The recent well-publicized cyberattacks on the Colonial Pipeline and JBS Meat Processing facilities have highlighted the continued need for industrial operations to maintain the integrity of their systems.  Board directors are focused on this area, as companies seek to ensure that their operations are not interrupted by cybercriminals. As the world’s industrial facilities continue to transition into the Internet of Things (IoT), cybersecurity services will become even more crucial to maintaining performance.

Consulting firms and professional services firms across the board—including investment banking firms—are recognizing that these services are important to provide to their industrial clients.  For example, FOCUS Investment Banking recently served as financial advisor to the owners of Applied Engineering Solutions, Inc., (“aeSolutions”) on the sale of their cybersecurity operation to Deloitte.  Our client, aeSolutions, is a process control and safety consulting, engineering, and integration services company. Its cybersecurity division focuses on manufacturing and chemical processing plants and other industrial operations.  Its specialized knowledge and expertise are critical to plant and facilities managers.

Consulting in industrial operations requires specialized expertise.  The technical knowhow about process control systems is not something readily available in most general consultancies.  In the early years of cybersecurity threats, hackers frequently attacked financial institutions or retailers in order to gain access to customer information, such as credit card data and Social Security numbers.   These latest incidents are quite different, as they involve hackers locking up processing facilities and demanding a ransom before the operation is allowed to resume.  Therefore, consultancies that wish to provide meaningful advice often need to acquire a cybersecurity business, along with systems engineering and process control knowledge, in order to gain access to employees with the needed credentials and experience.  As the chart below illustrates, there are a number of potential buyer groups for firms that have this expertise.

An important aspect of any M&A transaction in consulting and professional services is the buyer’s need to retain key individuals from the seller.  In many professional services transactions, the sellers are also the most senior employees, so traditional techniques such as seller notes and earn-out provisions can help provide financial incentives to ensure that the senior talent remains post-transaction.  In addition, senior management will typically encourage mid-level and junior professionals to stay on as part of the new company.

In the aeSolutions cybersecurity transaction, the sale proceeds went to the parent company, so financial incentives tied to the purchase price weren’t available to the staff.  The employees were not under contract and were free to seek employment elsewhere.  In cases like this, promotions, and higher titles, as well as retention bonuses, pay increases, and other compensation-related programs, are key to retaining employees.  The FOCUS team worked closely with the sellers, the buyers, and the management team to successfully transition all the staff to Deloitte.

This transaction reinforces the fact that cybersecurity services firms continue to be sought-after acquisition targets.  The aeSolutions purchase represents Deloitte’s fifth acquisition already this year focused on cybersecurity.  Deloitte clearly recognizes the importance of acquiring top talent to gain critical mass in this specialty.

FOCUS has identified more than 150 transactions of cybersecurity services firms in the past 12 months.  Transactions continue apace for high quality operations with the right experts on staff.

To learn more on this topic or discuss the sale of your cybersecurity consulting or other professional services firm, contact [email protected] or (214) 662-4855.

Share This Story, Choose Your Platform