Cyber Security Companies as Acquisition Targets

searcher profile

July 21, 2021

by a searcher from University of Richmond in Valparaiso, FL, USA

We are looking at two cybersecurity deals that define their services closely as...

"a managed solution that transfers some of the cybersecurity administrative burden associated with supporting your business activities"

Would be interested in hearing from you about your DD experiences. In this case, we do have a very experienced Operating Partner selected to run the company. I specifically am interested in understanding the competitive environment for these lower middle market businesses and any other pertinent experiences that will help us with our go/ No-go decision.

2
8
102
Replies
8
commentor profile
Reply by a searcher
from London Business School in Germany
From the description of the targets you are working on, it sounds more like an ICT company that looks after cyber security compliance outsourcing for its clients. Do these targets have their own product? Do they distribute any well-known cyber security products + service or are they just an outsourced “body-shop” that replaces clients’ IT security department. The valuation and the DD process for these three categories are very different. If the company has own or distribute 3rd party products - that’s good, switching is unlikely and very costly. If it provides some expertise and capacity, then the growth is more difficult, more dependent on how many people you employ and the cost of an average cyber security professional has been increasing rapidly). Additionally, do the employees have knowledge in cyber security for cloud environment, process automation and mobile device management. If not, such a legacy will need to change soon, but can be very costly to do so.
commentor profile
Reply by a searcher
in Portland, OR, USA
Robert: As you know the industry is changing fast due to insurers finally (after years of dawdling) beginning to standardize their requirements for firms. We've started by analyzing the cybersecurity requirements from several insurers and create services based upon the more technical aspects of requirements. Smart firms love cybersecurity insurance but also are keen to pay to fill in the technical gaps to keep their coverage compliant.

Here's an amusing/disconcerting message I received from a cybersecurity researcher:

Lets say you are a CEO: If you underspend on technology/security by
~50-100m/year, for 5 or 10 years... then have a bad breach, which costs you
400m, what do you get?

A: A Ferrari, because you saved the company 500m dollars and got a cyber
insurer to pay for your technology/security program.
commentor profile
+6 more replies.
Join the discussion