February 26, 2020
Top 5 Cyber M&A Risks
By Aon plc
Fact: no deal has ever been made worse by performing cyber due diligence, a process that reveals a spectrum of cyber-related strategic deal issues, hidden costs and operational risks before investing in a business, according to Ian McCaw, Head of Cyber M&A for Aon’s M&A and Transaction Solutions team in EMEA. Cyber due diligence provides new insights to detect “bad eggs”, reducing risk to investor capital, whilst offering deal teams a competitive edge to enhance returns.
Today, every business has a cyber story that businesses should be aware of early in the deal lifecycle; McCaw has seen compromised customer data for established online brands, single points-of-failure in major digital ecosystems, multi-million dollar cyber investment required for industrial firms and a plethora of critical vulnerabilities. No business is immune.
Consider these numbers, says McCaw: less than 10% of deals globally contain cyber security diligence today. For some deal teams, cyber is not considered material enough to look at ‘pre-deal’ and that all this ‘technical stuff’ is best to look at post-deal. Some, mistakenly, believe IT due diligence covers cyber due diligence, when it does not. More worryingly, cautions McCaw, deal teams can become blinkered – already emotionally bought into the target business and preferring not to know.
Executing deals without cyber due diligence can put unnecessary risk on investment capital and future returns. Many investors and fund managers are increasingly unaware of the specific cyber M&A risks and how these impact a broad range of business operating models, not just the high-tech and dataheavy.
Below are McCaw’s top 5 cyber M&A risks:
1. General Population Risks – Global cost of cyber security is estimated at $600bn in 2017 and predicted to grow to $5.2 trillion in 5 years according to Accenture research. By the time you read this article 25,000 data records will have been breached and 1,000 new malware variants produced. Your existing portfolio and new investments live inside this cybercrime ecosystem and with increasingly punitive data regulations, such as 4% global turnover fines, executing deals without Cyber due diligence is taking unnecessary risks with investor capital.
2. Deal Execution Risks – buyers or sellers can further expose themselves to known and unknown cyber risks when executing deal terms. Appropriate use of warranties and indemnities can, for example, transfer the risk of cyber incidents, data regulatory non-compliance, system downtime and customer claimants. Specific pre-closing conditions and covenants can be used to mitigate critical cyber risks before capital is released.
3. Value Creation Risks – digital systems, ecosystems, smart technology, artificial intelligence & robotics offer exciting possibilities to create business value. But digital solutions expand the cyber-attack surface and inherently contain nebulous boundaries with multiple third-party providers. Executives need to change their thinking; digital operating models that are not adequately secured bring increased potential for business value to be destroyed in equal or greater amounts than the value created.
4. Carve-Out & Integration Risks – as many businesses have discovered at great cost, M&A activities are the perfect incubator for lethal cyber-attacks. Their downfall is often the result of partially integrated businesses in a complex patchwork of systems containing security blind-spots and vulnerabilities. A hacker may be dormant for years only to re-awaken in a newly integrated parent business. Executives need to be highly risk-averse and assume the other-side has already been compromised, then set out the carve-out or integration strategy with a clear target operating model. Protecting core business value comes first.
5. Future Cyber DD Risks – according to Coller Capital research, 55% of Limited Partners expect cyber due diligence to be performed ‘pre-deal’. Certainly, there is a trend where new deals have more cyber analysis than existing holdings. Deals executed in the pre-2018 vintage are very likely to have their first cyber diligence activity in the next few years, which may lead to cyber value erosion or showstoppers. A business “digital footprint” is easily visible for a period of 12-24 months, therefore investors and deal teams should get ahead now by taking a buy-side cyber lens on their existing portfolio. Building a robust and evidenced cyber story enhances the case for a strong exit valuation.
So, what do executives and deal teams need to do to create a competitive advantage? Cyber diligence brings a significant ROI, saving deal costs and enhancing returns. The key is addressing and managing cyber risk as a balance sheet liability:
1. Engage early in the transaction – build a view of cyber risks and costs from the deal outset
2. Quantify the liability – understanding your deal-specific financial exposure is critical
3. Factor into negotiation – seek to offset risk through deal terms and valuation
4. Mitigate the liability – remediate critical cyber activities pre-closing or during first 100 days
5. Transfer the liability – place latent liability into the insurance market such as warranty & indemnity or specific cyber insurance
As one senior private equity professional said to us recently: “today, every deal is a technology deal”. Executives that can think about cyber in capital terms will be ready for the next stage of the journey.
