Private equity, MSP, Content, Networking

Private Equity Reshapes MSSP (Managed Security Services Provider) Market

Credit: Getty Images

First, private equity reshaped the MSP software and IT service provider markets. Now, PE is reshaping the more specialized managed security services provider (MSSP) market. The key takeaway: MSPs that are exploring cybersecurity strategies need to move faster -- while also realizing today's partners may become tomorrow's foes through M&A deals and various funding arrangements.

Related: Complete MSSP & SOC Coverage. Only on MSSP Alert.
Related: Complete MSSP & SOC Coverage. Only on MSSP Alert.

The latest MSSP M&A deal unfolded today -- and it's a biggie. Private equity firm Sunstone Partners acquired and merged three MSSPs -- Sword & Shield, Terra Verde and TruShield. The resulting company, called Avertium, is surely a Top 100 MSSP.

MSSPs buyers and investors come from multiple backgrounds. Example deals tracked on MSSP Alert, ChannelE2E's sister site, include:

MSSPs and Private Equity: Why?

At least five factors are driving the M&A activity, ChannelE2E and MSSP Alert believe:

  1. Talent: The cyber skills shortage is driving MSSPs to find talent through M&A.
  2. Threats: The growing, shifting threat landscape is inspiring M&A deals to close technology and expertise gaps.
  3. Speed to Market: Acquiring companies can often be a faster path into a new or evolving technology market or business region.
  4. Scale: Smaller MSSPs are merging to counter the scale of larger rivals.
  5. Slowing Growth: The traditional MSP market will experience sub-10 percent compound annual growth rates (CAGR) in the years ahead. The MSSP market, in stark contrast, is growing at an 18 percent CAGR.

What It Means for MSPs, VARs and IT Consulting Firms

ChannelE2E and MSSP Alert have consistently offered the following advice to small business MSPs: You need to offer managed security services, but that doesn't mean you need to spend recklessly or compete head-on against big, established MSSPs.

Instead, think of the managed security services market as a pool. Most MSPs will remain in the shallow end -- taking care of patch management, remote monitoring, endpoint security, business continuity and other areas that mitigate risk for customers. Full-blown MSSPs, meanwhile, swim in the deep end of the pool -- offering far more advanced cybersecurity services, and potentially building out their own SOCs along the way. The challenge: The shallow-end MSPs will need to partner up with true MSSPs or SOC as a Service providers to stay ahead of the evolving cyber threat landscape.

It's a complicated, never-ending journey to be sure. Even established MSSP market leaders such as SecureWorks have been struggling with churn. Rumor has it Dell wants to sell SecureWorks, and private equity firms have been poking around the company in recent months.

As the old cliche goes, the only constant for MSSPs will be change -- with a large dose of M&A also mixed in. MSPs and MSSPs should prepare accordingly.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.