Despite dire predictions at the end of 2022 from many macro-economists, many of whom infamously forecasted recession as a 100% certainty, 2023 was a year of recovery rather than recession for the US economy. But don’t tell that to the hundreds of thousands of technology workers who were laid off and the thousands of once-promising startups that shuttered their doors in 2023. Indeed, the road to recovery has been quite bumpy for most enterprise software, IT, and cybersecurity companies. We entered 2023 at the low point of a “tech recession” that was driven by increased interest rates and made all the more painful by a COVID spending hangover. As investors, startup founders, and big company CEOs shifted from investing in growth to cutting costs, paving a path towards profitability, a wave of layoffs rippled across the technology industry, reaching a crescendo in January 2023.

IT Services: Moderate Strength from Public to Private             

Still, while 2023 was a tough year for software startups and the employees of large technology companies, it was a relatively strong year for IT services providers. According to the latest analysis from Gartner, overall IT spending grew around 3% across 2022 and 2023, burdened by a significant decrease in device spending each year. IT services spending experienced over 5% of healthy annual growth across the same two-year period. And growth in IT services, which is expected to supplant communications services as the largest portion the ~$5 trillion global IT market, is now expected to accelerate to over 9% in 2024. As CIOs and CTOs struggle to retain talent and face mandates to cut their workforces, outsourced and managed IT services providers will continue to be big winners. Our experience owning and buying IT services companies aligns with the conclusions drawn by Gartner analyst John David Lovelock: in short, labor is shifting “from CIOs to the IT services firms.”  

The performance of leading publicly-traded IT services providers confirms Lovelock’s hypothesis. As of the end of 2023, Accenture, Capgemini, and Cognizant had all seen their revenue and profitability grow at rates north of 10% over the last couple of years, with current industry leader Accenture leading the pack at 24% revenue growth and 18% EBITDA growth over previous 24 months. Investors have taken solace in the steady, reliable growth of IT services leaders, as Accenture and Cognizant stock prices each rose 32% in 2023, significantly outpacing the S&P 500’s healthy 24% growth over the same period. But digging a layer deeper, it’s interesting to note that much of Accenture’s growth has been inorganic – the M&A machine churned out a remarkable 27 acquisitions in 2023 alone, and they haven’t shied away from “paying up” for high-growth IT services firms with critical capabilities around cloud and proven experience integrating and managing in-demand software solutions like ServiceNow. So far, the market has rewarded the active corporate development team at Accenture. Surely, they are betting that Accenture is as good at integrating companies as they are at buying them.

While most public IT services leaders focus primarily on enterprise customers, the MSPs and VARs that serve middle market and SMB customers faced a bit more turbulence in 2023. Still, Worklyn Partners’ investment analysis of nearly 100 private IT services providers in 2023 suggests that, on average, MSPs and VARs experienced moderate demand growth in 2023. Unfortunately, from what we’ve seen, revenue expansion did not translate to increased valuations in private IT services M&A the way it did for the public leaders. Still, while overall IT services M&A volume ticked down from its frenetic heights in 2021, the year of exit valuation maximization, we do believe that 2023 saw valuations increase moderately from their late 2022 lows. The second half of 2022 and the early months of 2023 were characterized by bargain hunting and the consolidation of companies struggling to weather the economic headwinds on their own, but deal velocity and valuations seemed to increase in the second half of 2023.

Cybersecurity: An Impressive Recovery

Similarly, it took until the second half of 2023 for most of the technology sector, led by the booming “Magnificent Seven” to emerge from its recession and join the broader economic recovery. But what about smaller software and cybersecurity companies? While they lagged the growth of the Magnificent Seven, enterprise software stocks, and in particular, cybersecurity companies, recovered impressively in 2023. We’re not quite back to the peak salad days of Q4 2021 –  valuations may never again be so generous, at least for high-growth, unprofitable companies trading on forward revenue multiples – but publicly-traded cybersecurity and SaaS companies are entering this year feeling good.

Public technology companies that recalibrated to focus on profitability by cutting costs (employees) were rewarded handsomely in the second half of 2023. The Bessemer Emerging Cloud Index, a bundle of mostly growth-stage SaaS stocks rose by over 30% in 2023, and HACK Cybersecurity did even better, growing approximately 37% over the year. After declining by a shocking 62% in 2022, software valuation multiples recovered more than halfway (32%) in 2023, while the median multiples for leading cybersecurity stocks expanded from 6.3x to 10.6x. The stars of the cybersecurity recovery, Crowdstrike (CRWD) and Palo Alto Networks, saw their stock prices grow 142% and 111% respectively. Interestingly, while industry darling Crowdstrike is now trading at over 20 times its annualized revenue, its direct competitor SentinelOne (S) is trading down closer to 10 times its annualized revenue, despite a significantly higher revenue growth rate (on a lower base, to be fair). Though the companies enjoy similar gross margins, and do virtually the same thing, CRWD’s market capitalization is nearly ten times that of S. This dichotomy illustrates the extreme premium that public investors have attached to profitability in 2023, as CRWD’s LTM free cash flow margin is 29% while S’ is a concerning -13%. It’s also worth noting that S was beset by a series of issues, including poor ratings by security analysts, leadership churn, and some financial reporting missteps. But despite these missteps, SentinelOne’s 81% growth is nothing to shake a stick at, and the company looks like a bargain relative to its largest competitor.

