For years, one of the most lucrative corners of financial markets has been the software leveraged buyout, where firms like Thoma Bravo, Silver Lake Partners and others have earned industry topping returns. Their unheralded target companies provide the digital infrastructure, network management, and applications to run businesses on the cloud. These companies generally deploy stable and high-margin subscription business models. The broader the reach of the software across industries, the bigger the potential.
Up until a week ago, SolarWinds SWI , a maker of software deployed by America’s biggest companies and government agencies, was a wonky IT software company few outside of the industry knew by name. With little fanfare, it was turning into the next multi-billion dollar windfall for the private equity industry, in a sector where firms have raised and invested hundreds of billions of dollars. Now, the company is ground zero for one of the biggest cyberattacks in American history. As companies move their IT departments to the cloud, and the buyout deals in the sector become more prominent, the hack of SolarWinds underscores new risks for investors in what’s turned into the industry’s top trade.
SolarWinds sells products used by IT workers, developers and those managing their increasingly cloud based corporate infrastructure, boasting 300,000 customers globally, who contribute over $1 billion in annual sales. Its clients include most of the S&P 500, and many of the country’s most important government agencies such as the State, Commerce, Treasury, Homeland Security and the National Institutes of Health.
With this scale, SolarWinds was quickly rising to the top of a growing list of niche digital infrastructure and security companies with soaring valuations. Its stock was up 20%-plus in 2020 and touching new record highs, buoyed by guidance for over $1 billion in sales and adjusted profit margins reaching nearly 50%. The company was on the path to becoming yet another roaring LBO success, further underscoring how generally unheralded mid-sized technology companies are driving some of the biggest returns in the private equity industry.
Backers Silver Lake Partners and Thoma Bravo had paid $1.3 billion apiece to take the company private in 2016, adding about $2 billion in debt to complete their deal. As a private company, SolarWinds bolstered its businesses for databases and virtual managed service providers, which helped to convert a majority of the company’s revenues from licenses to subscriptions and maintenance contracts. After selling small slivers of their stakes in the company’s 2018 initial public offering, both PE firms sat on stakes worth $2 billion-plus apiece. The company is planning to spin its MSP business in early 2021, a deal some analysts had valued at over $3 billion. By early December, the Canadian Pension Plan Investment Board, a longtime limited partner of both Silver Lake and Thoma Bravo, liked SolarWinds outlook enough, as its value soared above $7 billion, to buy a piece of the stakes owned by Silver Lake, Thoma Bravo and some their co-investors.
MORE FOR YOU
Then came what looks to potentially be the biggest cybersecurity crisis in a decade.
Last week, cybersecurity provider FireEye FEYE warned of a hack to its business, which sent its shares tumbling. After further review, FireEye found the vulnerability had come from SolarWinds software, impacting thousands of customers. Hackers, thought to be affiliated with Russia, according to media reports, had infiltrated SolarWinds customers systems as it sent out updates to its Orion software. On Saturday, FireEye alerted SolarWinds of the hack. It appears SolarWinds clients have been vulnerable for many months and the security community is scrambling to figure out the extent of the breach.
The depth and potential ramifications of the hack remain unclear. There are worries other software providers have also been used as a back door to infiltrate systems, according to the New York Times NYT , Reuters and Wall Street Journal. Hacks are an increasingly common event as the world goes digital, and even the most arcane software can now be used to compromise the most well-protected systems, as was seen in the NotPetya attack, which was perpetrated using tax planning software.
Since Monday, SolarWinds stock has dropped by about 25% and the holdings of its private equity backers have fallen by about $1 billion in value. With net debt of $1.5 billion and a leverage ratio of about 4.8x, ratings agency Moody’s MCO put SolarWinds B1 debt rating on negative watch earlier this week.
SolarWind backers, Silver Lake and Thoma Bravo, have been working to manage the fallout. The hack camed amid a planned CEO change and breakup of the company. CPPIB, the newest investor in SolarWinds, has already lost big. At least temporarily.
For the private equity industry, the hack is at minimum a major new risk as the industry’s biggest players increasingly target IT and cybersecurity software, striking over $300 billion in deals over the past five years, according to Bain & Co. In addition to Thoma Bravo and Silver Lake, firms like Vista Equity Partners, Hellman & Friedman, TA Associates, TPG and Permira have earned fortunes on software and cybersecurity buyouts. While these businesses have proven their financial resilience from macroeconomic events such as the Covid-crisis and generate cash flows that can be leveraged, there is a growing risk that any vertical or horizontal software can be used by hackers to create existential IT risks.
The hacks appear to be part of a trend of cyber warfare between countries that’s spilled into the corporate sector, as Microsoft’s MSFT Brad Smith noted in comments yesterday to the New York Times. “Governments have long spied on each other but there is a growing and critical recognition that there needs to be a clear set of rules that put certain techniques off limits,” Smith told the Times. “One of the things that needs to be off limits is a broad supply chain attack that creates a vulnerability for the world that other forms of traditional espionage do not.”
For now, software companies like SolarWinds are clearly in the crosshairs. According to analyst Dan Ives of Wedbush, the hack is a tailwind for security firms like Zscaler, CrowdStrike CRWD , CyberArk, SailPoint and Varonis. The move of IT departments onto the cloud should continue to create investment opportunities. But the shift is coming with big non-financial risks for company owners.
Private equity firms are well-versed in pulling companies through recessions, corporate breakups, and even white-knuckle negotiations with angry lenders. The SolarWinds hack is of a different magnitude. Presently, two of the world’s most prominent and successful private equity firms, are dealing with a crisis that’s infected the highest rungs of government and business.