VENDORiQ: Infosys Acquires The Missing Link – A Bid for Scale in Australia’s Booming Cyber Market?

Why it’s Important

Infosys’s move to acquire The Missing Link reflects a continuing trend: large international IT service providers acquiring specialised cyber security capabilities to meet escalating demand and address talent shortages. The Australian cyber security services market is experiencing robust growth, driven by a complex threat landscape and increasing regulatory pressures. For CIOs and CISOs, this acquisition is typical of the potential opportunities and points requiring careful consideration resulting from this consolidation trend.

On one hand, the integration of such specialised cyber security services into international service organisations promises scale. The Missing Link gains access to Infosys’s global reach, resources, and client base, enabling it to enhance its service offerings and compete for larger, more complex engagements. The explicit mention of integrating with Infosys Cobalt suggests a push towards bundled cloud and security offerings. For existing Missing Link clients, assurance is business as usual regarding the team and service delivery, but with the added benefit of Infosys’s broader capabilities.

However, a cautious perspective is warranted. Integrating distinct company cultures, particularly a large global entity like Infosys (>300,000 employees) and a specialised ~200-person firm like The Missing Link, carries inherent risks. Maintaining the agility, focus, and service ethic of The Missing Link within the larger corporate structure will be challenging. 

Missing Link clients need to be cautious about price increases.  The larger entities like Infosys have more market power and may seek to increase prices, arguing access to a broader range of services.

While leadership continuity is planned, CIOs and CISOs who rely on The Missing Link’s (or any other specialised technology supplier’s) specific expertise and service style should monitor how the integration unfolds. Questions remain about potential changes in service prioritisation, account management, and the long-term retention of key specialist talent – a critical asset in the current skills-constrained market.  Anecdotal experience from similar mergers is that some of the more talented technical staff of smaller, nimble firms do not like to work for the big firms, thriving on their importance and influence in the smaller firms.  This potential skill flight may be offset by the global capabilities of the larger entity. However, with the retention of these roles, Infosys is unlikely to shut down The Missing Link like Orange Cyberdefense did to Sense of Security.

Furthermore, while presented as enhancing sovereign capability through scale, the acquisition places another significant Australian security provider under foreign ownership.  The need to have sovereign cyber security resources is expected to grow rapidly in the next year due to geopolitical instability.

Who’s Impacted?

• CIOs: Need to evaluate how such acquisitions may affect existing service agreements, particularly concerning integrated cloud and security strategies. Consider the long-term implications of vendor consolidation in the Australian market.
• CISOs: Should assess the potential impact on the specific cyber security services received from partners, and how quickly these can be switched to another provider if a merger should be a cause for concern. Monitor service levels, key personnel retention, and how threat intelligence or SOC operations might be integrated or altered.
• Vendor management/procurement: Need to understand the new contractual realities and relationship management dynamics with the combined entity. Assess the acquisition against overall sourcing strategy and market diversity goals.
• Competitors: Both local Australian cyber security firms and other large IT service providers will need to adjust their strategies in response to Infosys’s strengthened position in the Australian cyber market.

Next Steps

• Existing Missing Link clients: Engage with account managers to understand the practical implications of the acquisition, integration timelines, and any potential changes to service delivery or personnel. Seek clarity on data handling and sovereignty, especially concerning the integration of the GSOC into Infosys’s global network.
• Existing Infosys clients: Enquire how The Missing Link’s capabilities will be integrated into Infosys’s portfolio and how this might benefit or change existing security service arrangements.
• Organisations evaluating security providers: Consider this acquisition within the broader context of market consolidation. Assess whether the potential benefits of scale offered by the combined entity outweigh the potential risks associated with large-scale integration. Evaluate the combined offering against independent specialists and other integrated providers.
• All organisations: Review your cyber security partner strategy in light of ongoing market consolidation. Ensure you have sufficient vendor diversity and understand the ownership structures of your key security partners.