The Cybersecurity Global M&A Report Q1 2019

By Ramone Param, Director, Equiteq

We have released a summary of our detailed review of cybersecurity M&A and investment trends for owners of technology and consulting businesses.

  • Strong demand for deal flow from cash-rich strategic buyers and private equity investors;
  • Capital raised for investments was well above long-term averages;
  • The Equiteq Cybersecurity Share Price Index rose c.44% over a two-year period, while the NASDAQ rose by 26%; and
  • Notable M&A deals included Blackberry’s completed $1.4bn purchase of Cylance, as well as CACI’s acquisition of LGS Innovations and Mastodon Design for $750m and $225m respectively.

The global cybersecurity market is expected to grow rapidly over the coming years. Accelerating digital transformation of businesses across industries has opened new vulnerabilities with the continued shift to new cloud-based systems, as well as the rising adoption of mobile devices, social media platforms and advanced data analytics tools. Some new technologies such as artificial intelligence, machine learning and behavioral analytics are also being considered to protect against, identify and block cyber-attacks. However, the overall risk of cyber-threats is expected to rise with the proliferation of data.

Continue reading

February 2019: Knowledge Economy M&A and Equity Market Update

By Ramone Param, Director, Equiteq

  • Industry deals profiled include Orange’s acquisition of SecureData, Point B’s acquisition of Independence Consulting and Blackstone’s investment in Lionpoint Group.
  • The Equiteq Knowledge Economy Share Price Index experienced rises over the month.

Orange broadens its cyber security capabilities in the UK with its acquisition of SecureData

Target: SecureData is the largest independent cyber security provider in the UK with additional operations in South Africa.

Buyer: Orange is a France-headquartered provider of a range of telecommunications, data transmission and related services.

Deal insight:
Demand for cybersecurity solutions is growing as technology plays a greater role in critical business functions across industries. According to data from, Europe’s cybersecurity market is anticipated to grow at a CAGR of 11.3% and will be worth $47.2bn by 2023.

Orange acquires strong capabilities in this growing industry, particularly within cyber-criminality, security research and penetration testing. The acquisition extends Orange Cyberdefense’s existing operations in France and Belgium into the UK and South Africa. The acquisition follows Orange Business Services’ purchase of data and digital services specialist Business & Decision. These deals form part of the buyer’s strategy to become a global player in digital transformation and a leader across data services.

Continue reading

January 2018: Consulting M&A and Equity Market Update

By Ramone Param, Associate Director, Equiteq

  • Major deals included Starr Investment Holdings’ acquisition of ACA Compliance, EY’s acquisition of Citizen, KPMG’s acquisition of Cyberinc, Oliver Wyman’s acquisition of Draw and the newly formed Kantar Consulting’s acquisition of Mash Strategy.
  • Equiteq advised New York-based leading market access consultancy Insight Strategy Advisors (ISA) on its sale to Precision Value & Health.
  • The Equiteq Consulting Share Price Index achieved strong gains of 6% over the month, with robust rises in all segmental indices apart from Media.

Starr Investment Holdings’ acquires ACA Compliance from New Mountain Capital

Target: ACA Compliance Group is a leading provider of risk management and technology solutions to the financial services industry in the U.S. and Europe.

Seller: New Mountain Capital is a U.S.-based private equity investor, with a focus on building and growth, pursuing long-term capital appreciation.

Buyer: Starr Investment Holdings is a New York-based investment adviser that invests in privately-held technology-enabled services businesses with a particular focus on industries such as financial services and healthcare services.

Deal Insight:
ACA Compliance was acquired by a consortium of investment firms including New Mountain Capital through an LBO in December 2013 for an undisclosed sum. Since the investment, ACA has rapidly grown its team. It has benefited from the rise in demand for risk and corporate governance services from financial services clients disrupted by new regulatory and compliance requirements since the last financial crisis.  Over the last few years, ACA invested in new technologies and expects to develop these further with its new backing from Starr. The new capital is also expected to enable ACA to expand into new service lines and industry verticals across the globe.

