CyberCX, until last month Australia's largest independent cybersecurity firm, was sold to Accenture on February 27th. The price wasn't disclosed, but the Australian Financial Review put it at over a billion dollars, making it Accenture's biggest cybersecurity deal ever and the largest acquisition in the Australian consulting industry in recent memory.
How CyberCX Was Put Together
CyberCX wasn't built from scratch. Private equity firm BGH Capital assembled it in 2019 by buying twelve separate boutique cybersecurity firms and merging them into one. The idea was to take a collection of specialists, put them under a single brand, and sell that at scale. It worked well enough that six years later, Accenture paid ten figures for the result.
So CyberCX was itself built by swallowing smaller firms. Now it's been swallowed by a firm with 791,000 staff.
What Happens Next
Nobody announces a billion-dollar deal saying it's bad news for customers. The press releases are always full of "force multipliers" and "world-leading capabilities." The CyberCX one was no different.
But Nick Ellsmore, director of Sydney advisory firm Delling Advisory, said what most people in the industry were thinking: "Despite all the best intentions in the world, you simply will not get the same level of service from a company with 791,000 staff, as you will from someone smaller."
That's not a dig at Accenture. It's just how it works. When a firm that size absorbs something, things change. Pricing structures get reviewed. The account manager who knew your setup moves on. Smaller clients drift toward the bottom of the priority list. Integration takes longer than anyone admits upfront, usually years, and in the meantime the thing that made the acquired firm useful to you gets standardised away.
CyberCX was already carrying the legacy of twelve mergers. Now it's one more layer deep inside a global consulting giant.
This Has Been Happening for a While
Thales bought Tesserent in 2023 for $176 million. Before that, a string of Australian specialists got picked off or absorbed. The pool of genuinely independent local providers keeps getting smaller.
That creates a gap. Most Australian businesses aren't federal government departments or ASX-listed banks. They're accounting firms, law practices, healthcare providers, manufacturers, real estate agencies, organisations that need practical, reliable IT and security support, not a global consulting engagement model priced accordingly.
The Optus breach, the Medibank incident, Qantas losing data on six million customers: nobody thinks cyber risk is someone else's problem anymore. For most Australian businesses tho, dealing with that problem requires someone who knows your setup, picks up the phone when something goes wrong, and is still your contact next year. A firm with 791,000 staff has other priorities.
If you're currently a CyberCX customer, it's worth a direct conversation with your account team about what the integration means for your contract. Acquisitions this size take a long time to settle, and the first year is usually the messiest.
We've been looking after Sydney businesses for over 20 years. If you want to talk through where things stand, get in touch. No hard sell, just a straight conversation.
WhatsApp 