Arming against cyber-attack: The new threat to M&A
Mike Hinchliffe, Director at Merrill DataSite, recently featured in The Sunday Telegraph with an article on cyber-security
"Embarking on an M&A transaction has always been risk-prone for financial and operational reasons: will the two entities be a good fit; can integration be achieved; will anyone make money as a result of all the hard work?Over recent years, however, a new and serious threat to M&A has emerged, one that’s continually changing and becoming ever more sophisticated. That’s the threat of cyber-attack. How to manage it, along with cyber-security, is an issue concerning dealmakers and business leaders globally.
In terms of likely targets for information that can be misused, every individual, company, even entire governments are in the frame. Personal banking, company strategy and national secrets all have their value to different agents. Therefore cyber-security has become a universal issue, and one that inescapably impacts M&A.
During the due diligence phase of a transaction, companies need to let down their defences so effective fact-finding can take place. Buyers interested in an asset must be able to scrutinise each facet of the business for sale and that means disclosing information and making it available for review. However, this opening in the usual fortifications creates an intrinsic vulnerability for the sell-side organisation. That vulnerability needs to be managed to protect everything from strategic information to product roadmaps, from sales figures to personal contracts.
This means stringent measures have to be applied to protect data to minimise risks throughout this period of relative openness. In the early stages of due diligence, sell-side teams often need to redact sensitive documents to keep certain information from parties invited into the review process, let alone defending it from those who should be actively excluded.
As a provider of virtual data rooms for due diligence projects, Merrill DataSite is alive to the risks of cyber-attack and works to respond to market conditions, but more importantly it actively stays ahead of the issue. Over time, a number of multi-layer data security methodologies have been developed, leading to one of the most secure online repositories available. As an example, Merrill DataSite will not allow users to download any information (unless they are specifically enabled to do so) – rather, all documents are streamed as secure images through a proprietary viewer. Additionally, Merrill has recently completed a significant investment in a European data centre – this was in response to concerns from clients around the hosting of data in the United States.
The information entrusted to Merrill DataSite is encrypted in transmission (256-bit – the same standard employed for internet banking) and also “at rest” on the server to ensure it’s close to impossible to decrypt in the unlikely event of malicious physical intrusion to the data centre. In addition, during a deal, and even once a deal has closed, they offer reports that show who has looked at exactly what information in the virtual data room and when. This also acts as proof of disclosure should any disputes arise after the deal is done.
Undoubtedly, some of the dangers of cyber-attack are perceived as well as real. However, it’s a concern now and a trend set to continue for M&A, which means business leaders need every tool in their armoury to fight it."