AT&T Reveals Plan to Spin Off its Cybersecurity Unit

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• Last week, AT&T answered the looming question concerning the fate of its cybersecurity organization when it announced plans for a spin out in early 2024

• At least in the near term, AT&T will hold majority ownership in the fledging company with Chicago-based investment house WillJam Ventures also taking a share.

After months of rumors swirling that AT&T was shopping its cybersecurity unit, the telco giant broke its silence last week by announcing it is spinning out the unit in early 2024. The company will keep a majority ownership stake in the standalone company with a new investment from WillJam Ventures, the Chicago-based investment firm involved in the deal. WillJam has a history in cybersecurity. The company currently has a stake in the PCI compliance vendor Viking Cloud as well as XDR provider GoSecure. WillJam facilitated the deal to sell TrustWave to SingTel for $850 million in 2015.

The announcement offered minimal details, other than that the new entity will include security software and managed and consultative security services. AT&T has refused to answers questions beyond the brief announcement, other than to say it is communicating with customers about the transition.

This is not the first time AT&T has hit a rough patch concerning its cybersecurity business. In 2018, AT&T acquired threat intelligence vendor AlienVault, forming a new unit around the company. AlienVault had a very different go-to-market approach than AT&T, focusing on delivering security services to mostly mid-sized and smaller customers through the channel. AT&T traditionally sold security services directly, with a big emphasis on large enterprise clients. There were some indications that the integration wasn’t an entirely seamless process. In security, AT&T started to drop off the radar.

Given AT&T’s speckled past in security and the fairly active discussion around a possible sale, the decision to jettison its cybersecurity unit is hardly surprising. But that doesn’t mean it isn’t questionable. Security is core to effective network communications; shedding an organization that for years AT&T has touted as providing it with essential capabilities could alarm and confuse clients and partners alike. Clear communications around how this will benefit clients, rather than its investors, will be paramount. Clarity around financials would also help clarify the motivation behind the arrangement.

Whatever comes of this spinout, at least initially it looks like a lack of commitment from AT&T to security. And the timing is particularly poor as cybersecurity remains a top investment priority for most businesses.

Leave a Reply