Dear Tech Enthusiast,

2025 is shaping up to be a decisive year for the IT services sector. Cybersecurity has moved to the top of the agenda, with the new Schwarz Cyber Security Report 2025 revealing just how widespread and sophisticated attacks have become. At the same time, AI, regulation, and managed services consolidation are opening up unprecedented opportunities for IT entrepreneurs and investors who act boldly now.

In this edition, you will find:

  • An exclusive interview with Alexander Schellong, Managing Director Cybersecurity at Schwarz Digits

  • Key findings from the Schwarz Cyber Security Report 2025

  • Our new whitepaper: NextGen IT Services – How Entrepreneurs Can Scale Now

  • global perspective on MSP consolidation from Drake Star’s 2025 report

  • A roundup of the latest IT services M&A transactions reshaping the European market

Interview with Alexander Schellong, Schwarz Digits

Cybersecurity 2025 – Between Rising Threats and New Resilience

IT Capital Partners: Alexander, the new Schwarz Cyber Security Report 2025 paints an alarming picture: more than 80% of German companies were affected by cyberattacks last year. In your view, what are the main drivers of this development?

Alexander Schellong: Cybercrime has long become a highly professional business. We are seeing well-organized groups and nation states that deliberately exploit supply chain vulnerabilities, deploy zero-day exploits, and inflict enormous damage through ransomware. In addition, the attack surface is expanding through digital transformation and complexity: cloud environments, remote work, AI, IOT. Attacks are happening continuously and can impact anybody. You can be collateral damage, a proxy for an attack on someone else or the actual target. 

IT Capital Partners: Which attack patterns stand out most at the moment?

Alexander Schellong: Phishing and social engineering remain the most successful entry points – ultimately, the human factor decides. However, poor Cybersecurity practices or lack of resources in many organizations offer many other avenues for successful attack. You have to assume that smart attacks will use a combination of techniques to and your vulnerabilities to reach their goal. AI-driven attacks are also becoming more relevant.

IT Capital Partners: The report highlights that supply chains pose a major risk. How can companies effectively strengthen their resilience here?

Alexander Schellong: Supply chains are often the “blind spot” in an organization’s Cyber  risk  management. Companies need to scrutinize their partners and suppliers more thoroughly, contractually enforce minimum standards, work together on sharing threats and establish a level of transparency of their Cybersecurity posture through meaningful KPIs. 

IT Capital Partners: Regulations such as NIS2, the EU AI Act, or the Cyber Resilience Act are increasing pressure. Do you see them more as a compliance burden or as a catalyst for better security – and perhaps even new business models?

Alexander Schellong: It’s both. Let’s face it. Cybersecurity feels like a “burden” and rising cost element until the day you fall victim to a Cyber attack or everyone else around you had to shut down but you are still “in business”.  NIS2 or the CRA establish critical minimum standards or a level of transparency that should have been implemented in public and private sector organizations of all sizes a long time ago given the threat landscape. These standards increase our collective defense–from products to organizations– across Europe which is a good thing. We just need to make sure regulations are not conflicting each other.

Dive Deeper: Schwarz Cyber Security Report 2025

Want to explore the findings in more detail? The Schwarz Cyber Security Report 2025 offers exclusive survey results, analysis, and practical recommendations for building resilience.

Download Full Report

IT Capital Partners: Zero Trust has been a buzzword for years, but is still not fully implemented in practice. From your perspective, what are the key success factors to truly move to a Zero-Trust security model?

Alexander Schellong: Zero Trust is not a product you can buy – it’s a mindset that has been around for over a decade. You cannot inherently trust any user, device, or application. This requires enterprise-level identity management, end-to-end encryption, micro-segmentation, and strict access control. The biggest mistake is to treat Zero Trust as a one-off project. It’s a continuous process that requires ongoing adjustment. Many Zero Trust projects fail because of their complexity, high costs and time to implement them in complex and hybrid  IT environments.

IT Capital Partners: The report also shows that many small companies simply lack the resources – nearly 50% have no dedicated security capacity. What strategies can help them become more resilient nonetheless?