Ironically, the other big winners in public cybersecurity last year were the private equity firms prescient enough to orchestrate take-privates in the first half of 2023, when multiples were closer to their 2022 lows and the prospects of recovery were dimmer. Francisco Partners, Vista Equity, and Thoma Bravo all placed bets on undervalued cyber companies in the first half of 2023. Francisco Partners’ acquisition of Sumo Logic for $1.7B on a revenue multiple of just 5.6x looks like a steal to us, especially after Cisco announced its intention to acquire Sumo’s larger but less strategically positioned competitor, Splunk, at a 7.3x revenue multiple later in the year.

If we accept that Splunk is, at its core, more of a cybersecurity company than an IT operations player (even this is debatable), Cisco’s $28B acquisition of the SIEM provider is arguably the largest pureplay cybersecurity transaction in history. The effects of this deal will reverberate around the industry, but we don’t know if the deal will have the transformational effects that Cisco is hoping for. Enterprise customers have been complaining for years now about Splunk’s unpredictably high pricing, and its sale may prove to be the catalyst for a growing number of disaffected customers to abandon the platform entirely. We believe that, in the 12 months after the deal closes, Splunk will lose more customers than it will gain via cross-selling into the broader Cisco customer ecosystem. And in the time it takes for Cisco sales teams to figure out how to sell Splunk licenses, cloud-native SIEM and IT and security orchestration vendors like Datadog and Snowflake, as well as growing MDR providers and cybersecurity platform leaders, like Palo Alto, will continue to seize market share from Splunk. Already a leader in networking and network security, Cisco leadership rationalized the Splunk deal as an attempt to push further into cloud security, AI and security analytics, and observability, making them a legitimate cybersecurity platform capable of offering full-stack security solutions, from on-premise networks to cloud to endpoints, and positioning Cisco to compete with leading platform players like Palo Alto. But, in truth, Splunk itself has not yet managed to morph from an on-premise solution into a cloud-first provider, and moving under the Cisco umbrella will not help them solve this problem. It is also worth pointing out that $28B, at a 31% premium on previous closing price, is pretty damn expensive.

We think a more transformative play would have been for Cisco to acquire fast-growing SentinelOne (S), a true cloud native that now has some of the same log management and security analytics capabilities as Splunk thanks to its acquisition of Scalyr. It is rumored that Cisco did consider this route, but quickly pulled out after due diligence revealed inaccuracies in how SentinelOne was calculating recurring revenue. Still, with EDR becoming a “must have” for any company that takes IT security seriously, we believe Cisco would have gotten more value out of SentinelOne, while likely paying less than a third of what they had to put down for Splunk.

Venture Capital Pullback:

While leading publicly traded cybersecurity growth stocks exhibited an impressive recovery, the venture capital landscape for cybersecurity experienced a significant pullback, particularly after several high-profile disappointments in highly valued cyber companies. VC funding for North American and European cybersecurity companies fell off a cliff after the market downturn in Q3 2022, with security companies raising $8.2B in 2023 compared to $16.3B in 2022. Despite investor optimism for deal volume rebound, only six megadeals were tracked in Q3, with AI model security emerging as a notable growth theme, exemplified by high valuation step-ups for pure-play AI security startups HiddenLayer and Protect AI. Indeed, the largest three funding rounds in Q3 2023 constituted nearly 30% of all VC funding in the sector. 2023 also saw a number of notable “down-rounds” for previously hot cybersecurity startups. Perimeter 81 was acquired for a 51% mark-down from its prior private valuation and according to rumors, Snyk saw its valuation more than halved from $8.5B in a 2021 Series F to less than $4B in recent secondary transactions. On the bright side, at least many of these former highflyers are managing to stay alive and cut their cash burn. The same cannot be said for IronNet, a network security vendor founded by the former chief of the NSA, which recently filed for bankruptcy after completing a SPAC transaction that enriched its directors and officers, but now has them in Delaware courts facing shareholder lawsuits. With investors showing a relative lack of interest in conventional SaaS compared to AI and pushing their existing investments to chart the path towards profitability, cybersecurity startups must navigate a landscape where capital of all kinds is more expensive.

