ITS Acquires Black Breach: Cybersecurity Expansion

The Deal

ITS announced its acquisition of Black Breach on March 25, 2026, marking a strategic move to expand its cybersecurity capabilities through the addition of specialized managed security services. The transaction enables ITS to launch a dedicated cybersecurity team while integrating Black Breach's security expertise into its existing managed services portfolio.

ITS operates as a managed service provider seeking to enhance its cybersecurity offerings through strategic acquisitions. Black Breach brings established managed security services and cybersecurity solutions that complement ITS's existing service stack. Deal terms remain undisclosed, following the pattern of many mid-market MSSP transactions where buyers prefer to keep financial details private.

The acquisition represents ITS's commitment to building comprehensive cybersecurity capabilities rather than relying solely on third-party security partnerships. This approach allows for better margin control and deeper client relationships in the high-growth security services market.

Strategic Logic

This acquisition follows a clear capability-building strategy for ITS. Rather than developing cybersecurity expertise organically, ITS chose to acquire proven capabilities through Black Breach's established team and service offerings. The deal provides immediate access to specialized security talent and existing client relationships that would take years to develop internally.

The strategic fit centers on several key factors:

• Service Portfolio Expansion: Black Breach's managed security services fill gaps in ITS's existing offerings, creating a more comprehensive solution stack
• Talent Acquisition: The deal brings experienced cybersecurity professionals who can lead ITS's new dedicated security team
• Client Cross-Selling: Existing ITS clients gain access to enhanced security services, while Black Breach clients can benefit from ITS's broader managed services capabilities
• Market Positioning: The combined entity can compete more effectively for larger deals requiring both traditional managed services and specialized security expertise

The timing aligns with increasing demand for integrated managed services that include robust cybersecurity components. Many clients prefer working with fewer vendors, making this type of capability expansion strategically valuable for MSPs competing in the mid-market.

Valuation Context

While deal terms remain undisclosed, this transaction reflects continued strong interest in cybersecurity-focused MSPs and MSSPs. Specialized security service providers typically command premium valuations compared to traditional MSPs due to higher recurring revenue quality and stronger client retention rates.

The MSSP market has shown resilience even during economic uncertainty, with buyers willing to pay higher multiples for companies with proven security expertise and established client bases. Pure-play MSSPs often trade at EBITDA multiples 1-2 turns higher than traditional MSPs, reflecting the specialized nature of their services and the critical importance of cybersecurity to client operations.

For strategic buyers like ITS, the acquisition multiple likely reflects not just Black Breach's standalone financial performance but also the strategic value of accelerating cybersecurity capability development. The cost of acquiring established capabilities often proves more attractive than the time and investment required to build similar expertise internally, particularly in specialized areas like managed security services.

What MSP Owners Should Know

1. Cybersecurity Specialization Commands Premium Valuations: MSSPs and MSPs with strong security practices consistently attract buyer interest at higher multiples. The specialized talent and recurring revenue characteristics of security services create compelling acquisition targets for both strategic and financial buyers.

2. Strategic Buyers Value Capability Gaps: ITS's acquisition demonstrates how established MSPs use M&A to fill specific capability gaps rather than compete on traditional managed services alone. MSP owners should consider how their specialized expertise might fit into larger players' growth strategies.

3. Team and Talent Drive Deal Value: The emphasis on launching a "dedicated cybersecurity team" highlights how human capital factors into acquisition value. MSPs with strong technical teams in high-demand areas like cybersecurity often find themselves attractive acquisition targets even at smaller revenue scales.

4. Integration Strategy Matters for Buyers: The stated plan to integrate Black Breach's services into ITS's existing portfolio shows sophisticated acquisition planning. MSP owners considering exit opportunities should understand how their services and client base would integrate with potential buyers' existing operations.