Top 5 Cyber Threats To Mergers and Acquisitions
How can executives and deal teams execute deals with cyber due diligence and create a competitive advantage?
Key Takeaways
-
With digital so central to how businesses operate and drive revenue today, digital assets and capabilities are under even greater scrutiny during M&A today.
-
As organizations navigate rapid digital evolution, deals can implode over cyber security risks.
-
Cyber diligence can uncover potential additional costs, liabilities, and operational risks, bringing significant ROI, saving deal costs, and enhancing returns.
Global mergers and acquisitions (M&A) activity continues to accelerate at a rapid rate1 in both private and public markets as the world recovers from the lows of the pandemic while analysts predict that the 2023 M&A market could represent a return to healthy volumes2.
This accelerated M&A activity is also being characterized by complexity, with transactions including features that would have been unfamiliar to dealmakers just a few years ago, such as the prominence of ESG considerations, ferment in public markets, and digital technology becoming more central to most business models3.
The rising influence of these factors on M&A demands new ways of thinking about value creation and risk. “For instance, with digital so undoubtedly central to how businesses operate and drive revenue today, digital assets and capabilities will be under even greater scrutiny,” says Alistair Lester, Aon’s global co-CEO for M&A and Transaction Solutions. “Buyers are now looking closely at how an acquisition target runs its IT and other processes.”
“We can expect more scrutiny and critical challenges around deals going forward,” he adds.
Top Five Cyber Risks that can Potentially Threaten M&A Deals
- Investor Risks: Cyber crime is seeing increasingly punitive data regulations, such as fines amounting to 4 percent of a company’s global turnover in Europe, up to 10 percent annual turnover in Singapore and a maximum penalty of 20 years in federal prison in the US. With business’ existing portfolios and new investments living inside such a cyber crime ecosystem, executing deals without cyber due diligence means taking unnecessary risks with investor capital.
- Deal Execution Risks: Buyers or sellers can further expose themselves to known and unknown cyber risks when executing deal terms. Appropriate use of warranties and indemnities can help transfer the risk of cyber incidents, data regulatory non-compliance, system downtime and customer claimants. Specific pre-closing conditions and covenants can be used to better mitigate critical cyber risks before capital is released.
- Value Creation Risks: Digital solutions such as smart technology, artificial intelligence, and robotics offer exciting possibilities to create business value, but also expand the cyber-attack surface. These solutions inherently contain unclear boundaries with multiple third-party providers. Digital operating models that are not adequately secured bring increased potential for business value to be destroyed in equal or greater amounts than the value created.
- Carve-Out and Integration Risks: M&A activities can be the perfect incubator for lethal cyber-attacks. A hacker may be dormant for years only to awaken in a newly integrated parent business. In fact, it can take over 200 days to detect a breach(4). Executives should be highly risk-averse and assume that the other side has already been compromised, then set out the carve-out or integration strategy to help protect core business value.
- Future Cyber Due Diligence Risks: A business’ digital footprint is easily visible for a period of 12-24 months(5). Therefore, investors and deal teams can get ahead by applying a buy-side cyber lens to their existing portfolio. Building a robust and evidenced cyber story as part of the pre-deal due diligence process will help to enhance the case for a strong exit valuation.
Deals can Implode over Cyber Security
“You do not only acquire a company, but also its cyber security risks,” says Ian McCaw, Aon’s head of Digital, M&A and Transaction Solutions. “Today, every business has a cyber story that you should know early in the deal lifecycle,” McCaw explains. “We have seen compromised customer data for established online brands, single points-of-failure in major digital ecosystems, multi-million-dollar cyber investments required for industrial firms and a plethora of critical vulnerabilities.”
Yet, Aon research and analysis has found that as organizations navigate rapid digital evolution, only 17 percent have adequate security measures in place. Also, while 42 percent of respondents said that failure to identify cyber security and technology risks in M&A targets could prevent a deal from taking place, only a quarter cited cyber security as an important focus area for due diligence. This could be a result of insufficient knowledge and expertise in the workforce to identify and highlight potential cyber security issues.
For some deal teams, cyber is not considered material enough to look at during pre-deal, being pushed to post-deal analysis at best. Some mistakenly believe IT due diligence covers cyber due diligence. More worryingly, deal teams can become blinkered, having already emotionally bought into the target business and preferring not to know.
“No deal has ever been made worse by performing cyber due diligence; a process that reveals a spectrum of cyber-related strategic deal issues, hidden costs, and operational risks before finalizing an investment in a business,” says Adam Peckman, Aon’s head of Cyber Solutions for APAC. “Cyber due diligence provides new insights to detect ‘bad eggs’, thereby helping to reduce risk to investor capital, whilst offering deal teams a competitive edge to enhance returns.”
How can Executives and Deal Teams Create a CompetitiveAdvantage?
So, how can executives and deal teams solve the cyber puzzle? “The key is to address and manage cyber risk as a balance sheet liability from an early stage of a transaction,” Peckman advises. “Cyber diligence can uncover potential additional costs, liabilities, and operational risks, bringing significant ROI, saving deal costs and enhancing returns.”
- Start early in the deal
Build a view of cyber risks and costs from the deal outset - Quantify the financial exposure
Understand your deal-specific financial exposure is critical - Factor into the cost model
Seek to offset risk through deal terms and valuation - Mitigate where possible
Remediate critical cyber activities pre-closing or during first 100 days - Transfer residual risk
Place latent liability into the insurance market such as Warranty & Indemnity or specific cyber insurance
While value creation opportunities in M&A transactions are abundant, so are the risks of leaving value on the table or worse, if litigation follows. Dealmakers are listening and increasingly considering investing more in due diligence when considering a transaction. However, this process could lead to delays, and ones that last more than four months can cost parties an average of 16 percent of deal value.6
“Today every deal is a technology deal,” says McCaw. “Executives that can think about cyber risk in capital terms at the get-go will be ready for the next stage of the journey, avoiding delays in deal completion and unnecessary risk on investment capital and future returns.”
1 C-Suite Series: M&A report – Better decisions for deal value
2 Bloomberg Law: 2023 M&A Market May Reveal a Return to Pre-2021 Levels
3 C-Suite Series: M&A report – Better decisions for deal value
4 Cost of a Data Breach Report 2022 | IBM
5 The Cyber Loop: Managing cyber risk requires a circular strategy
6 TMF Group: Cross-border carve-outs 2020 – Why one third fail and how to get them right
Disclaimer
This material has been prepared for informational purposes only and should not be relied upon for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 8 mins
U.S. Rail Sectors Work to Mitigate Capacity and Pricing Risk Issues
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
-
Article 11 mins
D&O Risks and Considerations for Businesses Planning an IPO
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
-
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.