Still, the cybersecurity startup landscape saw some major winners emerge, suggesting that 2023 was a year of haves and have nots in VC. For instance, at the beginning of the year, Wiz, the new Wizkid of cloud security, raised another massive $300M funding round at an eyewatering $10B valuation, with investors valuing the business at over 50x forward revenue. And now, as they head into 2024, they’ve eclipsed a $300M recurring revenue run rate, less than four years after launching in market. With the public markets finally becoming more friendly, Wiz may even consider an IPO in 2024. We predict that the venture-backed cybersecurity and enterprise technology vendors to go public in 2024 are those that have achieved some real scale, but are a bit longer in the tooth, with investors who are itching for a liquidity event. We believe that relatively slower-growth, established vendors like Rubrik, a data security leader with sticky customers, and Netskope, a leader in the SASE space, are most likely to pry open the doors to the public markets in 2024. Public markets finally reopening in 2024 and technology companies successfully IPOing will create positive downstream momentum, leading to increased financing and M&A activity. In fact, we’re already seeing it in the first few months of 2024!

If you liked this blog, be on the lookout for a full report with more reflection on 2023 on MSPGrowthHacks.com

The strategic acquisition strengthens the Worklyn Managed IT portfolio, adding the Microsoft / Cisco certified partner to their growing ecosystem of Managed IT, networking, and cybersecurity partners. 

DENVER, CO -- Worklyn Partners recently completed an investment in NOYNIM LLC, a leading managed IT services provider delivering a wide-range of technology solutions to small and medium sized organizations. Founded in 2006, NOYNIM has a long and proven track record providing proactive IT and networking solutions that help clients scale their technology stacks, primarily focused on the Mountain West region. 

Worklyn Partners is a committed capital investment firm making control investments in cybersecurity and IT services firms. Founded by Zack Miller and Johnny Lieberman, Worklyn is focused exclusively on this technology sector, building a diverse ecosystem of Managed IT and security vendors that complement one anothers’ capabilities.  

Johnny Lieberman, co-founder of Worklyn, commented, “We’re thrilled to partner with Daniel Noy and the entire Noynim team. Noynim has grown its services capabilities and customer base sustainably since inception in 2006, and they do things the ‘right way’. Always customers first, always focused on service delivery outcomes.” He continued, “We particularly like their deep experience implementing and managing Microsoft solutions, complementing the Cisco service delivery already within our platform. Noynim also has significant experience serving customers with more complicated IT environments, including OT and critical infrastructure. The team also has significant experience working with investment firms, including PE firms and PE portfolio companies.” 

NOYNIM, a leading IT consulting and managed services provider, announced its acquisition by Worklyn a prominent investment firm, marking a significant milestone in the company's growth and expansion strategy. The partnership is expected to fuel NOYNIM's innovation and enhance its ability to deliver exceptional technology solutions to clients worldwide. 

Daniel Noy, founder of NOYNIM will be staying on as CEO.  He commented, “I am personally excited to work with the best of the best when it comes to investment firms.  Worklyn is unique as they bring in knowledge at enterprise type aquistions to smaller ones.  They are pioneers as no other investment group has the credebility, education, capital and connection they posses.” 

NOYNIM is the third addition to the Worklyn portfolio, joining California-based NetXperts, a leading provider of IT solutions, network engineering, and managed IT services, and Quadrant Security, the Florida-based cybersecurity organization providing Managed Detection and Response services to customers across North America.  

The complementary capabilities of the three portfolio companies make way for shared services, while also setting the stage for future strategic acquisitions as Worklyn expands its cybersecurity and IT services platform. 

To learn more about this acquisition or for information on the Worklyn platform, interested parties should contact info@worklynpartners.com. 

ABOUT WORKLYN PARTNERS 
Worklyn partners is an investment firm focused exclusively on the Cybersecurity and IT services markets. Worklyn has assembled a group of partners both with extensive investing and sector expertise to help grow technology companies at the rapidly expanding and evolving intersection of cybersecurity and IT services. Worklyn Partners currently has offices in New York, NY; Jacksonville, FL; Denver, CO; and Walnut Creek, CA. For more information visit worklynpartners.com 

ABOUT NOYNIM IT SOLUTIONS 
NOYNIM IT Solutions is based in Denver, Colorado providing a wide range of managed IT services to small and mid-sized businesses across the United States. NOYNIM was founded on the belief that all businesses, regardless of size, deserve affordable enterprise-grade IT solutions. Our goal is to perpetuate the growth of our clients, while helping them avoid the large overhead costs often associated with employing in-house IT staff. For more information, visit https://noynim.com/  

Cybersecurity is a top concern for businesses of all sizes, and private equity (PE) firms are no exception. In fact, PE firms are increasingly targeted by cyberattacks, as they typically hold a wealth of sensitive information, including financial data, customer information, and intellectual property.

As a PE investment firm focused exclusively on IT and cybersecurity, Worklyn is acutely aware of the unique cyber risks faced by these firms. As a result, our portfolio of companies, led by Quadrant Information Security, have become increasingly focused on helping PE firms secure their organizations and the IT environments of the companies they own.    

