Anti-Malware , Fraud , ID Theft

Symantec to Acquire LifeLock for $2.3 Billion

Security Vendor Looks for New Areas of Growth
Symantec to Acquire LifeLock for $2.3 Billion

In a move to expand its consumer offerings, Symantec plans to acquire identity theft protection services company LifeLock for $2.3 billion.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

The move will give Symantec an offering in a market area that it hasn't successfully tapped: the estimated one in four Americans that have been hit with identity theft-related fraud. Symantec, a stalwart of the security industry, for years has faced stiff competition in the consumer anti-virus market, which made growth challenging.

In a conference call with analysts, Symantec CEO Greg Clark said consumers will pay two to three times more for identity theft protection services than what they'll pay for malware endpoint protection. Symantec hopes to be able to cross-sell its identity theft protection service to Norton anti-virus customers and vice versa.

"Identity protection and really protecting people's digital lives and digital personas is something that we expect to be a long-term growth tailwind for our consumer business," Clark said.

The deal is expected to close in the first calendar quarter of 2017, pending the approval of LifeLock shareholders. The acquisition price values LifeLock shares at $24.

The services LifeLock offers are lucrative because consumers buy subscription packages, which means recurring revenue. But the company has a troubled history and has faced close scrutiny by regulators over its sales practices.

Product Plans

Tempe, Ariz.-based LifeLock will be integrated into Symantec's Norton line of products under what it calls a "digital safety platform," which includes desktop and mobile anti-virus products, parental control, internet of things, VPN and backup services.

LifeLock says it has nearly full visibility into the credit history and actions of every adult in the U.S. On the consumer side, the company uses third-party data to closely monitor actions such as when someone opens a new account or applies for credit. Notifications are sent to its members when LifeLock detects such an action. If it's unauthorized, LifeLock helps investigate what happened and with remediation. The company's enterprise business focuses on helping companies vet customers to judge whether they're a good risk.

LifeLock has 4.4 million members, with average monthly revenue of $12.25 per user. The total target market is estimated at 78 million. Symantec expects the revenue growth for LifeLock to be in the low-to-mid single digits, with an operating margin of more than 40 percent.

FTC Troubles

LifeLock has repeatedly clashed with the U.S. Federal Trade Commission over its sales practices, advertising and claims made to consumers. For starters, the FTC alleged that LifeLock convinced consumers to sign up for subscriptions by claiming it could prevent identity theft.

In a misguided marketing stunt, then-LifeLock CEO Todd Davis included his Social Security number in billboards and advertisements. He ended up experiencing identity-theft related incidents 13 times, according to an investigation by the Phoenix New Times. Davis later claimed the incidents were countered by using his own service.

LifeLock settled the case with the FTC for $12 million. But in July 2015, the FTC alleged that LifeLock had violated the 2010 agreement and contended that the company was continuing to make false claims to consumers.

The agency also charged that LifeLock failed to maintain a comprehensive information security program to protect its users' sensitive personal data, including credit card, Social Security and bank account numbers. The company settled that case in December 2015 for a whopping $100 million, the largest monetary award obtained by the FTC in an enforcement action (see LifeLock Settles FTC Case for $100 Million).


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Jeremy Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network