.svg)
The Sell-Side Imperative
A PE firm thought they were selling a £200m business. Tech Due Diligence from the buyer revealed it was worth considerably less. That gap was entirely avoidable.
This is the first of three blog posts to highlight Noremo's approach to Tech Due Diligence — the opportunities and the pitfalls. We start with how sell-side Tech DD can protect and maximise your valuation as you approach an Exit.
The Cost of Ignoring What You Can't See
In July 2021, Kaseya — a Florida-based IT management software company — suffered one of the most damaging ransomware attacks in history. The REvil group exploited a zero-day vulnerability in Kaseya's VSA platform, cascading through roughly 1,500 businesses that relied on it worldwide. Kaseya's CEO described the attack as "sophisticated" and "unprecedented."¹ For any acquirer in the middle of Due Diligence on Kaseya at that moment, the deal would have collapsed overnight. The business had value. The hidden vulnerability destroyed it.
You don't need to be a software company for this to happen to you. As Satya Nadella proclaimed back in 2019, "Every company is now a Software company."² The question is not whether technology risk exists in your business — it does. The question is whether you know about it before your buyer does.
A Story That's Playing Out Right Now
Here is a story of one such PE firm — let's call them "Elementary" — and its portfolio company, "Scaleup Ltd." (Both entirely fictional, though the pattern will be familiar.)
Elementary acquired Scaleup at the peak of their optimism. The investment thesis was compelling: new geographies, a subscription model with strong unit economics, and two or three attractive Buy & Build targets in adjacent markets. Like most PE firms, Elementary had a clear view on how they intended to exit within a 3–5 year timeframe.
By the end of Year 1, Elementary's Operating Partner and Scaleup's CEO had navigated the inevitable post-acquisition turbulence — the key people who left, the customer decisions that were delayed, the implementation timelines that stretched — and were beginning to execute on the Value Creation plan.
By the end of Year 2, Operational Efficiency had become the new mantra. Scaleup's CFO was squeezing every extra point of margin. AI experiments that couldn't demonstrate tangible ROI were shelved. The Christmas party was cancelled. EBITDA uplift was the new holy grail. Meanwhile, Elementary's Investment Partner had started working the phones — Mega-Funds, a couple of Corporates, a handful of M&A bankers from yesteryear — quietly gauging appetite to take Scaleup to its next chapter.
All the while, the Tech Debt mountain — sitting on ageing servers next to the office canteen and scattered across multiple Cloud vendors — had been left to grow unmanaged and untrimmed. Decay had begun. And that knowledge? It either lay hidden, waiting for future owners to discover at their peril. Or it got shared. Human instinct, too often, is to gloss over and cover up.
By the end of Year 3, when Elementary had expected to be signing term sheets at an Enterprise Value of 14x EBITDA, they instead faced a brutal choice: hold on for another 2–3 years until "market conditions improve," or sell in a hurry to a sharp Secondaries operator at a fraction of the expected price.
What happened? Elementary's preferred suitors had conducted detailed Tech Due Diligence on Scaleup and uncovered all of it. The Tech Debt. The fissures in Scaleup's cyber defences. The antiquated, overlapping enterprise systems. The largely manual, often duplicated business processes. Each suitor demanded such aggressive re-pricing that Elementary was no longer on track to recover its Cost of Capital — let alone deliver the required Internal Rate of Return.
"This is unheard of!" screamed Elementary's Founder and Managing Partner. "Scaleup isn't even a Tech company!!!" He'd clearly spent too many hours carving up the world in Davos and missed that Satya Nadella moment.
It's Never Too Late — But Earlier Is Always Better
Rather than Tech Debt being ignored and knowledge of it lost in the redundancies of Year 1, the wiser course for Elementary would have been to treat Technology as a first-class priority from Day 1 — with a realistic, grounded plan for managing Tech Debt from the outset.
If that moment has passed, the next best action is to act now. As part of your Exit Preparations or Vendor Due Diligence, engage external specialists to take an objective, outside-in view of your Portfolio Company's Technical Architecture and your Cyber Security, Risk & Resilience posture. That's exactly where Noremo brings specialist expertise.
Noremo would conduct a structured assessment that identifies your major Tech and Cyber risks. We would then work with your team to create a prioritised Tech Roadmap and Risk Register — so that high-priority issues can be addressed immediately, and lower-priority issues tracked and managed over time.
From an investment timeline perspective, it is not necessary that every identified risk is addressed before you go to market — the list will inevitably be long. What matters is that your PortCo has the Roadmap and the Risk Register, that the first two or three milestones have been visibly achieved, that there is a credible plan for the rest, and that a Risk Management process is now embedded to identify and prioritise new Tech risks as they emerge. Remove the friction to Exit.
If you can achieve that, your chances of a clean, well-priced transaction are measurably higher.
As Orlando Bravo — the legendary founder of Thoma Bravo and one of the great architects of software-focused PE investing — put it at SuperReturn Berlin in 2025: "Always be Selling… Always be Buying." It's the business transformation that creates the value, and that transformation has to be actively managed. Technology is not a footnote. It is the foundation.
In other articles in this series we cover:
References
¹ Kaseya VSA Supply-Chain Ransomware Attack — BBC News, July 2021
² Microsoft CEO: Every Company Is Now a Software Company — Satellite Today, February 2019
Image credit: Google Gemini Nano Banana Pro