We’ve observed a recent uptick in so-called “supply chain hacks,” with attackers targeting third-party vendors that supply critical technology components, gaining access to the target organizations’ systems and data. Notable examples of these supply chain attacks include the headline-grabbing SolarWinds and Kaseya breaches. In a way, private equity firms are the ultimate “supply chain” target, because they tend to have sensitive data and access to the portfolio companies they own, and they tend to have deep pockets.

Indeed, a recent study by the Ponemon Institute found that the average cost of a data breach for a financial services firm was nearly $6 million in 2022. This is significantly higher than the average cost of a data breach for other businesses, which is $4.35 million. It’s clear that even well-protected PE firms are an enticing target for enterprising cyber hackers looking to make a quick buck.

A Uniquely Good Target to Attack

PE firms are often harder to protect than the typical organization. With many employees working remotely, it’s difficult to keep track of who has access to sensitive information and how they are using it. Middle-market PE firms, which comprise the majority of the market, often invest in companies that have been bootstrapped and have not had the IT security budget or expertise to build the necessary internal security controls.

To protect themselves and their portfolio companies from cyberattacks, PE firms need to focus on cybersecurity during the diligence process when they are evaluating potential acquisitions. A data breach or ransomware attack could have a significant impact on the value of the acquisition, and could also damage the reputation of the firm. Worklyn’s portfolio of IT and cybersecurity companies, led by Quadrant, often help PE firms conduct “quality of cyber” (IT and Cybersecurity) due diligence of potential acquisition targets.

Here are a few tips that PE firms can utilize to assess risk of a potential acquisition during due diligence:

• Ask the target company – both IT team and leadership – about current cybersecurity policies and procedures and review those controls. When Quadrant conducts IT/cybersecurity due diligence on behalf of a firm, they typically complete gap assessment against the NIST controls.

• Review the target company’s insurance policies, including specific cyber insurance if the company pays for it. We often find that insurance policies have lapsed, or that there is a gap in the target company’s security policies and

• Conduct an open-source threat analysis, including a sweep of the Dark Web to look for compromised employee credentials and other potential threats. We’re often shocked at what’s out there – which in rare cases, reveals an active cyber breach – but more frequently can inform post-acquisition remediation recommendations.

• Review the target company's security logs to see if there have been any recent breaches. Quadrant, as a company that specializes in security monitoring and log analysis, typically recommends this for all diligence processes, assuming the logs are accessible.

• Evaluate the target company's incident response plan. In the event of a cyber-attack, a well-designed incident response plan can help mitigate the damage and limit the impact on the business. We often help PE firms put an effective plan in place and then make sure it’s tested and updated regularly.

• If applicable, we evaluate the target company's compliance with industry regulations and standards. Depending on the industry, businesses may be required to comply with certain cybersecurity regulations such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), or the General Data Protection Regulation (GDPR).

We also occasionally conduct penetration tests of the target company's systems to identify any vulnerabilities. We don’t always do this during the diligence phase, as it’s an extremely involved deep-dive process, and sometimes deal teams do not have time – but we often recommend this as a critical “next step” on the post-acquisition roadmap.

It’s important to recognize that not every vulnerability or cyber risk can be remediated before a deal closes – and unless diligence reveals an active breach at the target company, rarely is a risk so severe that we recommend a buyer not complete the planned acquisition. Typically, the most critical output of IT/cybersecurity diligence is the creation of a roadmap or timeline of investment for hardening IT security, remediating vulnerabilities, and filling any gaps.

By conducting a thorough cybersecurity due diligence process, PE firms can help mitigate the risks of a data breach or other cybersecurity incident. This will help protect the value of the acquisition and the reputation of the private equity firm.

To learn more about conducting IT/cybersecurity diligence for your potential investments, contact Quadrant for next steps.

On the heels of its 2021 Fundraise and its investment in Quadrant Information Security, Worklyn Partners acquired NetXperts, a California-based Cisco Gold Certified Partner and leading provider of network engineering, IT, and networking solutions for West Coast Public Sector entities

WALNUT CREEK, CA: Worklyn Partners has announced its acquisition of NetXperts, a leading provider of IT solutions, network engineering, and managed IT services. Founded by Gary Nordine in his garage, NetXperts has been connecting the backbone of civic society and securing Californian state, local, and educational entities for over 25 years. Key partnerships with both Cisco and Microsoft, as well as other critical networking and cybersecurity vendors, undergird company-wide software and hardware expertise that enables NetXperts to deliver a diverse suite of IT solutions. NetXperts’ IT, networking, and cybersecurity solutions enable connectivity, drive business value and protect some of the most critical state and local government organizations in the West.

