France-based technology company Thales has revealed its plans to buy US-based cybersecurity company Imperva for USD 3.6 billion. Through this acquisition, Thales is looking to improve its digital identity and security (DIS) division while gaining more market share in the United States, where Imperva serves a series of large companies.

Reuters reports that the acquisition price from buyout firm Thoma Bravo was reached by calculating an enterprise value of 17 times 2024 operating earnings forecasts. Moreover, Thales revealed that the acquisition of Imperva would generate around USD 110 million of pretax synergies, including USD 50 million of cost savings and USD 60 million linked to revenue opportunities. The combined business would have proforma revenues of EUR 4.5 billion in 2024, with the potential to rise to EUR 5.4 to EUR 5.5 billion in 2027.

As far as the valuation is concerned, Thales clarified why it agreed to the price in question by highlighting that it was paying 6.1 times sales for a business that Thoma Bravo had bought at a multiple of five times and made it profitable. The move represents Thales' largest acquisition since it bought the digital identity company Gemalto in 2019 for USD 5.6 billion. Morgan Stanley and Centerview Partners acted as financial advisers for the deal, which is expected to close in 2024 and is subject to various approvals.

Cyberattacks and security breaches Reuters cited a survey by PwC, which revealed that cyberattacks have become the main worry for global corporate executives. In April 2023,  Thales released its ‘2023 Thales Data Threat Report’, which highlighted a surge in ransomware attacks and increased risks to data in the cloud. This annual report from Thales reveals the latest data security threats, trends, and emerging topics based on a survey of nearly 3,000 IT and security professionals in 18 countries.

When it comes to the leading causes of cloud data breaches, human error and misconfigurations were among the top factors. For organisations that have suffered a data breach in the past since 2022, misconfiguration or human error was the primary cause identified by 55% of respondents. This was followed by the exploitation of a known vulnerability (21%) and of a zero-day or previously unknown vulnerability (13%).

The report also found that identity and access management (IAM) is one of the best defences, with 28% of respondents identifying it as the most effective tool to mitigate these risks. .