Cloudflare to Acquire Area 1 Security to Expand Its Zero Trust Platform

Acquisition to enable secure, fast email security through Cloudflare's Zero Trust network

San Francisco, CA, February 23, 2022 — Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced that it has agreed to acquire Area 1 Security. Area 1 Security’s cloud-native platform, which works seamlessly with any email offering, stops phishing attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment. In 2021 alone, the company blocked more than 40 million malicious phishing campaigns spanning business email compromise, malware, ransomware, and other advanced threats.

“Email is the largest cyber attack vector on the Internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust,” said Matthew Prince, co-founder and CEO of Cloudflare. “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”

Data from the FBI’s Internet Crime Complaint Center 2020 Internet Crime Report shows that malicious phishing campaigns including business email compromise are the most costly—with U.S. businesses losing more than $1.8 billion. Well known incidents of the last decade include the JPMorgan Chase breach, where a phishing attack impacted 76 million households and 7 million small businesses; SolarWinds, where phishing led to the compromise of 18,000 customers including multiple government agencies; Sony Pictures, where a phishing attack reportedly led to more than 100 terabytes of proprietary data being stolen; and in the U.S. elections, where phishing has been cited as the cause of damage inflicted upon the United States’ electoral process. According to Forrester, “the biggest problems with email are its ubiquity and our willingness to trust it. Every person has an email account, often more than one, making this medium a perennially ripe target for attackers.” As email continues to be an attractive entry point for increasingly sophisticated cyberattacks, businesses of all sizes need to consider how to integrate email solutions into their overall security stack and bolster it with global threat intelligence.

Chris Rodriguez, Research Director for IDC’s Network Security Products and Strategies notes, "Email is often the largest cloud application for any organization; and also represents the largest attack vector. Instead of viewing email security as a stand alone issue, more businesses realize that it needs to be part of their holistic security strategy. The combination of Cloudflare and Area 1 Security offers customers a uniquely differentiated and comprehensive Zero Trust offering with coverage across the entire threat lifecycle."

“Today, email is a business’ most-used cloud application. It's unfortunately unprotected. We estimate that more than 90% of cyber security damages are the result of just one thing: phishing," said Patrick Sweeney, CEO and President of Area 1 Security. "By combining our leading phishing protection and threat intelligence capabilities with Cloudflare’s global network, data capabilities, and Zero Trust platform we truly believe that together we can help companies of any size better secure their entire network infrastructure and better protect against the most destructive cyber risks.”

Cloudflare entered the email security market in 2021 with the launch of its Advanced Email Security Suite and additional tools to create custom email addresses, manage incoming email routing, and prevent email spoofing and phishing on outgoing emails. Because Cloudflare’s global network blocks an average of 86 billion cyber threats each day, the company has unique threat intelligence data that can allow it to more effectively filter out targeted phishing attacks (spear phishing) and other security threats that legacy email security solutions and API-only email security offerings can miss. Area 1 Security has long taken a preemptive approach to email security to stop phishing campaigns during the earliest stages of an attack cycle. By combining Area 1 Security’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, the two companies will provide a holistic Zero Trust solution that customers can enable through Cloudflare’s global edge.

Under the terms of the agreement, Cloudflare will acquire Area 1 Security for approximately $162 million, subject to customary adjustments, with 40-50% of the price payable in shares of Cloudflare’s Class A common stock and the remainder payable in cash. The acquisition is expected to close early in the second quarter of 2022 and is subject to customary closing conditions.

To learn more, please check out the resources below:

About Cloudflare Cloudflare, Inc. (www.cloudflare.com / @cloudflare) is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C., Toronto, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.

Forward-Looking Statements This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “explore,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s Zero Trust, email security and other products and Area 1’s email security platform, the benefits to Cloudflare’s customers from using Cloudflare Zero Trust and email security products, the Area 1 email security platform, and Cloudflare’s other products and technology, the expected functionality and performance of Cloudflare’s Zero Trust and email security products, the Area 1 email security platform, and Cloudflare’s other products and technology, the timing of when Cloudflare’s Zero trust and email security products and Area 1’s email security platform will be generally available to all current and potential Cloudflare customers, the potential timing of the closing of Cloudflare’s acquisition of Area 1, Cloudflare’s plans and objectives for, and the timing of, the integration of the Area 1 email solution into Cloudflare’s Zero Trust and email security products, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO, Area 1’s CEO and others. Cloudflare’s actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including its Quarterly Report on Form 10-Q filed on November 5, 2021, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in its forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

© 2021 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.

Press Contact Information
Daniella Vallurupalli
+1 650-741-3104