Founded by Zack Miller and Johnny Lieberman, Worklyn Partners is a committed capital investment firm that makes control investments in cybersecurity and IT services firms. Uniquely, Worklyn is focused exclusively on this sector. NetXperts is Worklyn’s second acquisition, following in the footsteps of the firm’s initial investment in Quadrant Information Security, a leading provider of managed security monitoring and detection services. The capabilities of NetXperts and Quadrant will complement each other and future strategic acquisitions as Worklyn expands its cybersecurity and IT services platform.

Johnny Lieberman, a co-founder of Worklyn, commented, “We’re really excited to partner with the team at NetXperts as a centerpiece investment in our flagship fund. They impressed our team with their deep understanding of the public sector IT services space and their commitment to excellence in engineering and service delivery.”

Backed by growth investment from Worklyn, NetXperts will continue to expand its brand and work to combine its services offering with Worklyn’s previous investment: Quadrant Information Security. Worklyn is committed to growing its offering and doing more for the critical West Coast public sector entities that NetXperts already serves, and NetXperts is committed to growing its team and its capabilities to continue to innovate as a partner and an IT service provider.

About Worklyn Partners

Worklyn partners is an investment firm focused exclusively on the Cybersecurity and IT services markets. Worklyn has assembled a group of partners both with extensive investing and sector expertise to help grow technology companies at the rapidly expanding and evolving intersection of cybersecurity and IT services. Worklyn Partners currently has offices in New York, NY; Jacksonville, FL; and Walnut Creek, CA. For more information visit: www.worklynpartners.com

About NetXperts

NetXperts is a leading provider of managed IT and network engineering services headquartered in Walnut Creek, CA with additional offices in Ontario, CA and outside Los Angeles. Since 1996 the team at NetXperts has built a reputation on being a leader in network and IT solutions to local California public sector organizations. The company specializes in professional services include planning, design, assessment, installation, deployment, troubleshooting, monitoring, 24x7 network operations and monitoring. NetXperts has key partnerships with Cisco Systems, Microsoft, EMC, HP, VMware, Carbon Black, Verkada, and many other leading technology vendors. For more information visit: www.netxperts.com

Debut growth equity firm gets to work with investment in a growing provider of managed detection and response (MDR) services powered by proprietary security analytics software.

JACKSONVILLE, FL – January 26, 2022 - Worklyn Partners, a growth equity fund investing and operating at the intersection of cybersecurity and IT services, announced today its acquisition of Quadrant Information Security, an emerging managed detection and response (MDR) provider, and Jacksonville’s leading hub for cybersecurity talent, technology, and capabilities. On the heels of the first close of its maiden fund at over $35 million, Worklyn’s investment will enable Quadrant to scale its proprietary technology platform and accelerate faster growth. 

Building on over a decade of delivering innovative IT and security solutions to businesses and enterprises, Quadrant provides managed threat detection, analysis, and monitoring capabilities in conjunction with other IT services as part of a comprehensive portfolio of cybersecurity offerings. At the core of Quadrant’s platform is their proprietary technology, Sagan. More than a traditional SIEM (security information and event management) tool, the Sagan Solution is an all-inclusive information security ecosystem that offers real-time identification, validation, and notification on malicious activity at both the log and network levels.

“Cybersecurity software and tooling is important, but most businesses need outside experts and outsourced service providers to truly get the most out of their tools and 24/7 security monitoring to prevent or at least minimize the impact of cyber attacks,” said Zack Miller, Partner and Co-Founder of Worklyn Partners. “Given the national shortage of cybersecurity talent and the growing prevalence of cyber threats, we don’t think this reality will change any time soon. The Quadrant team has built a phenomenal software platform, but above all, they are a talented, high-integrity team.”

Serving as the centerpiece for Worklyn’s cybersecurity platform, Quadrant will leverage the growth equity investment to build out its expert team of security analysts, engineers, developers, and consultants, and to continue to evolve Sagan as the leading platform for security analytics.

“We couldn’t be more optimistic about our partnership with Worklyn and the years ahead of us,” said Ian Bush, President and CEO of Quadrant. “The Quadrant brand was started over ten years ago, with a heavy focus on our Sagan platform and supporting SOC service. This new relationship will provide the resources necessary for the continued development of our existing offerings, as well as new security services slated for future release.” 

“For over a decade, we have been building outstanding technologies supported by a second-to-none SOC and an expert engineering team, which has allowed us to provide high-quality service to all of our clients. The Worklyn team shares our dedication to customer satisfaction, and with their help, we can accelerate innovation on our Sagan platform,” added Quadrant CTO Champ Clark.   

Quadrant has experienced impressive growth over the past five years, and now serves customers of various sizes across the country, from large enterprises to smaller businesses ranging across all verticals, from hospitals to technology companies. Within the $150 billion global cybersecurity market, Quadrant competes primarily in the managed detection and response (MDR) segment, which is expected to grow at over 20 percent per year over the next five years.

