A cyberattack against Capital One, which was perpetrated by a single Seattle-based hacker in March, exposed the personal information of nearly 106 million of the bank’s customers and applicants. Capital One’s management didn’t become aware of the incident until it was reported to the company by an independent security researcher in July. Just ten days after the Capital One hack hit the airwaves, another cyberattack was announced in southern California. Computers belonging to the city of Los Angeles were breached in late July, providing the hacker with access to the personal information of 20,000 applicants for positions in the police department. As these examples show, no organization is safe from cyber criminals.
The ever-increasing threat posed by cyber criminals and a shortage of cybersecurity expertise has led to an increasing demand for managed security services (MSS). Simply put, MSS are network security services that have been outsourced to a service provider. Providers (MSSPs) typically offer round-the-clock monitoring and management of intrusion detection systems/firewalls, patch management, system upgrades, security assessments and/or audits, and emergency response services. Once treated as extraneous and handled in-house, network security services have morphed into a hot-button issue for businesses in recent years as cyber threats have increased in complexity, prevalence, and magnitude.
The MSS market is a large, growing, and evolving sector that has piqued the interest of both strategic acquirers and financial sponsors. According to a recent market research report published by Market Research Engine, the global MSS market is expected to grow at an average annual rate of 14.5% and exceed $58 billion by 2024. The industry-agnostic nature of cyberattacks, in conjunction with the growing, shifting threat landscape, is inspiring M&A activity, as private equity firms seek to invest in the fast-growing segment and strategic buyers look to close technology and expertise gaps, as well as benefit from the sector’s strong tailwinds.
Recent MSSP M&A transactions (as featured on PR Newswire) include the following:
- In June, EisnerAmper announced CSAM Marketing, Inc. (d/b/a Computer Systems and Methods) joined EisnerAmper, with CSAM’s leadership team and IT engineers becoming part of EisnerAmper’s Process, Risk & Technology Solutions group. A key reason EisnerAmper acquired CSAM was to bolster its offering of cybersecurity services.
- In May, Sunstone Partners announced acquisitions of Terra Verde Security LLC, TruShield Security Solutions, and Sword & Shield Enterprise Security to form one combined company, Avertium. Avertium is focused on supporting mid-to-large enterprises, making it one of the world’s largest managed security services providers for that market.
- Also in May, Corsica Technologies announced its acquisition of EDTS Cyber, a provider of security services, and its sister company EDTS, an IT services provider. Corisca valued EDTS Cyber’s expertise, as the transaction expanded Corsica’s service offering.
MHT Partners, a leading technology investment bank, expects M&A activity involving MSSPs to continue at a robust rate. Factors supporting transaction activity include:
- Fast-growing market – The fast-growing MSS market will continue to attract capital from both financial and strategic buyers, as strong growth will provide an opportunity to generate a significant return on investment.
- Increasing complexity and shortage of skills – As cyber threats continue to increase in complexity, prevalence, and magnitude, the skills required to combat them continues to expand. Many managed services providers (MSPs) will acquire MSSPs to fill gaps in their skill base.
- Speed to market – Managed security services are a critical offering for managed services providers. As such, many MSPs will look to acquire cybersecurity expertise rather than organically scale capabilities in order to increase speed to market to take advantage of the growing opportunity in the MSS market.