Cybersecurity company Tenable reportedly is considering a potential sale as it considers its options for the future, a move that would continue what has been a multi-year trend of vendor consolidation in the market.

According to Bloomberg, the Columbia, Maryland-based company has received takeover interest and its executives are working with advisers. Any talks are in their initial stages and there is no guarantee that a deal will be made, the news site reported, citing unnamed sources.

Tenable executives declined to comment to the news organization.

The news comes as Tenable, which has a market value of more than $5 billion, is preparing to announce its second-quarter earnings after the markets close on Wednesday. The company’s Tenable One exposure management platform aims to help organizations get better visibility across their attack surfaces, which enables them to better focus their cybersecurity efforts to prevent likely attacks and calculate their cyber risk.

The platform’s comprehensive set of tools address such areas as cloud security, vulnerability management, identity exposure, operational technology (OT) security, and web scanning. Its Nessus product assesses an enterprise’s vulnerabilities.

Organic and Outside Growth

Tenable has built its platform through both in-house innovations and via acquisitions. The company last month announced plans to buy Eureka Security, which offers data security posture management capabilities for cloud environments. The deal would help Tenable customers better identify where sensitive data is in the cloud, who has access to it, and the level of risk posed if the data was compromised, according to executives.

They noted its 2024 Tenable Cloud Security Outlook, in which 95% of organizations surveyed said they had experienced cloud-related breaches during the previous 18 months, with 92% saying they had sensitive data exposed.

Tenable has about 2,000 employees and 44,000 customers, including about 65% of the Fortune 500 companies. Customers include Siemens, Virginia Tech, the city of Raleigh, North Carolina, Netskope, Capgemini, and American Eagle Outfitters. Revenue in the first quarter was $216 million, a 14% year-over-year increase, though the company lost $14.4 million, which was less than the same period last year.

Growing Consolidation

A Tenable acquisition would add to a growing consolidation within the cybersecurity space, which is seeing enterprises adding to their cyber-defenses as security threats continue to proliferate and new technologies, such as AI, increase the dangers. It’s pushing cybersecurity vendors to add to their product and services portfolios and driving organizations to look for ways to increase their protections without adding more vendors.

“The threat of cyberattacks is on the rise,” KPMG analysts wrote in a report. “There are more attacks by the month, and the financial damage they cause is increasing constantly, both because attackers are optimizing their attacks and due to increasing regulatory fines. As a result, becoming ‘cyber-ready’ has become a key priority for board members and management of firms across all sizes and industry backgrounds.”

A survey of 400 global security leaders by Check Point Software found that 49% of organizations use anywhere from six to 40 point security products, with 27% of larger enterprises using 11 to 40 products from different vendors. About 98% of organizations manage security products via multiple consoles, 79% of those surveyed said working with multiple vendors is challenging, and 69% said that consolidating the vendors they work with would improve their security.

“With every new attack or vulnerability, the red flags start to wave,” Check Point researchers wrote. “The usual reaction is for organizations to review and consider ramping-up security with new products, with the assumption that these will help to better protect their networks and data. But will they? Or does adding more solutions from different vendors simply add more complexity, and potentially undermine security?”

Favorable M&A Market

Capstone Partners, an investment and M&A advisory firm, said in a report earlier this year that a growing demand for products and services has created a “bifurcation of the market,” with organizations supporting legacy tools while venture capital-backed companies innovate security technology through AI.

“Continued demand on both sides of the market has led to favorable projections for cybersecurity M&A growth into 2024, as buyers look to capitalize on well-performing assets with recurring revenues while also expanding innovative services and product offerings,” the analysts wrote.

SecurityWeek, which has been tracking M&A deals in the industry since 2021, reported that in the first half of 2024, there were 178 cybersecurity-related deals made. Of those, 111 involved pure-play cybersecurity firms.

The deals made so far this year include CyberArk’s $1.54 billion acquisition of identity management company Venafi, Zscaler buying Avalor to add to its AI capabilities, CrowdStrike acquiring Flow Security and its cloud data runtime tools, and Cohesity spending $3 billion for Veritas’ data protection businesses.

Then there is the one that got away: cybersecurity company Wiz earlier this month rejecting Google’s $23 billion offer, opting to pursue an IPO instead.