Adequate preparation, due diligence and stable execution are necessary for smooth mergers and acquisitions. Failure to do so can result in a choppy path – with potential to hold back, delay and hurt any resulting M&A deal. Often overlooked in the M&A process, issues surrounding digital synchronization and cyber security can be major contributors for a bumpy transition. Here are some digital reasons why an M&A deal might go sour:
A lack of digital protection increases digital risk
Despite their devastating effects on almost every facet of business, even some of the biggest data breaches continue to go undetected throughout high profile M&A deals. In addition to their immediate damage to a deal’s value, an unnoticed data breach can literally poison another organization’s digital infrastructure upon integration. And the longer these breaches go unnoticed the more pronounced (and expensive) their effects.
Take the now-infamous Verizon/Yahoo! acquisition, for example. In 2017, Verizon acquired Yahoo! before realizing their new addition had suffered several breaches just a few years prior. Aside from nearly derailing the entire deal, the result saw a $350M reduction in purchase price, a $35M penalty dished to Yahoo! from the U.S. Securities and Exchange Commission (SEC) and a subsequent $80M paid out through lawsuits to disgruntled shareholders and customers.
But hunting for a history of data breaches is more than just Googling the name of a target organization and hoping nothing comes up. You must go deeper, and you must think outside of the box. In addition to looking for an actual breach, you need to consider potential for a breach and how a lack of comprehensive cyber security safeguards might put your data at risk during a tentative integration process.
For sensitive M&A communications, for example, you need to ensure any valuable information being exchanged, from trade secrets to internal agreement documents, is protected with adequate email encryption safeguards. To help insulate your organization from risk during the M&A process, Echoworx offers an encryption solution with six flexible delivery methods and additional security tools, like message recall.
Why take a chance with your most-valuable company data. Can you ensure that any sensitive email sent, for a wide range of reasons, never goes to a recipient unencrypted?
Legacy technology slows M&A deals
Unanticipated delays brought by poor synchronization with legacy digital equipment during an M&A affects your bottom line, your customer experience and exposes your system to vulnerabilities. Before signing the dotted line in your M&A deal, consult your IT department to anticipate any possible digital snags. This ensures when it’s time to integrate, there won’t be any major digital holdups or service interruptions for your customers.
If you do find outdated technology, or incompatible technology, third-party cloud-service providers can help bridge the gap. You might, for example, be a bank with customers in Denmark, where encryption is mandatory under the General Data Protection Regulation (GDPR) to conduct business. You cannot take a chance on a target organization with a legacy on-premises encryption platform. But what if you lack the time or resources to upgrade and upload their email infrastructure to your cloud?
OneWorld encryption platform easily migrates any legacy message encryption process to the cloud. As a Software-as-a-Service (SaaS) provider, our dedicated team of encryption professionals do all the heavy lifting – so you don’t have to. A problem which might have taken your IT department time, money and resources to solve is literally done at the click of a button.
Here’s how it works:
Non-compliance is closing business doors
You might know the rules of your market and you know the potential value of acquiring or merging with a target organization. But how much do you know about their industry? Are they prepared for and working within the rules of the laws and regulations which affect their industry or geographical area? Or, alternatively, if they do not protect data in their jurisdiction, do you really want to risk trade secrets being intercepted?
In the United States, for example, you might be looking to expand your bank across the country by acquiring established financial hubs in each of your target states. But is your target organization in California prepared for the recent California Consumer Privacy Act (CCPA), which came into effect January 1, 2020?
To keep data safe and compliant in transit under various rules, privacy laws and regulations, you need a flexible encryption solution which can quickly to any regulatory environment. Even if there are no rules, or your target cannot support encryption, there are delivery options to accommodate.
Human error is an M&A liability
From unintentional attacks by inadvertent threat actors to deliberate internal sabotage, human error continues to play a part in 95 per cent of all security incidents, according to research by IBM. And users of webmail services continue to be primary culprits contributing to this problem – sometimes without even realizing it. But human error is hard to anticipate, near impossible to fix and can happen to anyone.
Take the United States Marine Corps, for example. In 2018, this elite military organization, with all its defenses and vigilant staff, still managed to leak the information of about 21,500 marines, sailors and staff by inadvertently sending a non-encrypted email to an incorrect distribution list. You might dismiss this digital slip as a fluke, but, according to the Information Commissioner’s Office (ICO), an independent UK privacy watchdog, incidents of incorrect address information are actually quite common, accounting for 12 per cent of reported data security incidents alone in Q4 of the 2018/2019 year.
For an M&A process, where hundreds of back-and-forth emails between multiple parties and stakeholders contain sensitive information, from trade secrets to insider deal information, nothing can be left to chance. Since a single slip-up can mean the difference between a deal-signing handshake and a trip back to the negotiation table, organizations need to insulate themselves from human error.
A simple way to rectify human error for sensitive communications is to encrypt them – with secure vetted methods ensuring only intended recipients can view data or a message. But any encryption solution also needs to be flexible enough for day-to-day use. With our OneWorld encryption platform, for example, encryption can be made to fit any business case, from simple ‘Encrypt’ buttons to automatic encryption for certain message, recipient or attachment types.
By Jacob Ginsberg, Senior Director Market Intelligence, Echoworx