Business Excellence (Part 2): Selling a cyber security business

Edward Farrell

The following “business excellence” series of articles are focused on the day to day operations and non-technical considerations of modern day cyber security practices. I wanted to share my own insights and observations of the cyber security industry away from a facade that is often presented to us in marketing, or from the coalface of day to day activities.

I thought it would be prudent to put together the logic of selling a cyber security business given that for many individuals the “cash out” is a goal, or to people looking on, is a quick solution to money and problems. To be brutally honest, building out a business is a tough slog that I’m sure any business owner will attest to, as will the percentage of folks whose businesses do not succeed after 5 years. Selling out is difficult, however it can also be necessary to move an organisation to the next evolution, but this needs to be carefully considered and well understood.

I thought it would be worth looking at a firm that had sold out several years ago. The organisation (who we’ll refer to as ACME Hackers) at the time of sale had made 1,370,000 revenue in 2013 with a ~21% profit margin (or roughly $285,000). ACME Hackers had sold to an ASX listed firm for $285,000 cash and 2,140,000 shares at a price of $1.20 each on the ASX listed firm which would vest (AKA be sellable) in 3 years time, leading to 2.6 million dollars in shares plus $285,000 cash (a rough split of 1:9 equalling 2.85 million dollars) which looks awesome on paper.

Fast forward to 2017, the firm in question had made a profit of 3 million from 12.5 million revenue based on the consolidated companies, however the shares had dropped to 35 cents by the time the shares could be cashed out (even falling as low as 5 cents). This translated to roughly $1 million total value in the sale from the company over 3 years. Had ACME Hackers remained steady and not grown, the owners would have generated around $850,000 profit and still retained. However, had even a 10% growth path been maintained and operational costs reduced, which would not be difficult, the owners would have generated $1.1 million dollars in profit, and without a loss of ownership, the infighting that comes with conglomeration as well as the loss of a sense of purpose, three of the reasons why someone becomes a small business owner.

This article isn’t to discourage sale of a business altogether. There will come a time when a small business owner is ready to retire, say after 20 years of driving a successful business, at which point a sale is logical (as occurred with some of the firms acquired by CyberCX). Alternatively, a sale can also ensure the awesomeness generated and spread with an idea, which was the case with Alerons acquisition by EY and the tooling that came with their organisation. This ensures that software or tools created can be spread, or that a company can sustain itself beyond its founders.

We’re here to help

Let Mercury safeguard your business while you focus on growing it.

Reach out to us for a tailored cyber security consultation that aligns with your unique business needs.