A managing director of a twenty-person IT services firm came into a conversation about what she might sell for. The business had grown steadily for nine years, her team was stretched, and the pipeline was full. Revenue had just cleared £3 million. She expected a number in the eight to ten times EBITDA range.
The adviser came back with four. The gap came down entirely to structure.
What do buyers in UK services M&A actually pay for?
UK buyers of professional and IT services firms look at quality of earnings, not just the earnings figure. Grant Thornton puts the typical EBITDA multiple for lower-mid-market services deals at four to eight times, but where a firm lands in that range depends heavily on recurring revenue, customer diversification, and whether the business can run without its founder at the centre.
Before agreeing a price, buyers perform detailed quality of earnings analysis: reviewing churn rates, contract terms, customer lifetime value, and the extent to which specific individuals are holding key relationships. A services firm operating on a mix of recurring retainer contracts and project work will be rated very differently from one running entirely on bespoke projects, even if the revenue line looks similar on paper.
Crowe UK’s analysis of the IT services M&A market puts a concrete number on this: firms with 70 to 80 per cent contracted recurring revenue can achieve EBITDA multiples one to three turns higher than project-only firms of comparable size. GP Bullhound’s 2023 research on software and B2B services across Europe found a similar premium for companies with strong net revenue retention, particularly those above 100 per cent.
Why does founder dependency undermine what a buyer will pay?
An owner-managed firm where the founder holds the key client relationships, runs the most complex work, and is the main reason clients stay is a firm a buyer will discount significantly. BCMS, which advises UK owner-operators on exits, reports that firms with high founder dependency regularly end up with earn-out structures rather than clean cash at completion, because the buyer needs insurance against the transition.
Earn-outs tie a portion of the sale price to post-completion performance, often over two or three years. For a buyer, it is a reasonable way to manage transition risk. For a founder, it can turn an exit into a multi-year employment contract they never signed up for.
The degree to which a firm has documented, repeatable processes, and embedded them in systems rather than in the founder’s head, is a key variable in whether this structure appears at all. Buyers look for evidence that client onboarding, delivery, reporting, and sales can all run without the current owner in the building.
Regulated firms face an additional layer here. Both the FCA’s Senior Managers and Certification Regime and the Solicitors Regulation Authority’s firm authorisation requirements push towards documented accountability structures, with authority clearly allocated and processes that do not over-rely on a single individual. A well-documented compliance structure in a regulated firm carries two purposes: it meets the legal requirement and signals governance maturity to acquirers.
Where does client concentration cause the deepest damage?
Many acquirers in the UK look hard at what share of revenue sits with the top one or two clients. BCMS and PKF Francis Clark both flag that a single client accounting for more than 20 to 30 per cent of revenue is enough to trigger a price reduction, a structured earn-out, or in some cases a decision to walk away from the deal altogether.
The concern is direct: if that client leaves after the sale, the business looks very different from the one the buyer priced. The 2018 Carillion parliamentary inquiry documented how over-reliance on a small number of major contracts left a large firm fragile in ways turnover did not signal. The concentration risk lesson from that inquiry now features in standard M&A due diligence for services firms of any size.
For an agency, consultancy, or IT services firm, a diversified client book is one where no single client holds disproportionate negotiating power, sectors are spread so a downturn in one does not create a cash crisis, and contract lengths vary so renewals do not all cluster in the same window.
This kind of diversification tends to happen deliberately or not at all. Clients who refer other clients cluster in the same industry. Founder-led selling focuses on the relationships the founder already has, which concentrates in the sectors they know. Correcting this requires an intentional decision about where the next client is going to come from, made well before the business needs to demonstrate it to a buyer.
When does compliance become part of a buyer’s valuation model?
Buyers now routinely commission data protection and cybersecurity due diligence alongside the financial review. The Information Commissioner’s Office can fine organisations up to £17.5 million or four per cent of global annual turnover for serious data protection breaches, and evidence of poor compliance can materially reduce a valuation or reshape deal terms. An undocumented operation carries risk that a well-run firm at the same revenue would not.
The Herbert Smith Freehills analysis of data protection in M&A due diligence confirms this is now standard deal preparation, with gaps in UK GDPR compliance capable of triggering indemnities, price adjustments, or deal collapse. A firm that processes client data, holds employee records, and manages confidential commercial information but has not documented how it meets its obligations under the Data Protection Act 2018 is presenting an acquirer with unquantified liability.
Cybersecurity is treated similarly. The 2022 Cyber Security Breaches Survey found that 39 per cent of UK businesses reported a breach in the preceding year. The National Cyber Security Centre’s Cyber Essentials scheme offers a documented baseline standard, and achieving certification signals that a firm has structured its security posture rather than managing it on instinct.
AI use is now part of this picture. If a firm is using generative AI in client delivery, buyers will ask how it is governed and whether ICO guidance on AI and data protection has been addressed. A well-governed AI capability signals operational maturity; an ungoverned one adds liability.
What connects all of this to how you run the firm right now?
The structural features that make a business valuable to a buyer are the same ones that make it easier to run without you at the centre. Recurring revenue smooths cash flow. Documented processes allow real delegation. A diversified client book means you can say no to a difficult client without panic. Building for a buyer and building for your own freedom are the same move.
None of these moves require a sale to be imminent. Structural work takes time: building recurring revenue lines, documenting the processes that live in the founder’s head, widening the client base deliberately, and putting compliance in place a third party could inspect. A firm that works through these is more resilient for the team working in it, more attractive to a buyer, and more likely to give the owner genuine time back.
The practical starting point is to pick one variable and ask honestly where the firm sits. Score recurring revenue, client diversification, process documentation, or compliance posture out of ten. Then ask what a seven would look like and whether there is a concrete step this month that gets you closer.
A buyer looking at two firms with identical revenue will write very different offers. The gap is explained by structure, and structure is something you can build on purpose. If you’d like to think through where your firm sits, book a conversation.