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Its 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
Aon’s M&A and Transaction Solutions team comprises a global team of experienced professionals, drawn from the insurance, legal, financial and investment banking industries, which focuses on helping clients secure investments and enhance returns in M&A transactions through the deal lifecycle, from entry to exit.
Supported by a unique breadth of experience, the Aon M&A team advises clients across key value areas, ranging from risk/insurance and human capital (pensions, benefits, health, talent) to cyber/data security and intellectual property, leveraging its industry expertise and insurance market insights. Aon’s advisory capabilities are complemented by the firm’s position as one of the leading brokers of transaction solutions, advising and arranging warranty & indemnity, tax and litigation/contingent insurance, as well as innovative credit/surety solutions, in M&A.
In 2019, Aon launched its C-Suite Series, in collaboration with The Financial Times, publishing thought-leadership reports on M&A (Leaving nothing on the table: unlocking off-radar value) and Cyber (Prepare for the expected: safeguarding value in the era of cyber risk) https://www.aon.com/emea/c-suite/mergers-andacquisitions/default.aspx?utm_source=Aon&utm_medium=PR&utm_campaign=CSuite%20Series%20&utm_term=MandA
“We were delighted with the services that Bluebox offered us. Bluebox’s attention to detail through their Diamond Programme ensured that we were well prepared for when the business was taken to market and that the sale process itself was managed expertly.
We challenged Bluebox with finding the right strategic buyer and thereafter negotiating a deal that met our requirements. In helping initially to identify and to secure the deal with Mountville Mills they accomplished just that. Communication throughout was excellent and professional, managing each stage of the process. I would have no hesitation in recommending Bluebox to any corporate shareholder or private business owner looking to divest their business.”
Richard Millward, Former Client
“We were delighted with the services that Bluebox offered us. Bluebox were challenged with finding us the right strategic investor and, thereafter, negotiating a deal that met our complex requirements. In identifying and securing the deal with LGC they have done exactly that. The process itself was efficient and smooth, largely due to the excellent communication from the Bluebox team, who also demonstrated excellent experience at managing a very engaging auction process. I would be delighted to recommend Bluebox to any corporate shareholder or private business owner looking to divest a business.”
Helen Dickinson, Former Client
It has been a real privilege working with the team at Bluebox over this last year or so. Bluebox’s attention to detail ensured that we were well prepared for when the business was taken to market and the sale process itself was managed expertly. Starting the process, I had no idea exactly what this would entail and the volume of work that has been produced by everyone and the result reached today is nothing short of brilliant.
Hugh Morris, Former Client
We are delighted with the services that Bluebox was able to offer. They showed an intimate knowledge of a deal cycle, managed a tight auction process and were highly communicative from the start. I would happily recommend Paul and his team to business owners contemplating a sale of their business in the next 24 months. Experience is key and this has paid off for us.
Laurence Seward, Former Client
Aligning ourselves early with Bluebox, and entrusting the team to guide us through their process proved to be a highly rewarding investment from all viewpoints. Bluebox’s support significantly enhanced both the value of our business and its ‘saleability’. I would highly recommend Bluebox to business owners contemplating an exit in the next two years. The earlier the engagement the better so far as I am concerned.
Mike Minett, Former Client
We began working with Bluebox in early 2015 through their Blue Diamond Programme, as we were contemplating an exit. We found that the process focussed our minds on the key areas of growth in the business, and prepared us well for the inevitable rigours of due diligence. During the sale process itself, the advice offered by the Bluebox team was invaluable. We found them to be helpful, straightforward and honest.
David Stokes, Former Client
When selecting our adviser, it was extremely important that they had access to international buyers and were experienced in cross-border M&A. The team at Bluebox proved to be invaluable by identifying a strategic acquirer from America who was not known to us and by negotiating an excellent deal for all parties. I was also impressed with the process management from Bluebox, which ensured that the deal was closed in a timely fashion.
Jeff Weinstein, Former Client
When I first engaged with Bluebox, I was hesitant as to the benefits of using an advisor to firstly, find a buyer for my business and secondly, to get a deal over the line. However, now that the deal has completed with KPM, I can honestly say that the finer negotiation points handled by Bluebox and their overall management of this process has been nothing short of first class. I would be delighted to recommend Bluebox’s services to any entrepreneur contemplating the sale of their business.