About Worklyn Partners

Worklyn Partners is an industry-focused growth equity fund building a network of portfolio companies to form a one-stop-shop for cybersecurity and IT services. Led by founders Johnny Lieberman and Zack Miller, Worklyn is uniquely focused on emerging companies in a booming and critical sector. The firm differentiates with a truly operational approach, wherein its partners join the management teams of portfolio companies. Backed by a diversified investor base and a network of operators with deep industry experience, Worklyn’s vision is to build a portfolio of IT and cyber services providers that, together, serve as a trusted partner to organizations that lack the resources to conquer all of their IT and security challenges alone. To learn more, visit worklynpartners.com. 

About Quadrant Information Security

Quadrant Information Security is a managed detection and response (MDR) and enterprise security services provider based in Jacksonville, FL. Its consultative approach, proprietary software platform, and unique array of services offerings, coupled with its strong past performance and highly skilled security professionals, make it an appealing provider in the cybersecurity arena. Quadrant is committed to supporting organizations in all vertical markets by protecting sensitive data using an integrated service offerings approach tailored to each client’s needs. To learn more, visit quadrantsec.com.

Note: this blog post originally appeared on the CompTIA blog in June 2021.

With business valuations at historical peaks, the new administration poised to raise capital gains taxes, and more private equity firms aggressively hunting for recurring revenue from managed services providers, 2021 is shaping up to see the most MSP merger and acquisition activity to date.

All of this activity has some business owners wondering: “Is now the time to sell my IT services business?” Whether you think you’re ready to sell tomorrow or in three years, there are some guidelines worth considering sooner rather than later. Understanding the “do’s and don’ts” below will help prepare your business for a clean, value-maximizing sale, while avoiding the horrors of a broken deal.

We’ve worked with more than 100 cybersecurity and IT services providers in the last 12 months as we work towards building a one-stop-shop security and IT services provider. Based on our discussions with business owners and deep dives into their businesses, we’ve picked out some common themes and shared buyer criteria that may be helpful for various stakeholders in the IT services community to consider as they explore exit opportunities.   

DON’T Just Ignore Calls from Brokers and Private Investors

Even if you’ve never really thought about selling your business, set aside a little time—maybe as little as 30 minutes a month—to hear out an interested investor. You don’t need to let them grill you. Rather, you should ask them up front: “what differentiates you as a capital provider.” More importantly, use the conversation to learn how investors will look at and value your business, what makes your business attractive, and what you can improve upon if you want to fetch a higher price when you do decide to exit.

DO Start with the End in Mind

Do you want to cash out entirely and go sit on a beach? If so, engaging with a technology services provider or a private-equity-backed “rollup” that is consolidating a batch of similar smaller firms may be your best option. There’s a higher risk around integration hiccups and culture clash, but that doesn’t matter so much if you no longer have a significant stake in the business.

Some independent “search funds” will also look to buy your business alone, and replace you as CEO, which may be attractive if you want to ensure your customers and employees are treated right. But you have to make sure they have the money to do the deal before you spend too much time with a search fund.

Would you rather take some chips off the table but retain an equity stake to take another bite at the apple? In that case, you want to find an investor that views you as “the platform.” This can be a private equity firm, or an independent sponsor. You’ll get more upside and more operational control as the platform (and often, a higher valuation multiple—good leadership is hard to find!), but you’ve got to trust your investor-partner here and buy into their vision. 

DON’T Be Afraid to Have This Conversation Up-Front

It’s critical and it informs everything else—from which potential buyers you’ll spend time with to who (if anyone) you’ll hire to help you run any future sale process.

DO Be Honest About Where Your Business Falls Short

Investors don’t expect you to have a perfect business when they show up on the first day after investing. In fact, that’s often precisely why they are investing—because they have identified key initiatives for improvement or growth levers that have not yet been pulled. By proactively highlighting your weaknesses along with your strengths, you’ll build trust with the potential buyer, thereby speeding up the process, increasing the likelihood of closing a transaction, and smoothing the post-investment integration path. Paradoxically, identified areas for improvement—you can call them out as “avenues for growth acceleration” or something fancy—may even help buyers get comfortable paying more for your business. 

DON’T Misrepresent Labor Costs and Gross Margins

We’ve seen some business owners (not always intentionally) juice their gross margins by under-allocating labor as a cost of goods sold for managed services. Experienced buyers will see right through this, and as we just discussed, establishing trust is critical to increasing the likelihood of a quick process and successful acquisition. If buyers sense you’re playing games with labor cost allocations, they’ll wonder where other warts might be hiding.

DO Emphasize Cloud and Security Capabilities and Certifications

Duh. If you’re reading this blog, we probably don’t have to explain this, but buyers will pay an extra turn (or two) on their valuation multiple for in-demand capabilities like cybersecurity and cloud management that enable penetration of growing markets.

