Acquisition Criteria

What We Look For

Cyber Profound acquires managed security service providers that meet a defined set of financial, operational, and cultural criteria. We do not run auctions. We do not impose integration timelines. Every acquisition begins with a private conversation.

Financial Profile

The Numbers We Look At First

We focus on firms with demonstrated recurring revenue, healthy margins, and a client base that reflects the firm's long-term quality. Below are the primary financial thresholds we apply.

$3M – $20M
Annual Revenue

Firms below $3M lack the operational infrastructure we require. Firms above $20M are evaluated case by case.

70%+
Recurring Revenue

Managed contracts, retainers, and subscription-based services constitute the majority of revenue.

15%+
EBITDA Margin

We look for firms with proven margin discipline, not growth-at-any-cost economics.

3+
Years in Operation

Established client relationships and operational history are prerequisites for consideration.

$1M+
EBITDA

Absolute earnings reflect the firm's capacity to sustain operations independently under our ownership.

90%+
Client Retention

Retention is a proxy for service quality and relationship depth — both of which are non-negotiable.

Operational Profile

Beyond the Balance Sheet

Financial criteria are necessary but not sufficient. We also evaluate the operational characteristics that determine whether a firm can scale within our platform.

Leadership Continuity

We prefer acquisitions where the founding or senior leadership team remains engaged post-close, either in an operational or advisory capacity. We do not acquire to replace management.

Client Concentration

No single client should represent more than 30% of total revenue. Concentration risk is evaluated as part of our due diligence process.

Contract Structure

Multi-year managed service agreements and SOW-based retainers are weighted more favorably than project-based or transactional revenue streams.

Geographic Footprint

We prioritize firms operating across North America. Regional concentration is evaluated in the context of the client base and sector served.

Sector Focus

Sectors We Know Well

While we evaluate firms across sectors, we have particular depth in the following sectors and weight them accordingly in our acquisition process.

Healthcare & Life Sciences
Financial Services
Government & Defense
Critical Infrastructure
Manufacturing & Industrials
Professional Services
Out of Scope

What Falls Outside Our Criteria

Clarity matters. The following categories fall outside our current acquisition mandate. We do not evaluate them, and we decline inquiries in these areas without prejudice.

01

Pure technology resellers with no managed service component.

02

Firms with revenue below $3M or operating history under three years.

03

Businesses with unresolved litigation, pending regulatory action, or material customer disputes.

04

Firms seeking a quick close without leadership continuity.

05

Project-based IT firms without a recurring contract base.

06

Companies operating exclusively outside North America.

M&A advisory — acquisition process
How We Engage

A Defined, Private Process

Every conversation is confidential. We do not share your information, reference your name in the market, or communicate with your clients or competitors at any stage.

Step 1

Initial Conversation

A confidential call to understand your business, your goals, and whether there is a mutual fit.

Step 2

Preliminary Review

We review financials, contracts, and operational structure under NDA. No bankers. No intermediaries.

Step 3

Letter of Intent

If there is clear alignment, we issue a non-binding LOI within 30 days of preliminary review.

Step 4

Closing

We close with our own capital and legal team. No financing contingencies. No extended timelines.

If your firm meets these criteria, the next step is a private conversation.

All conversations are confidential. We do not contact clients, employees, or competitors.