XChange MSP 2024 part two: Dos and don’ts of M&A and cybersecurity event communication
Read our recap of the second half of CRN’s XChange MSP 2024
The second half of CRN’s XChange MSP 2024 conference looked into M&A.
Speakers Aylesh Patel, partner, head of south at LDC, and Martin Flick, CEO of Onecom, brought perspectives from either side of the fence - the acquirer and the acquiree.
The channel partner landscape has been sprawling with M&A activity this year.
Just this week LDC-backed Kerv snapped up Microsoft Dynamics 365 consultancy Inciper.
H1 2024 alone saw more than 20 deals involving CRN Top VARs like Bell Integration, SCC, FluidOne, Core Technology Systems, Wavenet, and Advania, most involving private equity in some capacity.
On whether private equity is good for channel partners, Flick gave a nuanced answer. A business considering PE must be sure it is at the right point in its journey.
“That relies on you thinking about your long-term plan. What do you want to do with your business? Is it going to be under management lifestyle forever or are you going to pass it onto family members to run? Are you going to want to exit at some point or have you got an opportunity to expand and develop?” he asked.
“I think bringing in a PE firm at the right moment for the right reasons is the ideal way to fuel and accelerate a growth plan.
“Sharing some of the risk with an investor, sharing the reward with the investor, working in close partnership to the full potential of the company you otherwise might not be able to do.”
Giving the entrepreneur’s view of being owned by private equity, Patel weighed in.
“The sector as a whole is exciting.
“There are underlying growth dynamics in the market. You're all part of businesses that are on the right trajectory and there’s a lot of investment need and want.
“Private equity is consistently looking for businesses in this space, and one of the key reasons is that growth, and the ability to really supercharge businesses going forward.
“With the right partner and investor, I think founders, owners, management teams of businesses can really supercharge that growth going forward.
“And some of the things that you might feel like you bootstrapped or you’re not able to go out and achieve can be helped a lot with having the right investment partner.”
Weighing up what the core values are in an M&A deal, both Patel and Flick offered various views on what can cause misalignment between the acquirer and acquiree.
Patel stated both businesses need to understand each other’s end goals.
“Certainly, from a private equity perspective the main reason things may not be as you'd expect them to be, is alignment.
“That's not only from private equity investing in private business, but if you’re owners of businesses, and you're looking to acquire another business, having a real clear, objective mindset and alignment of what those businesses are trying to achieve is fundamentally important.”
He told the audience that if you understand the growth goals and business strategy, then a deal will likely go in the right direction.
Flick, on the other hand, dissected the topic into two sections - core values around the PE organisation and the objective, and core values around negotiating the transaction successfully with the PE organisation.
One of the biggest mistakes Flick has seen when negotiating PE deals is taking an “adversarial approach” to negotiating the price for an organisation.
“Up until the point when the paperwork is signed and the money has changed hands, then they shift to a partnership approach,” he said.
“That’s where misalignment comes in.
“I think the partnership actually begins at the point you see the party you would want to become wedded to for want of a better phrase.
“I would always urge that if you want a successful outcome, once you’re done talking to the PE firms that might be interested in you, and vice versa, it's at that moment that you start the partnership approach on the way through the negotiation of the contract, all the way through to the pricing, and then on the way through the execution of the deal into life after completion.”
He added that in the early stages of a partnership all parties want the same thing, to invest in a business at a fair price, and for the to-be-bought company to bring in money.
“On the way through that deal, you'll overcome bumps in the road through negotiation to deal with the ‘what ifs’. What if this goes wrong? What if that goes well to the extent that you have got that alignment on the way through and out the other side.”
Retaining culture
Culture is key in many aspects of business, especially in an M&A deal and even more so when private equity is involved.
Flick recalled a time when he had to bring together teams from opposing companies, arguing how integral it is to have a strong culture from the get-go.
“I was being acquired and as a result of the acquisition I became the CEO of the enlarged group.
“I inherited the team provided to the business, and I brought forward a team that was in my business. Bringing those two teams together was like merging warring factions from different sides of the mountain.
“It was a bit different in that scenario, but more broadly I think, firstly, to maintain cultural alignment at no cost to the workforce when you make an acquisition, you have to have a good, strong culture in the first place as the acquiree.
“If you have those strong, embedded cultural alignment values in your DNA, when you bring a new group of people into acquisition it becomes contagious.
“That's how you spread it and make sure that you maintain that cultural alignment on the way through an M&A deal.”
Patel agreed that what makes a business attractive enough to be acquired in the first place is the strength of its team who are driving the company forward.
“Therefore, not breaking what has been the success of a business historically, is fundamentally important.
“One of my biggest learning experiences at LDC is thinking that the acquisition is successful on completion.
“Doing the deal is the easiest part, and negotiating the deal and getting all that sorted is step one. Making it a successful acquisition is a much harder piece, and not breaking what has made your acquiring business successful is really, really important.”
Metrics of success
From an investor standpoint, Patel said it is all about return on investment.
But recruitment also plays a crucial role.
