Secureworks, a Managed Cybersecurity Pioneer, Sells to Sophos

RIP to the OG MSSP

Earlier this month, Secureworks, the largest remaining (semi-)independent Managed Cybersecurity Services Provider (MSSP), quietly announced that it was being acquired by Sophos, a traditionally SMB-focused British cybersecurity vendor. Thoma Bravo-backed Sophos is paying approximately $859 million (about 2.5x trailing twelve months' revenue) to acquire this former giant of managed cybersecurity services.

Founded in Atlanta—the birthplace of the first great MSSP, Internet Security Systems—in 1999, Secureworks established itself as an early pioneer in the MSSP space. The company grew to over $200 million in revenue independently before selling to Dell in 2011 for $612 million, or just over 3x revenue. In 2016, Secureworks completed an IPO, though Dell has continued to hold a majority of the company’s shares and nearly all of its voting stock until now. As recently as 2021, Secureworks traded at a share price three times higher than the current $8.50 shareholders are set to receive, assuming the transaction closes. However, given the company’s more recent performance, Michael Dell and other shareholders are likely happy to sell the business for more than they initially paid over a decade ago.

Dell reportedly began considering a sale of Secureworks as early as 2019. While the initial attempt fell through, deal talks reignited earlier this year when the Board hired investment bankers to market the company to potential strategic and private equity buyers. These bankers earned their fees, as the financial picture for Secureworks had become challenging. After approximately five years of revenue growth and profitability as a public company, Secureworks faced setbacks in 2022 amidst a broader tech selloff, posting a revenue decline and its first EBITDA loss as a public company. The decline continued over the last two years, with the company losing more than $200 million in annual revenue while struggling to break even, though EBITDA margins have improved over the past 12 months—likely due to a 2023 RIF that laid off about 15% of the workforce. This downturn is particularly concerning given that the managed security services market grew by over 17% from 2022 to 2023, according to Gartner, consistently outpacing the broader IT market with near 20% growth over the last five years.

So, what did Sophos see here? Despite the headlines, this acquisition likely wasn’t primarily about bolstering Sophos’ existing XDR (extended detection and response) capabilities. The flagship Secureworks platform, Taegis, has seen weak adoption since its pivot to a SaaS model, and Sophos has already developed a more agile XDR platform following its acquisition of Rook Security for a much smaller price tag. Nor was Sophos simply bargain hunting; if that were the case, the board and Thoma Bravo, a shrewd and prolific acquirer of cybersecurity vendors, would be hard-pressed to justify paying over 2x revenue for an aging, declining, and unprofitable incumbent.

While we anticipate some post-acquisition cost synergies (translation: more layoffs), we believe that, for Sophos, this move is a bold bet on moving up-market—from SMB to enterprise. Over the past decade, Sophos has become a dominant market leader in the SMB space, providing a comprehensive suite of cybersecurity solutions, from endpoint and email security to firewalls, network, and cloud security, tailored to smaller organizations with limited internal IT security resources. Secureworks, as an original provider of “co-managed” cybersecurity services with 1,500 mostly technical employees, still boasts a number of Fortune 500 logos and other large clients and focuses primarily on direct selling. In contrast, Sophos, with its SMB customer base, typically goes to market through partnerships with MSPs (managed IT service providers) and other IT service providers, such as those we own at Worklyn. With this acquisition, Sophos is effectively gaining access to larger customers—betting on its ability to move up-market and serve larger organizations.

Though Sophos is owned by an American private equity firm, it’s headquartered in the UK, meaning this deal will be subject to both CFIUS and antitrust review. However, given the favorable status of the UK, the company’s American shareholders, and the fragmented nature of the cybersecurity industry, we expect the acquisition to officially close in early 2025.

Even before the deal is finalized, both teams will undoubtedly be working hard on what promises to be a challenging integration. As described, there is some asymmetry in both technology and business models—Secureworks supports a variety of complex legacy and hybrid technology environments with a mix of cloud and on-premises appliances, while Sophos delivers a simpler, more modular suite of solutions at a more SMB-friendly price point. We look forward to seeing whether Sophos can continue to appeal to budget-conscious SMBs and margin-focused MSPs while enhancing its XDR capabilities and striving to serve larger customers with more complex cybersecurity needs. Either way, we salute the ambition!