Index Insider: Mega Deal Durations Have Decreased 40%

UKRAINE

IT delivery continues from the Western parts of Ukraine. Given the nature of most of the IT work exported from the country – primarily software engineering rather than IT operations – firms have been able to shift some of this project-related work to other locations.
 
Over the past week, we’ve seen some incredible examples of IT firms providing their employees financial support as well as medical, housing and relocation related aid.
 
It’s important to keep in mind how critical this industry is to Ukraine – and to the rest of the world. IT exports account for around 4% of the country’s GDP, with 50% of that exported to the United States and Great Britain.

Mega deal durations have decreased 40% over the past 20 years. Way back in 2000, mega deals lasted almost eight years on average. Today, the average duration is less than five years (see Data Watch). This is no surprise. For the last 20 years, the industry has seen a trend toward smaller and shorter in just about every regard, including deal size and duration.
 
ACV for mega deals has also followed this pattern. Three years ago, mega deals made up 20% of market ACV. Today it’s around 12%. This reduction is not just because mega award ACV has declined (which it has). It’s also because the ACV pie has gotten bigger.
 
As we discussed on the Q4 ISG Index call, 2021 managed services ACV was up 16% Y/Y. A lot of that growth came from awards under $20 million in ACV, which are now the backbone of the IT services industry.

DATA WATCH

Google is buying cybersecurity firm Mandiant for $5.4 billion. In cybersecurity circles, Mandiant is a well-known player in the incident response (IR) space. And, while it is best known for delivering cyber forensics through its Advantage Platform, it has been branching out over the past couple of years into services like threat readiness and cyber analytics.
 
Google is adding substantial platform capability to GCP in Mandiant, but we believe the bigger impact will be on the services side of the equation, by using Mandiant’s technology and deep cyber knowledge to build automated multi-cloud IR capabilities.
 
Combining this multi-cloud IR capability with Google’s willingness to invest billions of capital into its cloud could be a game-changer in the hypercompetitive hyperscaler world. That said, it’s possible that Mandiant’s cloud-agnostic reputation takes a ding, which could impact its ability to support forensics and breach investigations across multiple clouds.
 
What is very likely is that this move will fuel even further cybersecurity M&A – which is red hot. In 2021, we tracked 67 cybersecurity transactions worth a total of $21 billion. That’s almost twice as many acquisitions and five times the acquisition value of 2020.
 
Make sure to register for the 1Q22 ISG Index call where we’ll be talking more about cybersecurity related M&A, as well as key changes we’re seeing in cybersecurity contracting.