Alexander Schellong: For SMEs in particular, managed security can be a viable path. External Security Operations Centers (SOCs), automated detection and response, and cloud-based security services can replace or supplement an internal team. What’s crucial is that even smaller companies can no longer afford to sit back. Cybersecurity is not a matter of company size – it’s a matter of survival. Before any investment is made, it is important to understand an organizations risks and most important assets. Once this is understood, an individual multi-year strategy can be implemented.

IT Capital Partners: If you had to give an IT entrepreneur three concrete recommendations to significantly increase cyber resilience over the next 12 months, what would they be?

Alexander Schellong:

  1. Conduct a structured Cyber risk analysis including a technical review with an external partner and establish a 2-3 year plan to improve your Cybersecurity posture. If you have the financial means and dare to accept the results, secretly conduct a complex red teaming exercise before you do the above. The read team will try  to attack your organization technically and physically to get to your IT or other sensitive assets. 

  2. Cybersecurity solutions are just means to an end. Small investments, a change of end-user behavior go a long way in protecting your organization from Cyber threats.  Given the changing geopolitical climate,  consider your digital sovereignty when working with non-European vendors. 

  3. Cybersecurity starts at the non-technical supervisory board and C-level.

IT Capital Partners: Finally, if we talk again in five years – how will we know that German companies have done their cybersecurity homework?

Alexander Schellong: I am confident more organizations in Germany will increase their Cybersecurity posture five years from now due to the regulatory requirements. While we will always see novel attacks, the overall number of attacks should be lower than today.I expect  greater transparency on the number of incidents in the future so we can see whether my prediction is right. Finally, I hope will will also see more successful German and European Cybersecurity vendors.

Whitepaper Spotlight – NextGen IT Services

2025 is a “now or never” moment for IT service providers. The market is growing fast, but only a minority of players will capture most of the value. The new IT Capital Partners Whitepaper shows why:

Three market dynamics are reshaping the industry:

  1. AI grows up – no longer hype, but measurable productivity gains. The global AI market is set to grow at 37% CAGR until 2030.
  2. Regulation becomes business – NIS2, the EU AI Act and the Cyber Resilience Act affect tens of thousands of companies, creating billions in compliance-driven demand.
  3. Talent scarcity flips – 137,000 unfilled IT roles in Germany turn from a bottleneck into an opportunity for those who master smart recruiting, nearshoring, and automation.
 

Download Whitepaper

Opportunity Map 2025: The whitepaper highlights five technology areas with the highest growth and impact: Generative AI, Cloud Native, Zero Trust Security, Edge Computing, and Intelligent Automation.

The 6 Dimensions of Excellence: Sustainable scaling requires inner strength as much as market opportunity. The report outlines six levers – Pricing, Delivery, Talent, Organizational, Leadership, and Financial Excellence – that determine whether IT companies can turn opportunities into profitable growth.

 

Global Spotlight – Managed Services Consolidation

The latest Global MSP Report Q2 2025 by Drake Star highlights how the Managed Services market is entering a new phase of scale and consolidation:

  • 92 MSP transactions were announced in Q2 2025, confirming strong investor appetite despite macroeconomic uncertainty.

  • The global MSP market reached $305bn in 2024 and is expected to almost double to $571bn by 2033 (7.2% CAGR), driven by rising IT complexity and cost pressure.

  • 83% of deals involved IT service providers, showing that consolidation is less about pure scale and more about capability expansion (cybersecurity, automation, cloud, compliance).

  • Strategic buyers dominate: the top 10 consolidators each closed four or more MSP acquisitions in the past 24 months.

  • Security has become a must-have differentiator: 84% of MSP clients now expect integrated cybersecurity services, compared to 65% a year earlier.

👉 What this means for German & European IT entrepreneurs:

  • The window for platform building is open now – especially for mid-market players in DACH that can combine managed services with vertical expertise.

  • Exit opportunities are increasing as international consolidators actively look for regional champions with cybersecurity and compliance capabilities.

  • European MSPs with strong local presence and a trusted Mittelstand customer base can position themselves as attractive acquisition targets or as consolidators in their own right.