DON’T Waste Time Providing Customized Information to Buyers

You have a business to run! You can send the same package to multiple buyers—they won’t be offended, and it doesn’t hurt to make sure that they know that they aren’t the only company you’re considering. Provide the basics needed to get to valuation and structuring conversation. Then, try to have that conversation before you start diverting more resources to the process. Initial calls and relationship building are great but spending too much time on a failed sale process can be distracting and even destructive for resource-constrained business that relies on human talent to succeed.

Five predictions for cybersecurity and IT services in the post-pandemic world

While the battle against COVID is not yet won, the arrival of spring and the increasing availability of vaccines for all who want them allow us to start looking ahead to the post-pandemic world for IT and cybersecurity services providers.Is remote work here to stay? Will the breakneck pace of cloud transformation continue to accelerate? What about the slew of ransomware attacks afflicting businesses small and large? What’s next for MSPs and MSSPs, and how will M&A dynamics in this industry evolve? Check out Worklyn’s Top Five Predictions for IT and Cybersecurity services in the post-pandemic world below for our thoughts:

(1) Cloud migration continues, as WFH and Zero Trust become the “new normal”: Even as the pandemic begins to wane and some businesses migrate their workforces back to the office (yes, real estate people, we know you’ve been back in the office since last summer), spending on secure cloud migration will continue to grow. Security product companies like ZScaler that offer a modern, zero-trust network access replacement for traditional VPN will continue to reap the benefits. Many companies will embrace more flexible, optional work-from-home policies to enhance productivity, while looking to shore up and secure newly-created cloud environments. As a result, customer demand for zero-trust network architectures will increase, and third party providers, whether they call themselves system integrators, MSPs, or MSSPs, will need to take a consultative approach to help customers move critical data and functionality to the cloud, embrace zero-trust policies, and implement an entire new universe of technologies that require consistent re-authentication and continuous authorization for employees and partners seeking to access critical data stores. A new class of MS(S)P will emerge that is dedicated to helping customers migrate to and manage zero-trust cloud IT architecture. 

(2) Ransomware rages on, with increased focus on data exfiltration: Unfortunately, criminals have embraced working from home too. Ransomware will get worse before it gets better. According to BitDefender, ransomware attacks increased by over 700% from 2019 to 2020. 2021 will be another record year for the number of ransomware attacks, and the average cost of ransomware will continue to increase (though it won’t double again as it did from 2018 to 2019) in 2021, making this year, again, the new high watermark for ransomware. Increasingly, ransomware gangs and hackers will seek to extort victims with the threat of publishing data, recognizing that in this era of online outrage and information overload, consumer-facing companies have a massive interest in protecting their brand and preventing data leakage. Even if a breached company has done all the right things to implement robust backup and data recovery systems, the threat of data exfiltration and publishing will push some to pay out ransoms.

(3)Marketplaces reshaping the channel for MSPs: Online marketplaces have revolutionized B2C commerce (see: Amazon, Shopify), and are beginning to take hold in B2B sales environments as the pace of business digitization and technology innovation accelerates. Online marketplaces thrive with lots of (fragmented) end-customers scattered around the market and these end-users are adept enough to procure and adopt solutions from home. Given its fragmentation – there are between 20,000 and 40,000 MSPs operating in the US alone – and the technology-forward nature of many MSP business owners, few markets are riper for transformation to marketplace-based procurement than MSP-land. The suppliers (e.g. technology vendors that sell tools to/through MSPs) will also be motivated to shift toward marketplace-based sales models, as developed marketplaces enable increased capital efficiency via reductions in longer-term sales and marketing spend. Both resellers and vendors are investing in marketplace buildouts -- not surprising given that investors clearly attach high valuations to so-called “platform” businesses. AppDirect recently raised $185M for a B2B technology service provider marketplace touted as Shopify for customers in need of recurring digital services, Microsoft has rolled out its Azure marketplace for qualified MSPs, and the leading MSP-focused cybersecurity vendors are also getting in on the act; in February, SentinelOne  opened its “Singularity XDR Marketplace,” an open application ecosystem that enables customer and partner security teams to integrate new and third party security tools (like Netskope, Recorded Future, and Splunk) into their Singularity XDR platform without coding or scripting. In 2021 and beyond, technology vendors focused on selling to/through the MSP channel will seize marketshare and expand margins by building out user-friendly marketplaces. And MSPs will be better off for it. But the largest opportunity is beyond the reaches of the “big four” (Connectwise, SolarWinds, Datto, and Kaseya) and any single MSP-focused vendor.  Unsurprisingly given the complexity of “the channel,” no leader has emerged in creating a true marketplace for MSPs, but we expect that eventually, a startup unaffiliated with any single technology vendor will rise to unicorn valuation status by building a marketplace connecting MSPs and with the latest technology tools.

