Amplix’s acquisition of cybersecurity firm 24By7Security may create a blueprint for technology advisors to sell security solutions.
Gemspring Capital-backed Amplix purchased the consulting and compliance provider last month in its 12th deal since forming in late 2022. Strengthening the TA's cybersecurity capabilities could boost sales in other technology categories, as IT buyers face growing compliance requirements.
“Cybersecurity on the customer side is starting to become an impediment to deploying other technologies like AI,” Amplix Chief Marketing Officer Shawn Cordner told Channel Dive.
The acquisition bucks M&A trends in the TA market, where private equity investors have sponsored a wave of agent roll-ups over the last five years. “Superagents” have almost exclusively acquired other agents with a recurring commission-based revenue model. 24By7Security is not an agent, and it doesn’t primarily earn revenue through technology sales. It focuses on projects like risk assessments and security testing, and its revenue is typically one-time rather than recurring.
Many private equity firms have been loath to add non-recurring revenue to their TA platforms, but Amplix saw the consultancy as strategic. The company spent more than a year exploring the deal, Amplix CEO Dan Gill said.
“We haven't just been trying to acquire EBITDA around the country,” Gill said. “It's been, how do you support the full life cycle of a technology investment for the customer?”
Why 24By7Security is strategic
Merging with a cybersecurity consultancy lends Amplix a level of autonomy in the cyber sales cycle that is rare for TAs.
TAs have embraced security in the last decade. In a recent Telarus survey, 37% of TAs called cybersecurity their top revenue-generator.
But Gill said many TAs are too reliant on their security vendors in the sales process. TAs partner closely with managed security service providers like eSentire, LevelBlue and Thrive to match those MSSPs with clients. They often partnered so closely that MSSPs performed risk assessments for prospective customers. Gill said Amplix can position itself as an unbiased advisor by running its own assessments..
“We love our MSSP partners… but we're kind of ceding that unnecessarily by not having the expertise. Long-term, this will allow us to be better partners to them too, because their business is about recurring revenue,” Gill said.
Most TAs are small companies with limited budgets for adding cyber resources, but they are increasingly making investments. Resourcive, now owned by ScanSource, bought consultancy Proteus Advisors in 2022. Cloud Communications Group in 2024 lured long-time CISO James Beeson.
Trickle-down impact
The benefits extend beyond security.
Regulatory complexity is increasing in customer experience technology — one of Amplix’s core areas. If businesses don’t check boxes for PCI compliance, they can’t deploy a CX platform. Cyber insurance is now “intertwined” with technologies previously considered outside the security stack, Cordner said.
Addressing security at the onset of a customer engagement removes roadblock for Amplix’s core tech sourcing work.
“We think it'll enhance and increase our normal advisory work and opportunities,” Gill said.
Amplix executives have focused on end-to-end life-cycle solutions since the company formed out of a three-agent merger in 2022. Founding member ROI Communications brought to the table an order and inventory management platform, and Amplix has since acquired service capabilities for mobility, CX and expense management.
Gill said Amplix is trying to envision the market five to ten years from now. The crystal ball says partners need to expand their capabilities beyond sourcing.
“The competitive set for our business changes every year, and we have to be ahead of where this is going. Just supporting the procurement of technology has value, but to me that is not the long-term vision of this business,” he said.