Bill Ballard, Former Client
Bluebox worked closely with us over the following six months and helped us to implement some key initiatives which made InferMed a more attractive acquisition target. Once we decided to sell the business, the Bluebox team were very diligent in ensuring that no stone was left unturned. They negotiated expertly on our behalf to ensure we got the best deal possible.
Alan Montgomery, Former Client
The pre-sale planning programme that we signed up for with Bluebox made us develop our strategies and focus on the bigger picture. It proved to be a very rewarding investment from all viewpoints and significantly enhanced both the value of our business and its ‘saleability’. I would highly recommend Bluebox to business owners contemplating an exit in the next two years.
Nigel Parsons, Former Client
I have experienced first hand the value that can be created through highly structured pre-sale planning. It amazes me that it is not something that everyone does. It is so disappointing to see around 90% of transactions collapse before they complete and pre-sale planning will not only enhance your price, but also significantly enhance your chance of a closed deal.
James Caan, Investor
We worked incredibly closely with our advisers who provided expert knowledge of the sale process with which we were not familiar. We were truly delighted with the results.
Marten Nielson, Former Client
We appointed advisers to manage the sales process after we had received a number of unsolicited approaches for the business. I was incredibly impressed by the immense value that could be created by expertly negotiating with a group of already interested parties.
Paul Duckworth, Former Client
I was delighted with the service that the team offered and their real attention to detail. The deal was not without its complexities and it was reassuring to have such experienced advisers assisting me throughout the negotiations.
Peter Bennett, Former Client
Truly delighted with the way my sale process was managed. The fact that the team I worked with achieved such a great multiple is testament to their experience and their ability to create some true competitive tension.
James Averdieck, Gü, Former Client
The team at Bluebox provided invaluable support in negotiating this complex transaction. Their access to international purchasers, and exceptional knowledge of cross border M&A ensured that the deal was concluded efficiently, achieving a highly successful outcome for us all.
Jon Parslow, Former Client
“We selected Bluebox after a fairly long round of evaluating potential advisors because of their scientific, yet challenging approach to maximising value. During our initial meetings they showed us how far short of “ready” we were and consequently we completed more preparation in the early stages which meant we were equipped for what was to come. We were delighted with our choice of Corporate Finance partner. I do not hesitate in recommending Bluebox for any SME to consider.”
Simon English, Former Client
Bluebox provided invaluable advice in managing the negotiations with incoming investors. Their skills in handling these discussions were evident from the outset and the vital interface that they provided between the incumbent team and the incoming investors was truly beneficial.
Henry Braham, Former Client
Bluebox have a professional, dynamic and experienced team that is greatly assisting me with my focus on my exit within the next 24 months. Their structured approach is very refreshing and their ‘Blue Diamond’ programme is adding immense value.
Matt Evans, Former Client
The team at Bluebox provided me with a seamless service from the start of the engagement until our deal was completed. Attention to detail was commendable and their understanding of corporate M&A very impressive. I could not recommend them highly enough.
Victor Lewis, Former client
Having tried to sell my business previously – and failed – I was only too aware of the importance of pre-sale planning. This is a talented team offering a service that most people find out about, but too late.
Simon Hulme, Former Client
Bluebox are a quality outfit. Their access to International acquirers and relationships with the highest quality domestic investors was impressive. My shareholders and I received excellent service from start to finish and it was refreshing to be dealing with a senior team throughout the sale exercise.
Michael Clapper, Former Client
I cannot recommend the team at Bluebox highly enough. Their expert guidance throughout the entire sale exercise resulted in my shareholders securing an excellent deal with which the entire team was delighted.
Mark Rodol, Former Client
I’m really pleased with the service Bluebox provided. The team demonstrated excellent knowledge of the process to follow and led negotiations for the hospital in a way that allowed us to ensure we received appropriate value whilst focusing on reputational risk. Communication and service were of a very high standard.
Steven Davies, Former Client
With Bluebox’s expert advice we were able to find the right buyer that will benefit our business strategically. We’re delighted with the outcome and look forward to starting our new chapter
Clive Hillier, Former Client
The advice offered by the Bluebox team throughout the process was invaluable to the shareholders. We strongly believe that participating in Bluebox’s pre-sale planning programme was a significant driver behind the success of the deal. Their project management and negotiation skills throughout the sale process itself resulted in an exceptional deal being delivered to all parties involved.
Harpal Singh, Former Client