Yesterday, Broadcom announced a definitive deal to acquire the enterprise business of Symantec for $10.7 billion in cash. This deal caps weeks of speculation that Symantec was in play, initiated in May 2019 following the sudden resignation of Symantec CEO Greg Clarke in May and a downward revision to Symantec’s FY 2020 revenue guidance earlier in 2019. Symantec rebuffed Broadcom’s previous attempts to buy the entire company in June.

On the surface, this deal is a good one for Symantec investors, as Symantec stock has languished lately and this price represents a nearly 30% premium over Symantec’s recent price. Broadcom’s statements about driving further operating margin gains post-acquisition suggest this deal will also benefit Broadcom shareholders in the long run.

Unfortunately, Broadcom is wading into the tricky waters of a hardware company buying a cybersecurity software company. Recent history is not very positive. In August 2010, Intel announced plans to acquire Symantec competitor McAfee for $48 per share in cash. The deal closed in February 2011 and represented a 60% premium over McAfee’s stock price, valuing the deal at $7.65 billion, or nearly four times McAfee’s revenue at that time.

On the plus side, the Broadcom/Symantec deal is at a smaller stock premium and a smaller revenue multiple than Intel/McAfee. In addition, other than authentication, there is little overlap between Broadcom/CA’s existing security portfolio and Symantec’s. However, on the negative side, there are several issues that should make CISOs cautious about the future of the Symantec product portfolio under the Broadcom umbrella. These include:

  • The Intel/McAfee merger is a cautionary tale. While these are different companies and different eras, McAfee has lost more than $3 billion in value since being acquired, before being spun out to private equity in 2016 and now rumored to be making a possible IPO. The buying cycle, required R&D investment, supply chain, and go-to-market for chips is different than it is for software, and the Intel/McAfee history suggests that proposed operational synergies can be hard to realize across such diverse product lines.
  • Broadcom’s recent track record with enterprise software has not been encouraging. While some point to Broadcom’s 2018 acquisition of CA Technologies for $18 billion as evidentiary proof that Broadcom can integrate software companies successfully, Broadcom has moved aggressively to slash CA’s operating costs. This benefits Wall Street, but also means that customer support, innovation, and product development often grind to a halt. That can present significant challenges to existing companies already utilizing multiple Symantec productsFollowing the trend of other cybersecurity software companies, Symantec also recently began aggressively bundling its product offerings by attaching security services to them; whether Broadcom continues this strategy or chooses to exit the security services business altogether remains to be seen.
  • Even post-acquisition, Broadcom is still a hardware-dominant company. While this deal does give Broadcom more revenue balance between hardware and software, Broadcom is still a hardware-dominant company, which will likely influence priorities and funding that could further hamper development of the software portfolio.

The acquisition also opens questions about Symantec’s future consumer-oriented business, which includes its traditional antivirus protection product and identity theft solutions from the Lifelock acquisition. Symantec’s core threat business has been under siege from a range of external factors including declining PC shipments (which hurts Symantec’s OEM business) and the emergence of viable low-/no-cost options such as Windows Defender, which is included in Windows 10. Will this newly created entity be able to engage in M&A to round out its portfolio? That is still unclear, but Broadcom separating this unit from the deal helps Broadcom avoid these challenges.

Acquisitions bring disruption that, if harnessed correctly, can bring positives to customers and shareholders — but nine times out of 10, the benefits land squarely in the bank accounts of investors and shareholders, not customers, and there is nothing that stands out in this deal to suggest otherwise. Current and potential future Symantec customers should monitor the situation for signs of a brain drain among rank-and-file employees, slow silent exits of executives as two-year stays on clauses expire, and any slowdown in improvements in products and services as the company integrates with its new parent, adjusts strategies, identifies “synergies,” and cycles in new talent with new perspectives. This will help you determine if/how Symantec’s offerings figure into your long-term cybersecurity portfolio.