(4) MSSPs migrate away from SIEM, race to MDR: As traditional network perimeters evaporate and both customers and providers embrace zero trust network architectures and enhanced identity management to prevent cyber attacks, managed security services providers (MSSPs) will continue to shift their offerings toward managed detection and response. And while customers in less technology-forward industries will continue to demand firewall management, traditional managed SIEM solutions, once the centerpiece of most fulsome MSSP offerings, are being disrupted. 

• Bulky, traditionally on-prem SIEM solutions are struggling to hoover up all of the new IT and security data sources being created via digital transformation in a timely and cost-effective manner. Further, many SIEM customers (and managed services partners) are fed up with data-based pricing mechanisms employed by leading vendors like Splunk that make analyzing the many new data sources necessary to achieve proper security monitoring prohibitively expensive. Elastic, long a fan favorite alternative to Splunk in the security operations community, is also causing heartburn for MSSPs of late. The critical “open-source” backbone for many MSSP-created SIEM solutions, recently changed its licensing to prevent AWS from offering a free version of their software, but this may also prevent MSSPs that had built customized managed SIEM solutions on previously-open-source Elastic tools ElasticSearch and Kibana from continuing to offer managed SIEM to end customers. Luckily for MSSPs offering managed SIEM, there is no shortage of analytics vendors primed to disrupt the space.  Microsoft rolled out its cloud-native Azure Sentinel SIEM offering in 2019, and already a crop of MSSPs offering managed Azure Sentinel has emerged. Google Chronicle and AWS Security Hub are not far behind with their own offerings, while hot new analytics companies like DataDog are also poised to enter the traditional SIEM market, further disrupting the MSSP vendor supplier landscape. 

• On the demand side, customers, recognizing the expense of standing up their own SOC and the importance of proactive threat hunting, will continue to shift toward managed detection and response (MDR) solutions that enable them to outsource the entire process of data aggregation, analysis, and threat hunting to focused third-party providers. Winners in the MDR space will differentiate by either focusing on technology integrations (a la Expel) to serve more sophisticated end-customers or by mostly owning their technology stack, while being simple, easy to implement, and customer-service oriented (a la eSentire) to serve MSP partners. Customers struggling with the cost and complexity of managing their own SIEM would do well to consider outsourcing the entire threat detection and response process to a focused MDR provider that can manage their SIEM or replace that functionality.

(5) Transaction valuations diverging for MSPs, MSSPs: Ultimately, we’re in the business of acquisitions, so it wouldn’t be right if we didn’t try to call our own shot here. So what will valuations look like for MSPs and MSSPs over the next 12-18 months? 

• To know where we’re going, we must know where we’ve been, and as we pointed out in our last blog, the pandemic didn’t put much of a dent in MSP transaction valuations, though there was certainly a lull in dealmaking during Q2 of 2020. We believe 2021 will see more MSP deals than ever, with many business owners rushing to sell before President Biden increases the capital gains tax. But based on the deal processes that we’ve been involved in since 2021, and seller-friendly market dynamics, we believe valuations for MSPs will continue to trend upward: the norm in 2021 will be 5-6x EBITDA multiples for MSPs with $250-$500K in EBITDA and 8-10x EBITDA multiples for MSPs with $4-$5M in EBITDA. Ultimately, it comes down to demand outstripping supply. First of all, there are more private equity suitors than ever, seeking to acquire majority recurring revenue MSP “platforms” with more than $2M of EBITDA. The paucity of truly scaled (more than $5M of EBITDA) MSPs is causing some sponsors to move down market to hunt for smaller game. Secondly, it’s really damn hard for an MSP to scale sales and marketing organically! Like it or not, many traditional MSPs still adhere to a very regional sales model, and PE-backed IT services shops are finding that the easiest way to acquire new customers is to acquire new businesses! This is leading to increased buyer competition even for acquisitions of smaller ($200-$500K EBITDA) MSPs. 

• For the past five years, MSSPs have been an even hotter commodity than MSPs, and the demand for outsourced security services is only increasing (for many of the reasons stated above). However, we have reason to believe that valuations for MDRs and MSSPs are coming down from their peak. Pre-pandemic, the general consensus was that traditional MSSPs with north of $10M in revenue could expect to command 3-5x revenue valuations. But email security vendor Proofpoint’s thrifty ~$63M acquisition of Intelisecure, a leading provider of in-demand managed DLP solutions, for less than 3x revenue is a harbinger of changing M&A dynamics. Traditional MSSPs are getting squeezed from both sides, as increasingly security-focused MSPs compete for traditional managed firewall, SIEM, and endpoint work, and MDR/XDR providers lure away larger, more sophisticated customers that require more advanced solutions focused on threat detection and response. With few exceptions, private equity sponsors were never really willing to splurge on MSSPs as standalone platforms, and with few remaining strategics willing to pay up for managed network security capabilities, more traditional MSSPs looking to sell will have to accept valuations more in the range of 1.5-2.5x recurring revenue.