Continue reading

July 2017: Consulting M&A Update

By Ramone Param, Associate Director, Equiteq

DXC Technology acquires Microsoft Dynamics 365 specialist Tribridge

DXC Technology made its first acquisition after forming in April following the merger of CSC and the Enterprise Services unit of Hewlett Packard Enterprise. The technology giant acquired 740-person Microsoft Dynamics 365 consulting firm Tribridge and its managed cloud business Concerto Cloud Services.  The deal is expected to enhance the buyer’s consulting offerings focused on clients in health care, government, consumer packaged goods, and professional services.

Tribridge is one of the largest independent integrators of Microsoft Dynamics 365 and is a six-time winner of Dynamics 365 Worldwide and U.S. Partner of the Year. Tribridge will become part of DXC Eclipse, an IT application consulting business acquired by the business in October 2015 for c.$300m.

Continue reading

Consulting firm M&A market intelligence on cyber security

Cyber security cropped

Cyber security never seems to be far from the news these days. Whether it’s the attacks on Sony or President Obama’s rally for increased cyber security legislation (just before accounts belonging to the US Central Command were targeted), the ubiquity with which we hear about this topic demonstrates how important it is to our lives.

As consumers, we’re becoming increasingly reliant on technologies such as smartphones and social media. Organizations are also becoming more dependent on their data for operational and strategic management. With datacentres split across continents and storage of data increasing in the cloud, personal and company information is also becoming increasingly exposed to cyber threats.

In response to these dangers, businesses of all sizes need help improving and strengthening IT security systems, and cyber security consulting services are increasingly in demand.

Innovation in this space is critical, as threats often evolve more rapidly in the cyber sector than the pace of solutions. This can in turn drive acquisition activity in cyber, as larger firms look to acquire skills and intellectual property (IP) rather than refreshing or building these in-house, which can often take longer.

In line with this, in 2013-2014 we have seen deal volumes of firms being acquired in cyber security consulting growing at over 20% per year, well ahead of the global IT consulting sector which saw growth of just under 10%.

Specific drivers of this M&A demand include the following:

  • Innovation driven by small-scale firms offering niche cyber security services and products. As they gain market share they become attractive targets to larger cumbersome corporates
  • As businesses become ever more connected, often through less secure devices such as mobile phones, the amount of damage cyber threats can cause increases. Threats include potential loss of IP, reputation and customers
  • Regulations and standards relating to individual privacy and data privacy are increasing as the public becomes more aware of data scandals
  • Global adoption of poorly secured cloud-based IT services has made cyber attacks more attractive. As companies move critical business data from more secure in-house databases to cloud-based networks, businesses must try and defend themselves against attacks

We’ve analyzed transaction data from 2006 to understand who have been the key buyers of cyber security consultancies, as this trend has evolved:

  • IT and research consulting firms have been prolific buyers over this period, with IBM, All Covered Inc. and CGI Group among the top
  • Technology firms, including IT software, hardware, data processing, internet service firms and IT distributors have also been consolidating this market. Frequent buyers of cyber consultancies in this group include CA Technologies and Dell.
  • Private equity firms are typically frequent buyers in growing market sectors such as cyber. Within cyber consultancies, we have seen Providence Equity Partners, Apax Partners and Thomas H. Lee Partners making several acquisitions in this space.
  • Beyond these key buyer groups, we also have seen telecom firms making cyber consulting acquisitions as Voice over Internet Protocol (VoIP) has driven the industry towards digital technology. Industrial and manufacturing firms have also been acquiring cyber consultancies, as front-end sales and back-end supply chain processes are becoming increasingly dependent on data and online systems.

Geographically, acquisition activity in the cyber security consulting market has been gaining significant momentum since 2011 in both the US and UK. The UK cyber security consulting sector is currently growing faster than in the US, but the US sector is larger and more mature. Within cyber, Identity and Access Management (IAM), data loss prevention and recovery, device management, and encryption are key areas of focus.

The importance of cyber security skills and IP to tech-related and non-tech sectors is likely to continue going forward, and we expect this acquisition trend, particularly for consultancies with cyber skills, to continue in 2015.

Are you a member of Equiteq Edge? It’s full of content like this. Register free here to gain full access.

Survivability of IT consulting firms

Survivability of IT firms cropped

There are huge opportunities for IT consulting firms, which is reflective of the dynamic nature of the IT industry and the current heat in the market. However, the opportunities are not without risks associated with advising in a fast-paced market. Consulting in a hot sector like IT means that competition is stiff and firms need to keep up to date with and adapt to changing technology trends. The rewards are great indeed for those that can navigate their firm to remain successful as the industry changes. How do firms ride the wave to ensure they stay relevant and grow real value? The answer is not the same for all, but an understanding of how these changes impact the ‘saleability’ of a firm is important.

