Avast in ‘advanced discussions’ with NortonLifeLock over merger

Cybersecurity company Avast says it is in “advanced discussions” about a merger with NortonLifeLock, signalling an appetite for consolidation in the fiercely competitive consumer cyber protection market. 

Norton has until August 11 to announce whether it intends to make an offer, according to Avast, which is Prague-based but floated in London in 2018 in one of the UK’s biggest tech listings at the time. 

“There can be no certainty as to whether any transaction will take place or the terms on which any possible merger may be agreed,” the company, which is part of the FTSE 100, said in a statement. It added that any deal could be a cash-and-stock transaction. 

Avast had a market capitalisation of £5.2bn ($7.1bn) as of Wednesday. The tie-up with Norton was first reported by The Wall Street Journal, which estimated that the deal could value Avast at $8bn. 

Founded in the 1980s, Avast is one of the world’s largest cyber companies that sells software directly to consumers in a niche market dominated by Norton and McAfee. According to its website, it has 435m global users and offers basic products for free, as well as paid-for premium and corporate services. 

Daily newsletter

#techFT brings you news, comment and analysis on the big companies, technologies and issues shaping this fastest moving of sectors from specialists based around the world. Click here to get #techFT in your inbox.

Norton, its larger Nasdaq-listed rival, was previously known as Symantec before Broadcom acquired its enterprise business in late 2019. The company, which has a market capitalisation of $15.6bn, has since attracted takeover interest from groups including McAfee and private equity firms TPG and Thoma Bravo. Norton’s shares fell about 3 per cent in after-hours trading.

The potential deal comes after a number of audacious cyber attacks against critical infrastructure groups, including the Colonial Pipeline, where hackers only released the company’s data once a ransom had been paid. 

But some hacking groups are also shifting to an exfiltration-only model known as “extortionware”, relying on the threat of reputational damage to win payment from victims — either companies or wealthy individuals.