Recent Strategic Deals in the IT Services Sector

The IT services market continues to consolidate at high speed. Strategic investors and private equity firms are actively pursuing buy-and-build models, carve-outs, and technology-driven acquisitions. Below you’ll find a selection of the latest transactions across Europe.

🔐 Cybersecurity

  • SecurityBridge acquires CyberSafe (UK) – Adds MFA, SSO and passwordless authentication to its SAP security portfolio.

  • Orange Cyberdefense acquires Ensec AG (CH) – Expands its Swiss footprint; the 41-person team strengthens coverage in banking, insurance and pharma.

  • NOBIX Group acquires Huth Communication (DE) – Bolsters DATEV-focused managed services for accounting and tax clients; founder Sebastian Huth remains in leadership.

☁️ Cloud & Managed Services

  • ploon.it group acquires STEP Computer- und Datentechnik GmbH (DE) (incl. Step Business Solutions AG, CH) – Platform expansion into Southwest Germany and Switzerland; adds ~37 employees and three locations; portfolio boost in IT security, managed workplace, and software development. 

  • citadelle systems acquires one IT GmbH (DE) – Broadens managed services presence in Germany; Pinegarden advised the buyer.

  • Conscia to acquire Open Line (NL) – Agreement signed (closing pending). Largest deal in Conscia’s history, adding sovereign-cloud and mission-critical managed services in healthcare and the public sector.

  • Odin Groep acquires Assyst Europe (BE) – Strengthens presence in Brussels with Microsoft, cloud and cybersecurity expertise.

  • Your.Cloud acquires Becs IT Services & Wetec Enterprise IT (NL) – Further scales its Netherlands MSP platform.

📊 Data, AI & Analytics

  • Dataciders acquires integration-factory GmbH (DE) – Deepens capabilities in data integration and advanced analytics across finance, energy and manufacturing.

  • X1F Group acquires accantec group (DE) – Adds business-intelligence and data-science expertise to the Ufenau-backed platform.

  • DAC.digital joins INFOMOTION Group (DE/PL) – Creates a 700+ expert team across Poland and Germany, combining data strategy, analytics and AI engineering.

🧩 IT Services & Carve-outs

  • PRO DV AG acquires key assets and the operating business of NETFOX AG (DE) – Asset deal out of insolvency, effective 1 Sep 2025; expands presence around Potsdam and strengthens focus on security-critical IT infrastructures. 

  • KOMI Group formed via carve-out from Konica Minolta (DE) – Liberta Partners creates a Mittelstand-focused IT services provider with modular solutions for companies with ~50–350 workplaces.

  • Grouplink acquires ASPICON (DE) – Adds managed services for business-critical database infrastructures.

  • itesys AG acquires Hosting Solutions GmbH (DE) – Expands SAP-basis operations and ISO-27001-certified hosting in Germany.

⚙️ ERP, CRM & Cloud Consulting

  • CONET acquires Kerun.One (DE) – Extends Salesforce and marketing-automation capabilities; also adds a new nearshore location.

  • Communardo Group acquires Celix Solutions (AT) – Strengthens Atlassian consulting footprint in Austria (Bregal Unternehmerkapital portfolio).

  • collana IT Group acquires Develappers GmbH (DE) – Expands Microsoft and custom development expertise.

  • Egeria acquires Cpro Group (DE) – Invests in an SAP consulting specialist for German mid-market customers (incl. S/4HANA).

🌍 International Scale-Ups & Strategic Exits

  • Bechtle acquires Grupo Solutia (ES) – Largest Spanish acquisition to date; adds ~637 employees and ~€100m revenue, reinforcing public-sector strength.

  • Capgemini to acquire WNS (IN) – Agreement announced to expand business-process services and AI-enabled operations (closing pending).

  • Advania acquires The AI Framework (SE) – Adds enterprise-AI transformation advisory and implementation expertise in Northern Europe.

  • 26North Partners to acquire a controlling stake in AVI-SPL (US) – Adds a global leader in digital workplace solutions to its PE portfolio (transaction announced)

Haven't joined us yet? Subscribe now to stay ahead at the forefront of IT with exclusive insights and updates.