The rapid changes transforming the sector are giving rise to three particular areas of interest to buyers.

1. Cloud

What’s happening?

Cloud offers a new and attractive delivery model for IT. Companies that adopt cloud-based software or platform delivery minimize the upfront infrastructure and ongoing IT staff costs, and can also improve the scalability issues typically associated with IT. Buying IT as a service can be cost and cash flow efficient, and it offers the flexibility to scale up or down according to requirements.

What does this mean for consulting firms?

Cloud creates a new context for IT delivery, and this brings with it new challenges to common IT issues of integration, data management and scalability. It will be critical for IT consultants to keep updated on new architecture models and best practice changes as technologies mature. As cloud based software, infrastructure and platform vendors take stage in the market, IT consultants will need to either place bets on winning technologies or keep up to date with a wide variety of vendors to be able to advise on the pros and cons of each. Whilst IT has always been a dynamic industry, the industry changing nature of cloud as an IT delivery model requires IT consultants to step up the pace of their research, and to develop or strengthen their strategic partnerships, in order to remain relevant in this space.

2. Cyber security

What’s happening?

IT security has been an issue since the birth of the IT industry. However, the implication of computing, data and channels of business moving online results in new and heightened threats to business operations and data security. Cyber or online security attacks that disrupt operations or result in a loss of data can have huge repercussions on a business, as this can immediately affect a company’s brand and the perception of its customers. As such, cyber security has become a significant issue that all companies now need to manage in line with their online presence.

What does this mean for consulting firms?

Cyber security is a highly specialized topic that requires deep domain knowledge. It’s also fast moving as new threats constantly evolve. Consultants must be confident that they have the skills, knowledge and intelligence to be effective in this challenging environment. In some cases, traditional IT security approaches are still relevant, but new cyber security models will also need to be applied to effectively address the different nature of threats. Keeping updated with new security standards and the latest research will be an important new driver for IT consultancies to remain updated.

3. Data analytics

What’s happening?

As companies become increasingly more dependent on IT, so too does the volumes of data they amass through their use of IT systems. The intuition is that having a lot of data should be useful, however extracting insights from the analysis of this data requires highly specialized expertise. Data is like a new goldmine. Mining it effectively is the new challenge. Consulting firms that can help organizations put the data they have to use are therefore in very high demand.

What does this mean for consulting firms?

Analytics is an area where everyone knows it is useful, but very few know how to do it properly. Consulting firms must be able to find new ways to collect, store, and structure, analyse and report on data stored to get the most out of it. However, not all IT consultancies that have expertise in traditional IT areas of data management and business intelligence are able to address all of the complexity that data analytics typically involves and the predictive insights that can come from it. So IT consultancies need to keep pace, but they must build the skill before they can sell it. Research and thought leadership papers can be a great way to start. Building partnerships with key vendors that specialize in analytics can also be helpful in landing those first few projects.

Even if keeping up with IT industry changes, the fundamentals of selling an IT consulting firm remain unchanged.

As the IT market matures so too does the requirement for consulting firms to have deep domain knowledge and specialized skillsets. Evolving IT areas like those above still require deep expertise in order to stand out from the crowd to be attractive to buyers.

Demonstrating you have securely imbedded your intellectual property (IP) internally, is essential. If your firm’s knowledge, experience, tools and techniques exist solely in the minds of individuals within your firm, those assets may walk out the door!

Finally, consultant loyalty remains key. IT consulting skills change at a rapid pace in line with the industry. If your IT consultant’s skills and knowledge is in demand, so too is your firm’s services, but retaining talent is also a key challenge. Taking measures to ensure you attract, develop and motivate the best quality staff is a necessary investment in time and resource. Consider linking some compensation to profit growth and ensure any knowledge gained through contract professionals is retained with your staff. If you’re entering into an M&A process, we recommend you read our recent blog on effective communication in an M&A deal in order to keep your people onside and engaged.

The IT sector is an exciting sector to work in. No doubt the landscape will look very different again in 5 years time, but the principles of building a consulting firm of value are likely to still be true. Read our 8 Levers of Equity Value to find out more.