Hot Market Profile – Public Sector Cybersecurity Services

Hot Market Profile – Public Sector Cybersecurity Services

In this article, we will profile a market sector within Tech M&A – Public Sector Cybersecurity Services – that is seeing a lot of activity recently due to the rise in ransomware, phishing attacks, data breaches, and the uncertain global political situation.  Our Strategic Growth Advisory clients are seeing unprecedented demand from customers, and we are seeing increased interest and very strong valuations.

Market Sector Outline

Public sector cybersecurity and compliance services include companies who provide information security and data privacy services to public sector customers, including government entities, public utilities, law enforcement, school districts, and other entities.  In our increasingly digital global economy, cybersecurity has become a critical battlefield where stakeholders are engaged in an ongoing arms race with bad actors including teenaged hackers, garden variety criminals, and state-sponsored cyber warfare operatives.

Public sector entities are particularly vulnerable due the nature of services they provide and the data they maintain.  Such entities also have tight budgets which often make it difficult to hire, train, and retain top-tier cybersecurity experts.

The services these customers need include:

  • Consulting and thought leadership – customers need to plan for emerging trends not just last month’s headlines
  • Information security audits – spanning multiple service providers in complex cloud architectures
  • Infrastructure design, procurement, and installation – this is an ongoing process in which cybersecurity products and service components continually evolve
  • Network and security monitoring – 24x7x365 – because hackers seldom take holidays
  • Backup and disaster recovery services – the need has grown to include hot standby capabilities that can bypass ransomware and denial of service (DoS) attacks.
  • Cybersecurity training for IT staff and individual end users – information technology is only as secure as the weakest length. With phishing attacks, a careless end-user can compromise even the best architected cybersecurity strategy.  Training for end users is becoming critical.

This situation is an ideal opportunity for cybersecurity entrepreneurs.  They can provide top-tier talent, products, and services, leveraged across a large customer base at affordable, predictable prices to public sector customers.

For the entrepreneur, public sector customers are highly desirable.  They typically contract for annual periods, pay their bills on time, and have a compelling need for services.  However, the contracting process is lengthy and complex, which can make it difficult to get started in the industry.  There are also significant regulatory requirements in some aspects of this market and companies that fail to provide the services contracted can be exposed to significant liability.

There is a significant barrier to entry and startup cost in this industry, but it is a double-edged sword.  While it may be difficult to get started, once established and at scale, cybersecurity companies can reap significant rewards.

Why are Cybersecurity Services Hot within the Tech M&A Market?

Investors want to place bets in markets where there is strong demand, where reliable and growing revenue can be found, and where customers are “sticky.”  Cybersecurity M&A is on the rise.

A quick web search easily shows the impact of cybersecurity breaches.  For example, from May 6 through May 12, 2021, the Columbia Pipeline was subject to a data breach and ransomware attack that severely impacted distribution of gasoline and jet fuel throughout the eastern United States. A criminal hacking organization known as ‘DarkSide’ shutdown pipeline operation and demanded $4.4M to release their lock on the company’s systems.  The company was forced to pay the ransom.

Stories like this ensure that public sector executives and IT leaders are willing to spend money to ensure that their data and systems are as secure as possible.  The key things that strategic buyers and investors want are:

  • Recurring revenue – modern service providers have switched to a subscription model for these services. Subscription revenue smooths cash flow for service providers while reducing capital expenditures for customers.
  • Sticky customers – it is difficult, expensive, and time consuming to switch cybersecurity platforms, so customers generally stay with their providers, so long as services are competitive and offer industry standard protections.
  • Strong secular growth trend – compounded annual growth rate (CAGR) of 12% is anticipated for the worldwide cybersecurity market by 2028, according to Fortune Business Insights.
  • Robust intellectual property and/or up-to-date market-leading services – this is an arms race against hackers. Service providers must continue to invest to hire top talent, provide the best training, and develop products to defeat bad actors.
  • Prudently managed liability and risk profiles – Neither customers nor service providers want a data breach or a ransomware attack, but it can still happen, even if best practices are employed. Service providers need to contractually define the liability that they accept as part of the services they provide, employ best practices to minimize risk for themselves and their customers, and obtain appropriate insurance coverage for themselves and their customers in case the worst happens.

Our Perspective

The Austin Dale Group team has been involved in the technology industry for over 35 years.  We have been IT executives and service providers responsible for securing critical networks and sensitive data.  During our tenure in the industry, the needs for cybersecurity services have always increased and we see no reason for a change in that trend.  These are essential services and well-run companies can rely on strong revenue opportunities and generous valuations.  However, there are risks due to the nature of the business and it is imperative that knowledgeable cybersecurity professionals are engaged at or near the top of these companies.

For entrepreneurs in the industry, if you create strong service offerings, establish a growing customer base with recurring revenue, and manage your risks and contracts prudently, you will have the opportunity for a very lucrative exit.

Whether you are buying or selling, Tech M&A and the Cybersecurity sector offers strong opportunities for profit.  The Austin Dale Group would be happy to work with you to take best advantage of this marketplace.