The Expert's View with Michael Novinson

Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT)

Why Activist Investor Jana Is Pressing Rapid7 to Sell Itself

Activist Investors Are Rare in Cybersecurity, But Rapid7's Struggles Drew a Firm In
Why Activist Investor Jana Is Pressing Rapid7 to Sell Itself

Double-digit top-line growth, high levels of R&D spend and large ownership stakes by founders tend to keep activist investors away from publicly traded cybersecurity companies.

See Also: Webinar | Prisma Access Browser: Boosting Security for Browser-Based Work

Activist investors have dabbled on the periphery of cybersecurity, as when Legion Partners took an 8.7% stake in OneSpan and pushed the identity verification provider in August 2023 to cut costs, return more money to shareholders and find a buyer for the company. But a sense that security companies are well-managed and appropriately valued has kept activist investors away from the 20 pure-play cyber stocks.

Until now.

Jana Partners announced a "significant" stake in Boston-based Rapid7 at the Sohn Monaco Investment Conference on Wednesday and plans to push the vulnerability management firm to sell itself, according to The Wall Street Journal. The activist investor is working with investment firm Cannae Holdings and wants Cannae to team up with a private equity firm to buy Rapid7, the publication reported Wednesday.

Jana Managing Partner Scott Ostfeld is also pushing for Rapid7 to make other changes to boost its stock price, including improving its operations and forecasting, The Journal said. Rapid7's stock is up $2.88 - or 7.58% - to $40.86 per share in trading Wednesday, the highest the stock has traded since May 7. Rapid7 declined to comment, and Jana and Cannae didn't respond to requests for comment.

Why Rapid7 Is on Jana Partners' Radar

Rapid7 has reportedly been on the selling block for nearly 17 months, and Reuters reported in February 2023 that the company hired Goldman Sachs to help with a potential sale to a private equity firm or another buyer. Thoma Bravo, TPG Capital and Alphabet all reportedly kicked the tires on Rapid7, but The Information reported in July 2023 that Rapid7 and Thoma Bravo were too far apart on price.

Then in August 2023, Rapid7 laid off 18% of its workforce - more than 470 positions - to streamline management layers, reduce role overlap and optimize its mix of onshore and offshore talent. The layoffs aimed to help Rapid7 boost its managed detection and response capabilities across all of security operations (see: Rapid7 Lays Off 18% of Employees Amid Shift to MDR Services).

Rapid7's headcount fell more than 15% from 2,623 employees at the start of 2023 to just 2,228 workers at the end of the year, and the share of the company's U.S. workforce dropped from 64% to 57%. Of the more than 80 pure-play cybersecurity vendors that disclosed layoffs since the start of the COVID-19 pandemic, only OneTrust has cut more workers than Rapid7, according to Layoffs.FYI.

Despite the layoffs, Rapid7's stock price has struggled mightily, falling 26% since the start of 2024. Of the 19 cybersecurity stocks tracked by Altitude Cyber, only vulnerability management rival Qualys' stock fared worse than Rapid7 this year. Rapid7 went public in July 2015 at a valuation of $600 million and is now worth $2.53 billion, down nearly two-thirds from its 2021 high.

Why Rapid7 Is an Easy Target for Activist Investors

Activist investors such as Jana Partners face fewer obstacles to throwing their weight around at Rapid7 than at other cybersecurity vendors, where insiders hold a large portion of the company's stock. The company's 12 executive officers and directors combined owned just 2.6% of outstanding shares as of March 31, and institutional investors Vanguard, BlackRock, FMR and First Trust own a combined 34.4% of Rapid7.

The stock of most publicly traded cybersecurity companies is more closely held. At Zscaler, founder, CEO and Chairman Jay Chaudhry and Ajay Mangal - who's reportedly tied to Chaudhry's family - control 38% of the company's shares. A lack of powerful insiders at Rapid7 means Jana can have more influence.

Activist investors often exert their power by replacing existing board members who are perceived as impediments to change with their own nominees. At OneSpan, Legion Partners in May 2021 pushed to replace four existing board members with its own nominees. The two sides made a deal in which two of Legion's picks would join the board and three of the members Legion wanted to oust would leave (see: Activist Investor Directs OneSpan to Pursue 'Immediate Sale').

Both Jana and Cannae have little experience in cybersecurity. Jana got two members onto NewRelic's board in June 2022 and helped steer the observability vendor toward a $6.5 billion sale to Francisco Partners and TPG just 13 months later. But most of the company's holdings are outside tech altogether, including food processing company TreeHouse Foods, Freshpet and rehab provider Encompass Health.

Cannae has an extensive footprint in club soccer and casual dining, including English club AFC Bournemouth, Scottish club Hibernian F.C., French club FC Lorient, Massachusetts-based the Ninety Nine Restaurant & Pub, and Tennessee-based O'Charley's Restaurant & Bar. Its technology footprint is much smaller and includes fintech CSI, payments platform Paysafe and HR software company Ceridian.

Despite lacking cybersecurity chops, will Jana and Cannae provide a much-needed outside push and get the long-rumored sale of Rapid7 across the finish line?

Customers, employees and competitors alike will watch closely to see what happens to a standard-bearer in the vulnerability management space.



About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.