The Rise of the Vertically Focused MSP: The Rollup MSP (Part 2 of 2)

In our previous blog post, we highlighted the rise of vertically focused managed service providers (MSPs), and IT services providers. A specific and unique example of this trend is the emergence of the rollup-specific IT and cybersecurity advisor.

A rollup is a strategy where a financial sponsor (read: PE fund) acquires and consolidates a number of small competitive companies in a fragmented industry. Hot targets range from dentist offices, dermatology centers, and vet services, to carwashes and residential services companies, like HVAC providers. As private equity firms look for creative ways to deploy capital, rollups have become one of the most popular and lucrative private equity investment strategies over the past few years, leading to waves of consolidation across previously less-competitive, fragmented markets. Typically, the owners of these acquired companies haven’t given much thought to IT and cybersecurity, but with institutional capital coming in to drive organic and inorganic (M&A) growth, that mindset needs to change quickly. The problem is that while most PE firms recognize the importance of spending to modernize IT and harden cybersecurity, its partners and board members may not have deep technology expertise either. Thus, they need to find an IT advisor who can do more than just modernize IT systems for one organization. PE firms embarking on a rollup need IT and cybersecurity experts who can serve as thought partners, designing a roadmap for IT and cybersecurity and then making sure that each subsequent acquisition gets pulled onto that roadmap. Enter the rollup-specific MSP, a company with the technology stack, agility, and expertise to create a comprehensive plan to centralize IT and to ensure the entire platform umbrella achieves cybersecurity maturity.

The rollup focused MSPs take advantage of this unique opportunity to secure portfolio-wide engagements by offering integrated IT and cybersecurity capabilities that enhance the overall value of the rollup portfolio. To succeed, rollup-specific MSPs must have a culture of moving fast in order to keep up with their customer’s pace of acquisitions and integrations; they must have a presence in various regions; and they must be willing to take on non-recurring projects with unique requirements (as opposed to simple recurring managed services contracts). But those few MSPs willing to make the sacrifice can find themselves in a privileged position. It’s also key for MSPs working with rollups to implement cyber-risk management programs that strike a balance; they should be not too burdensome for the portfolio companies to maintain, but they need to provide PE firms with an understanding of relative cyber risk across their investments. Because 68% of PE-backed companies experience an uptick in cyber incidents during the month after a deal closes, with scammers hoping to cash out by intercepting wires, the best rollup MSPs build a comprehensive plan with their customers that starts before the first deal closes and continues on through eventually exit – typically a 3-5 year sprint. The financial and reputational damage from a cyberattack can severely impact a rollup’s valuation and operational stability, not to mention the pain and profitability impact that comes from paying a ransom. A middle market PE firm rollup-focused MSP that can alleviate these concerns while leading IT and critical technology integrations for each subsequent add-on acquisition is worth its weight in gold.

If you’re an MSP worried about Private Equity rolling up your customer base, please reach out to the Worklyn investment team – better to be a roller than get rolled. And if you’d like to learn about how Worklyn’s IT services and cybersecurity platforms support a variety of rollups, from dental to home services, our team is always happy to walk through our comprehensive offerings. As always, it’s better to be protected from the top down!