Shifts in the acquisition market

For the last four years, the mergers and acquisition market has been volatile. A combination of low interest rates and low inflation in 2021 led to an explosion in deal volume, which was followed by a sharp decline due to inflation and rising interest rates. 

Analysts are predicting a rebound in deal volume due to a stabilization of inflation and interest rates, as well as pent up demand from the sharp decline in 2023. But while deal volume is predicted to increase, analysts believe the types of deals occurring are expected to shift given the current environment.

1. A higher volume of smaller deals

Difficulty financing and increasing regulatory scrutiny have caused the decline in deal volume to be steeper among larger deals. Analysts expect this trend to translate into any recovery in M & A volume – with smaller deals recovering faster than larger deals.

2. Deals motivated by intellectual property and technology

Given the rise of AI technologies and uncertainty in economic growth, companies are looking for acquisitions that will help them adopt and integrate new technologies into their portfolio and unlock new market opportunities. This trend means the value of acquisition opportunities will be heavily tied to the IP, data, and talent in a company - rather than a company’s existing brand and market presence.

3. Deals targeting distressed companies

With the higher levels of economic uncertainty, many companies are struggling to adjust and are looking to exit via acquisition. These companies may already be experiencing high levels of customer and employee turnover, but may still have intellectual property or other assets worth acquiring.

Implications and recommendations for information security

1. Understand the business strategy of acquisitions

Engaging with business leaders early and often on acquisition strategy can provide valuable insights and foster a collaborative approach to securing the deal. To effectively partner with the business on an acquisition, information security teams must comprehend the underlying business motivations driving the acquisition – whether it’s expanding market share, acquiring new technology, entering new markets, etc. This understanding will help security teams tailor security measures that align with the strategic goals of the merger or acquisition, and also aids in identifying any specific risks to the acquisition’s objectives. By partnering closely, strategies for securing an acquisition can be better developed and tailored.

2. Make data security part of pre-deal due diligence

While cybersecurity is part of most IT due diligence approaches, putting extra emphasis on data security can ensure your company isn’t walking in blind and misevaluating the target company. Especially if an acquisition is motivated by intellectual property or targeting a distressed company, understanding how critical data is secured and whether competitors or departing employees may have exfiltrated sensitive data can help your team avoid a bad deal, negotiate better terms, and avoid unexpected post-acquisition costs.

3. Develop a Day 1 playbook for information protection, separate from regulatory and integration considerations

Most day 1 acquisition playbooks for IT and IT security focus on regulatory compliance and beginning the process of integration and consolidation. But, if the value of a deal hinges on valuable intellectual property or other proprietary data, securing this information needs to be a day 1 consideration to ensure that the investment your enterprise is making is properly protected.

The moment an acquisition is announced, employees with access to valuable data may start squirreling valuable information away to jump start the next step in their career. Acting quickly to protect this data is paramount to protecting the value of your acquisition.‍

4. Invest in data security solutions that are easy to deploy and get value from

Many data security solutions are cumbersome to deploy and require extensive tuning to begin getting value. This makes it difficult to deploy quickly in the aftermath of an acquisition. If your company regularly performs company acquisitions, be sure to evaluate how quickly you can deploy security measures and begin controlling data movement, so that you can begin securing data at the new company as quickly as possible.

If your company has acquisitions on the horizon, and you're thinking about how to secure valuable data be sure to check out Cyberhaven Data Detection and Response to learn more about how we help our customers protect their data from insider risks.

‍

‍