“A KPI on staff retention, staff productivity and staff happiness is really important. Where that tends to lead is, does your employee base have the right tools? Do they see the right career progression? And acquisitions can often be a part of doing that.”
Going back to the reasons why someone might go on an acquisition journey, Flick stated the industry is currently seeing a transitional shift.
“You’ve got the telcos who are worried the IT industry is going to eat its lunch and vice versa.
“We've seen a convergence of worlds and that's leading to more and more appetite for acquisition.
“A lot of our partners are wanting to acquire MSPs and IT service providers.
“If I look through the lens of an investor, they’re going to want to see organic growth, development of ARR.
“From the business itself, the way that you manifest that into a real outcome is to think about, if I'm putting two businesses together, what do the customer bases look like? Where are the opportunities to cross and upsell? Entangle those customers with multiple products and services.
“And there are things you can really measure, because you can look at the two customer sets at the start, set objectives to the team over time as to how much penetration of cross sell and upsell you want to see.
“And that's a very tangible measurement you can track.”
Transparent communication during a cybersecurity event
Managed cybersecurity providers are essential in safeguarding client data and ensuring seamless operations.
Cybersecurity events, such as the infamous Microsoft tech outages that led to widespread disruptions worldwide in an incident stemming from a defective software update from CrowdStrike, demand not only technical expertise but also impeccable communication skills.
Colin Williams, business CTO networking & security at Computacenter explained to the audience what is crucial to hear from a vendor during such times.
“Over communication from the vendor becomes key. The vendors taking ownership of their own problem becomes key. The vendor being very responsive and as prompt as they possibly can, becomes key,” Williams said.
“From our point of view, I have a number of customers asking for answers to questions I don’t know the answers to. So, I've got to be able to trust the vendor and be able to hold them to account for their response.”
Speaking on behalf of vendors, Kyle Torres, MSP senior channel account executive at Sophos gave an idea of his organisation’s communication procedure.
“Because we have the MDR piece and the IR piece, the big part of evolving our communications and getting the relevant information out there is when we were able to delineate what's the threat response that we can do on our own and what's incident response.
“What incident response comes in when there's a confirmed breach and remediation is required. But we can offset the need for incident response, we can offer a 24/7, threat response.
“If we can take those actions from a response perspective, prevent them from getting into IR territory. And that's how it evolved.”
Follow-up communication
Williams outlined to XChange attendees his ideal wash-up scenario and what he wants from the vendor involved in the wake of a cybersecurity event.
“Honesty, openness, authenticity, what really happened, even if it means the vendor is going to have egg on its face.
“What have you learned from it? What do we and the customer need to do to make sure that if something happens again, we can minimise the radius of impact?”
He continued to stress the importance of overcommunication.
“I’d rather over communicate to a customer and apologise for emailing them twice.
“So make sure that everything that can be done to learn lessons from the incident are learned by both us, the customer and the vendor.
“One thing I do is try to maintain a really senior relationship with the vendor almost as the wash-up after the attack. I'm going to speak to the most senior person I can find to say, ‘now, what happened? Because I need to be confident and trust that you are the right vendor to continue working with moving forward.’
“That becomes really important to me, because people ask me afterwards, ‘should I leave this vendor now, yes or no?’
“If I can't get confidence from that vendor, let's say my answer could go the wrong way.”
Torres agreed that vendors cannot overcommunicate enough when a cyber event has happened, and urged channel partners to build an incident response plan should this inevitably come about.
“Sophos does a free one. You don't have to be a Sophos partner. You can go and look it mentions, you know, identify your key stakeholders, do those tabletop exercises.
“We make sure that our incident response plan aligns with the business's goals for incident response.”
Jo Salter: embrace discomfort to grow
The day concluded with a talk by Jo Salter, the UK’s first female fighter jet pilot, which brought the audience out of their seats.
Salter started by recalling how difficult it was to transition to civilian life after her flying career, noting: "I struggled to get a job because people said we’ve got no commercial experience."
Eventually, she found a path into tech, landing at Cambridge MSP NetConnect.
Salter painted vivid scenes of her time as a pilot, describing the thrill of low-flying jets: "Imagine you’re in control of 25 tons of screaming metal... flying at 600 miles an hour."
She recounted flying through the Mac loop in Wales, where pilots would fly so low that they could "look up and wave at the walkers as you're going by."
Her journey was marked by resilience against societal norms.
At 13, Salter was guided by her mother to study sciences, leading her toward engineering.
Despite facing stereotypes, she pushed boundaries, noting: "How can you imagine being something that you can't be, or that you don’t see other people doing?"
Her entry into the Royal Air Force came at a time when it was still illegal for women to fly combat jets, but she persisted.
Salter shared challenges and anecdotes, such as being told she couldn't participate in certain training because they "didn’t know what would happen" to a female body.
She emphasised the importance of mentors and allies, particularly male colleagues who stood up for her, asserting, "I would never have succeeded... if I didn’t have these men who stood up and made it happen for me."
Throughout, her message was clear: embrace discomfort to grow.
"Feel the fear and do it anyway," Salter concluded, encouraging everyone to push beyond their limits and seize opportunities.