that hackers working on behalf of the Chinese government broke into the computer networks of at least six state governments in the United States in the last year. Mandiant’s report does not identify the compromised states or offer a motive for the intrusions, which began last May and continued through last month. But the Chinese group believed responsible for the breaches, APT41, is known to launch hacking operations both for old-fashioned espionage purposes and for financial gain.
Technology research and advisory firm Gartner estimates that total spending for worldwide information security and risk management reached $155 billion last year and is forecast to grow another 10% this year, to more than $170 billion.
Even before the war, stock analysts have been predicting growth of as much as 20% in the cyber security sector.
Russia has long been accused of disrupting other governments and businesses via online attacks and Western officials have warned that Russia could launch more cyberattacks against Ukraine and its allies.
Just one week before last month’s invasion, the U.S. blamed Russia for a series of cyberattacks that knocked the websites of the Ukrainian army, the defense ministry and major banks offline.
Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technologies, said there was no intelligence indicating that the U.S. would be targeted by a cyberattack, but that remained a concern, giving that the banking system does not have the “cyber resilience” that it should.
Last fall, Microsoft said the same Russia-backed hackers responsible for the 2020 SolarWinds breach continue to attack the global technology supply chain and have been relentlessly targeting cloud service companies and others since summer.
However, the bid to acquire Mandiant will likely get a thorough review from antitrust regulators.
Groups that advocate for stronger antitrust regulation have already said the deal should be stopped.
“The security arguments Google is using to justify its second largest acquisition in history are the very same reasons why antitrust enforcers must block this deal,” said Krista Brown of the American Economic Liberties Project. ”Regulators must investigate the cybersecurity space more broadly to understand the unknown and dangerous costs of consolidation in such an essential sector.”
By Matt Ott