Mergers and Acquisitions: How Do You Protect Your Investment? Part 2

Following on from last week’s article where we discussed the topic of Mergers and Acquisitions (M&As), retaining IP, key developer knowledge and how Software Escrow can help with the M&A process (Find the article here), we began thinking about the Cyber Security risks involved with these transactions. This is an important topic to cover, especially in the current climate with attacks and breaches making the headlines on a regular basis. 

As we discussed last week, M&As are a key business strategy for many organisations looking to: - expand into new markets, increase market share and streamline their businesses. However, there are numerous Cyber Security risks to consider, many of which may not have even been identified when the M&A process began. 

Cyber attacks can happen to organisations at any time and no organisation is invulnerable. However, when a breach or attack occurs during a merger or acquisition this can complicate the process significantly. 

A prime example of this is the recent acquisition of Yahoo inc. by Verizon. In September 2016 Yahoo announced that a recent investigation by the company had confirmed that copies of certain user account information was stolen from Yahoo’s network in late 2014. Based on the findings of the investigation, it was estimated that information relating to at least 500m accounts was stolen. The acquisition was eventually completed in June 2017, although Verizon paid $350m less than their initial offer and it is estimated that it will cost Verizon a further $500m to clean up the mess left by Yahoo’s breach. 

The threat of data breaches are not the only Cyber Security issues companies face when it comes to M&As, other concerns include: 

• What are the security postures of both organisations involved in the transaction? 
• What are the security risks of employees who will lose their jobs because of the transaction? 
• How secure is the development process of the target company?

According to a study by West Monroe Partners’ M&A Practice, Cyber Security is a major concern for investors. Key findings of the report included: 

• More than half of respondents (52%) report discovering a cyber security problem after a deal closed.
• Cyber security was the number two reason software M&A deals were abandoned, and the second most-common reason buyers regretted a deal. 
• Respondents said the top three reasons that deals fail are cyber security concerns (23%), financial and tax issues (23%), and problems with compliance (18%).
• The most anxiety appears to come after the deal is done, the study said. Two in five respondents said problems during post-merger integration (41%) is their main worry when thinking about issues related to cyber security.

To help your organisation address the risks posed by M&As, SES can offer a complete range of services designed to support you throughout the M&A process. 

In preparation for a potential M&A: SES can help you perform your due diligence and draw on our expertise to effectively scope the security posture of the organisation which you are looking to merge with or acquire.

During the M&A Process: SES’s consultants can help you identify any vulnerabilities that could put both organisations at risk of a breach in order to remediate these weaknesses prior to the transaction being completed. 

After the transaction has been completed: Our qualified consultants can help align both organisations security postures and make recommendations on strategies to further secure the development process of the target organisation.

If your organisation is considering merging with or acquiring another business and you are interested in finding out more about the security risks involved and how these can be remediated, please get in touch and one of our specialists will get back to you within one business day. 

© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.