Back to news


Completing a fully cyber-secure M&A transaction

Cybersécurité fusion acquisition

There are many areas that need to be secured during an M&A transaction. One that is sometimes overlooked is cybersecurity. Experts from AURIS Finance, a consultancy specialising in mergers and acquisitions, explain how to secure intangible assets when buying or selling a company.

Today, no business is immune to digitalisation. Regardless of their sector or number of employees, all organisations use a range of virtual tools. Of course, some are much further ahead than others. However, they all face the challenge of managing their IT assets, management software, and securing customer data. Companies can fall victim to cyber-attacks at any time, with multiple consequences: the risk of a sudden halt in the production chain and the risk to reputation. This threat is heightened when two companies merge, as the new entity becomes particularly vulnerable. It is therefore essential to ensure that the target company has the right level of security at the time of acquisition and throughout the integration process.

The importance of a cyber security audit

The due diligence phase of an M&A transaction is crucial: It allows an assessment of all the target’s assets taken into account in its valuation. While tangible assets are often well understood (inventory, real estate, equipment, etc.), cyber assets are sometimes neglected. In order to carry out a complete audit, a number of approaches need to be taken, the first of which is to make an inventory of existing tools designed to counter any cyber threat. An interview with one or more of the target company’s key personnel (CIOs, IT technicians, etc.) will enable the buyer to assess the level of risk to which the company may be exposed. Drawing up a risk map, including the likelihood of each threat occurring, can also be an important working document. These various stages will enable the buyer to estimate both the cost and the effort required to improve the target’s security. Oversight must continue after the target has been acquired, with the appointment of a person responsible for IT integration.

A real risk for the seller

The perception of cyber risk is changing. A recent survey by business law firm Freshfields Bruckhaus Deringer found that 90% of respondents believe that a proven cyber-attack could lead to a reduction in the acquisition price. In addition, 83% of respondents believe that a cyber-attack during the due diligence phase could lead to a deal being abandoned. These figures highlight the growing importance of cyber issues in M&A transactions. With this in mind, any company considering a sale must pay close attention to cyber security and customer data management.

Get the support you need

The M&A market remains dynamic. Despite a global slowdown in the first half of 2022, there are still a large number of companies and investment funds looking to acquire additional companies. This is particularly the case in the IT sector, as our expert Carlos Bedran explains. For these companies, whose core business is IT, cybersecurity is a fundamental aspect. AURIS Finance’s sector-focused teams will assist you throughout your acquisition or sale process. Experienced in cyber issues, AURIS Finance experts will conduct a security audit of the target company. They will also be able to advise you on priority issues that need to be considered during a sale.

Contact us

#AURIS Finance #Technology, Media & Telecommunications