Home News NortonLifeLock and Avast merger is surprising, yet unsurprising: Allie Mellen

NortonLifeLock and Avast merger is surprising, yet unsurprising: Allie Mellen

The NortonLifeLock and Avast merger aims to strengthen the cyber safety platform and make it available to more than 500 million users through accelerated innovation; Forrester analyst believes the ‘winds of change are unfavorable.’

NortonLifeLock and Avast merger

There has been a significant traction in the security industry with growth in the antivirus market.  According to the “Industry Arc Antivirus Market – Forecast (2021 – 2026) report,” the global antivirus market is expected to grow at a CAGR of 20% from 2018-2023. The industry is experiencing some kind of consolidation in the otherwise largely fragmented market. There have been significant collaborations in recent times like Thoma Bravo‘s $12.3 billion takeover of Proofpoint, Broadcom’s $10.7 billion acquisition of Symantec’s enterprise business, and now we have the NortonLifeLock and Avast merger on the anvil.

By Minu Sirsalewala, Editorial Consultant, CISO MAG

Where we see these billion-dollar deals being announced, is the market conducive for their sustenance and growth? Or will they bleed?

Allie Mellen
Allie Mellen, Analyst – Security and Risk, Forrester

In an exclusive interaction with CISO MAG, Allie Mellen, Analyst, Security and Risk, Forrester, discussed the cybersecurity market landscape and how “the NortonLifeLock and Avast merger is surprising, yet unsurprising.”

At Forrester, Mellen supports security and risk professionals, covering security infrastructure and operations to assist clients in building and maturing their threat detection and response strategies. Her coverage includes the people, processes, and tools of the security operations center (SOC); security analysts; security information and event management (SIEM); security user behavior analytics (SUBA); security analytics (SA); security orchestration, automation, and response (SOAR); endpoint detection and response (EDR); extended detection and response (XDR); and SOC metrics. Her research focuses on the current state and evolution of analytics, detection, automation, and response in security.

Consolidations and M&A Drivers

Concerns over cybersecurity are at an all-time high given the recent breaches of Colonial Pipeline, Kaseya, and T-Mobile. These events are shaping public perception over the security preparedness – or lack thereof – of companies’ consumers share their data with. As these concerns get larger, so too does the market for consumer security solutions.

“However, consumers want something simple – generally speaking, they don’t want to have to buy ten different security products from ten different vendors. These consolidations and M&As signal the importance of providing a holistic security solution for consumers,” says Mellen.

NortonLifeLock and Avast Partnership Value

According to Mellen, the deal seems to be betting on the importance of offering a consolidated consumer security portfolio that incorporates identity theft protection, antivirus, and other security tools like VPNs. They seem to be attempting to address the consumer security market more comprehensively, while also expanding their customer base and geographical regions.

Unfavorable Winds of Change

Security and privacy are becoming a larger consumer priority, but this runs in parallel to an increased focus by large consumer brands on improving their built-in security controls, which are direct competitors to companies like NortonLifeLock and Avast. To stay ahead of built-in security controls, companies like NortonLifeLock need to innovate or build out their portfolio.

The consumer antivirus solutions are under deep strain as users turn to built-in operating system security capabilities in lieu of third-party solutions.

“As Microsoft and Apple prioritize native security built into their products, traditional antivirus providers have no choice but to look for new features and popular offerings that may differentiate them. However, this merger is unlikely to stop the bleeding when it comes to loss of customers for traditional antivirus players due to the convenience and credibility of larger brands,” articulated Mellen.

Standalone Consumer Security Players – Challenging Times

Public perception, especially that of the built-in security of large operating systems and computer hardware manufacturers, has changed dramatically in the past 5 to 10 years. When it comes to standalone antimalware, we are past the point where individual consumers must pay a subscription for basic antimalware.

“There are capabilities built natively into the operating system, as my colleague has written about, that can provide beyond basic antimalware protection. A good example of this is Windows Defender, which is built-in to Windows 8, Windows 8.1, and Windows 10,” said Mellen.

There is a small number that still pays subscriptions for basic antimalware protection, but as large brands like Apple and Microsoft prioritize security and privacy, this trend will likely drop off. For other kinds of consumer security, this remains to be seen. However, it is clear that big brands like Apple and Microsoft are heavily prioritizing built-in and free consumer security.

Exploring Avenues

Inevitably, even larger brands must ensure consumers have choices outside of their portfolio when using their products. Mellen opines that partnership possibilities will always exist between these standalone security providers and prominent brands, especially in areas with no competitive overlap.

She adds, “The question is, will it be enough of the consumer market to keep the standalone security product market growing? This question also speaks to the importance for companies like NortonLifeLock to diversify their portfolio. Better to have a variety of offerings, rather than one that may be direct competitors with a partner.”

Avast – Controversial Past

Data breaches and privacy controversies can have a significant impact on consumer trust. Any organization that struggles with a controversy like the Avast data harvesting row, must show transparency in the wake of an incident. Specifically, this means outlining what happened when a breach or privacy event occurs, clearly defining why it happened, and presenting and executing on next steps to ensure it doesn’t happen in the future. The worst thing an organization can do is sweep privacy matters or breaches under the rug, as it will inevitably destroy trust with consumers.


This is an instance where things are more complicated than simply consolidating a customer base and receiving double-digit revenue growth. This merger will give the brand a substantial presence in the market and access to a new set of customers interested in standalone consumer security products.

“However, the winds of change are against standalone consumer security brands as consumers look for simple, effective ways to secure their data: using already built-in security from a brand that knows the operating system inside and out.”

On the other hand, if these larger brands fail to build trust and live up to consumer expectations, there may be an opportunity for standalone consumer security products to maintain and expand their foothold.

NortonLifeLock and Avast merger


About the Author

Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.

More from Minu.