MY TAKE: What NortonLifeLock’s $8 billion buyout of Avast portends for consumer security

By Byron V. Acohido

So NortonLifeLock has acquired Avast for more than $8 billion.

This deal reads like to the epilogue to a book titled The First 20 Years of the Supremely Lucrative Antivirus Market. Way back in 1990, Symantec acquired Norton Utilities and made Norton the heart of its antivirus subscription offering.

Related: The coming of ubiquitous passwordless access

This was around the same time antivirus vendors like Trend Micro, McAfee, Kaspersky, ESET, Sophos, Bitdefender, Avira, AVG and Avast were staking out turf in what they saw, very accurately, as a profitable new software subscription market.

A lot of water has flowed under the bridge since then. Norton got ‘demergered’ from Symantec in 2014 and then acquired LifeLock for $2.3 billion in 2017; Avast acquired AVG  for $1.3 billion in 2016, for instance.

Meanwhile, native security is increasingly being built into popular operating systems, and there’s a trend toward beefing up application security, as well. These are eminently complex times. Companies are migrating to the cloud IT; consumers are working from home much more often.

NortonLifeLock and Avast appear to be betting on the next iteration of the huge and longstanding consumer antivirus market. Last Watchdog asked Forrester analyst Allie Mellen to connect the dots –- and clarify the significance — for individual consumers:

LW: What segment of consumers do you foresee  NortonLifeLock/Avast, and the other top antivius vendors, presumably serving five years from now?


Mellen: This deal seems to be betting on the importance of offering a consolidated consumer security portfolio that incorporates identity theft protection, antivirus, and other security tools like VPNs. They seem to be attempting to address the consumer security market more holistically, while also expanding their customer base and geographical regions.

Security and privacy are becoming a larger consumer priority, but this runs in parallel to an increased focus by large consumer brands on improving their built-in security controls, which are direct competitors to companies like NortonLifeLock and Avast.

LW: Given the acceleration of remote work and the rise of the gig economy, it seems like individual consumers are going to continue to have a responsibility, a rather big one, to secure their personal computing devices, for the foreseeable future. Do you agree?

Mellen: Absolutely. Individual consumers, whether contractors or those that have their own personal computer for other means, need to secure their personal computing devices. This is critical to ensure their own personal privacy and the security of their data.

There are simple steps consumers can take today, for free, to lower their overall risk of a cyber attack, including using multi-factor authentication for their accounts and using strong passwords. In addition, even simple training or quizzes on how to spot a phishing attack will help individuals to avoid being caught up in a scam or a potential attack.

LW: Will any of the big initiatives we heard about at RSA 2021 and Black Hat 2021 – such as advanced encryption, advanced application security and advanced cloud-security frameworks – ultimately remove much of the responsibility for data security from the individual consumer?

Mellen: Big initiatives like these are good for the security industry, but technology is not a silver bullet when it comes to consumer security. Ultimately, consumers will always be responsible for their own security and privacy, which goes far beyond preventing cyber attacks against them.

Individuals need to evaluate and decide on their own risk tolerance, which may affect what companies they are willing to share their personal data with, what personal data they are willing to put online in any capacity, and even what information they put on their personal devices.

Also, one of the top ways attackers can target individuals is via social engineering or phishing. Technology can only go so far when protecting individuals, and we must, to the best of our ability, learn to recognize manipulative or dangerous behavior online.

LW: Anything else?

Mellen: What’s most important for consumers to remember is that no matter what technology you use, it will not provide you with a ‘get out of jail free’ card in the event of a successful attack. It’s important to continue to be careful browsing online, use strong passwords, and use multi-factor authentication on your accounts wherever possible.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone