The term sheet arrived on a Thursday. Eight months of courtship, three management presentations, and a near-miss on a competing bid. As Harvard Business Review has documented, valuation adjustments during due diligence are one of the most common deal-killers. The strategic buyer had run their own operational due diligence and the early headline was clean: strong unit economics, solid team, defensible product.
Then someone ran the revenue concentration analysis.
The company’s largest customer - a regional insurance group they’d landed three years earlier - represented 34% of ARR. Not unusual for a company at their stage. The second-largest was at 19%. Combined, two clients were responsible for more than half of total revenue.
The buyer dropped their offer by 22%. Then added a two-year earnout tied to retention of both accounts. The founder took it. He had no leverage.
This plays out constantly. And the painful part is that the concentration number was visible from day one. Nobody fixed it because it never felt urgent enough.
What Customer Concentration Actually Measures
Most founders think of concentration risk as a simple percentage: how much of our revenue comes from our biggest customer? That’s one input. The real calculation is more granular and the number buyers care about is different from the one founders track.
The standard metrics:
Herfindahl-Hirschman Index (HHI) adapted for revenue. Take each customer’s revenue as a percentage of total revenue, square each percentage, and sum them. A perfectly distributed revenue base with 100 equal customers scores 100. A single-customer business scores 10,000. Anything above 1,500 draws scrutiny in a typical PE deal.
Quintile concentration. How much revenue sits in the top 20% of customers by size? Healthy SaaS businesses often see 50-60% in the top quintile. When that number crosses 75%, DD teams start asking harder questions.
Revenue at risk. Not a percentage but a dollar figure. If your single largest customer terminates, what’s the direct revenue impact? What’s the downstream impact on referrals, case studies, and the sales process that uses them as a reference? The real exposure is usually 1.3-1.8x the direct revenue figure.
Churn-weighted concentration. Some DD teams weight each customer’s concentration by their estimated churn probability. A 30% customer on a month-to-month contract is a different risk profile than a 30% customer on a five-year deal with termination penalties.
Most companies track the first metric and ignore the rest. Sophisticated buyers look at all of them.
How Acquirers Price the Risk
There’s no universal formula but there are patterns. The adjustments start showing up in the model around the 20% threshold.
Below 20% for a single customer, most buyers treat concentration as a standard risk factor - mentioned in the CIM, discussed in diligence, not particularly penalizing in the price.
Between 20% and 35%, you’ll see EBITDA multiples discounted by 1-2 turns, depending on the customer relationship quality, contract terms, and how defensible the account is. Earnouts become more common.
Above 35% from a single customer, the deal structure changes materially. Buyers want contractual protection - representations and warranties about customer retention, earnouts tied to specific account renewals, sometimes escrow. Some buyers walk entirely because the risk is simply unmodelable.
The other variable is customer type. Public company customers with long procurement processes are stickier than private equity-owned customers mid-restructuring. A Fortune 500 logo at 30% concentration is different risk than a startup at 30% concentration.
What acquirers will never tell you: the concentration adjustment is partly a negotiating lever. If you don’t know how they’re calculating it, you can’t push back on the discount.
Why Founders Don’t Fix It
There’s a standard narrative about how concentration happens: you land a big customer early, they grow fast, and before you know it they’re 40% of revenue. You didn’t plan it. You couldn’t say no to their expansion.
That’s true as far as it goes. But there’s a more uncomfortable pattern.
Large customers are easier to serve than a large number of small customers. The support load is more predictable. The feedback loop is faster. The sales cycle for expansion is short. Founders who’ve built products optimised around one or two major accounts often resist true diversification because it means building different capabilities and tolerating lower short-term margins.
The other reason: fixing customer concentration takes 18-24 months. It requires a deliberate downmarket motion or expansion into adjacent segments, depending on where you’ve been concentrating. By the time an acquisition conversation starts, the window to fix it before deal close is usually already closed.
Some founders know their concentration number is a problem and keep finding reasons not to address it. The company is too busy growing. The concentrated customer keeps asking for things that consume the team. There’s always a more pressing priority.
The market is not sentimental about this when the LOI lands.
When Concentration Isn’t the Number You Think
Two situations where the standard analysis understates the risk:
Revenue with embedded dependencies. The customer represents 28% of ARR, but they also account for 60% of your technical support load and your two most senior engineers are dedicated to their custom integrations. When the revenue concentration analysis says 28%, the operational exposure is closer to 45%. This shows up in staff interviews during management diligence, not in the financial model.
Informal channel concentration. The customer directly represents 22% of ARR. But they also refer 35% of your new customers, serve as a reference on 60% of enterprise deals, and their CTO has spoken at two of your user conferences. If they churn or go quiet, the indirect revenue impact takes 12-18 months to materialise and is almost impossible to quantify in a deal model. Buyers who spot this connection adjust accordingly.
The other side: sometimes the reported concentration overstates the real risk. A 30% customer on a seven-year contract with substantial early termination fees and deeply embedded technical integrations is not the same kind of exposure as a 30% customer on a rolling monthly plan. Contract terms are part of the analysis, not a footnote.
The Diversification Playbook
If you’re 18-36 months from a potential liquidity event and your concentration number is a problem, here’s what actually moves the metric:
Segment the customer base before you diversify it. Most concentrated revenue companies have a distorted product-market fit. They’ve unconsciously built for their biggest customers. Before launching a diversification motion, map where your product is genuinely competitive outside that segment. Diversification into the wrong segment produces churn and makes the story worse.
Set a hard policy on single-customer concentration. Some founders use the rule that no single customer can represent more than 15% of ARR. When a customer approaches that threshold, pricing for new expansion becomes less aggressive and sales resources shift toward new logos. This is easier to implement before you’re in a transaction than after.
Restructure key account economics. If your 30% customer is getting below-market pricing because they were an early anchor, the time to fix that is not during a deal. Normalising their pricing over 18 months reduces both the concentration percentage and the risk that a new owner will inherit a legacy pricing relationship that makes no commercial sense.
Add customers to the story. Buyers want to see a trend line, not just a point-in-time number. If your five largest customers represented 70% of ARR two years ago and represent 58% today, with a clear trajectory toward further diversification, the risk looks different than a static 58% with no visible motion.
The companies that handle this well treat concentration as a metric the same way they treat NRR or CAC. Tracked quarterly, discussed in board meetings, with a stated target and a plan to get there, following the kind of disciplined governance the FCA expects of regulated firms managing concentration risk.
What Good Looks Like
The benchmark varies by business model and stage, but the following gives a working frame:
SaaS businesses targeting a clean exit or institutional funding: no single customer above 10-12% of ARR, top five customers collectively below 35-40%.
Professional services and consulting firms: more tolerance for concentration given higher-touch relationship models, but any single client above 25% requires explicit mitigants (long-term contract, embedded relationships across multiple stakeholders, documented succession planning for key contacts).
Enterprise software with long sales cycles: top three customers at 40% is common and tolerated if contracts are long, implementation switching costs are high, and the pipeline shows genuine diversification underway.
The businesses that get the cleanest exit processes are the ones where the revenue concentration analysis takes two minutes to run and the answer is boring. That boredom is worth a lot of turns on the EBITDA multiple.
The founder from the opening took the deal. The earnout paid out on one of the two accounts. The other churned in month nineteen - a board-level relationship change at the customer that nobody had tracked as a risk factor. He hit 80% of the earnout target.
He’s building his next company with a hard internal rule: no customer above 12% of ARR, ever. He had to learn that rule with someone else’s discount.