Cyber Due Diligence Protects Deal Value in the Technology, Media and Communications Industry

Cyber Due Diligence Protects Deal Value in the Technology, Media and Communications Industry
December 5, 2023 5 mins

Cyber Due Diligence Protects Deal Value in the Technology, Media and Communications Industry

Cyber Due Diligence Protects Deal Value in the Technology, Media and Communications Industry

Ensuring future operational resilience of an acquired TMC business during an M&A starts with getting cyber due diligence right.

Key Takeaways
  1. Sixty-eight percent of dealmakers expect the TMC sector to generate the highest levels of deal activity over the next 12 months.
  2. For every potential M&A target in the TMC sector, it’s important to establish a minimum cyber security baseline.
  3. Accurate quantification of M&A cyber risk is part of deal negotiations, and provisions should be considered after the transaction is closed.

For technology, media and communications (TMC) businesses looking for growth and innovation, mergers and acquisitions (M&A) offer the chance to buy a business to transform existing services, offer new products, or access new markets and geographies. Given the potential for value generation, it’s no surprise that in recent years, the TMC sector has been perceived as one of the most active when it comes to M&A — and 2023 is no different. 

Despite a decline in overall deal volume across all sectors for the first half of 2023, Aon’s 1H 2023 Risk in Review reports that more than two-thirds of dealmakers (68 percent) expect the TMC sector to generate the highest levels of deal activity over the next 12 months — well ahead of industrial and chemicals (36 percent). Deal optimism reflects the ongoing role the TMC sector plays, given the development of technology and the role many TMC businesses are playing in helping other industries digitally transform their organizations. 

However, a successful M&A strategy depends on the quality of due diligence performed across all potential risks, including financial, legal, human capital and intellectual property. Cyber risk is also mounting and should be front and center in every due diligence approach. Given the growing threat of cyber risk to operational resilience and, as a consequence, business deal value, the application of a three-phase strategy to assess, quantify and manage the risk is critical. 

Study the Cyber Risk Landscape

From an assessment and quantification perspective, TMC companies should start by looking at the wider cyber risk landscape. For example, it’s critical for a large telecommunications business to determine what “out of support” infrastructure there is within the organization. Many of these companies have grown significantly over the years. They may even be operating an enterprise infrastructure that is out of date. Potential buyers will need to know what those target firms have in their estate and what mitigation is in place to ensure “out of support” assets are isolated and protected from cyber-attacks. 

From a technology angle, it’s important to look at what has been developed in-house and if it aligns with the investment hypothesis of the investor. If a business is looking to acquire a company, what are they buying it for? Is it for market presence in a certain geography, or is it about adding capability to what they are already offering to their customers? If it’s more about market expansion, from a risk perspective, it’s important to make sure that the acquired entity will support the business case. Is it scalable, extendable and maintainable? Or is it built in traditional architecture patterns that might not support scalability, requiring extensive refactoring of architecture and infrastructure? 

Quote icon

Always align the risk methodology to what investors want to achieve. Answer key questions, such as: if just one person built the product, what happens if that individual leaves?

Zamani Ngidi
Technology, Media and Communications Industry Co-Leader, EMEA

Establish a Minimum Cyber Security Baseline

For every potential M&A target in the TMC sector, it’s necessary to establish a minimum cyber security baseline. Every single company, regardless of size, sector or geography, is expected to have a foundation level of cyber controls to operate in a secure manner. This involves speaking with management to find out current capabilities, as well as carrying out analysis using open-source intelligence, including the dark web. Red flags that could derail transactions include hacker chatter in forums related to a potential compromise within the target company, or if the customer database is for sale. 

Quote icon

There are some risks that would fall under minimum security controls that should be prioritized over other strategic initiatives, which can be addressed post close.

Vijay Natarajan
Director, Digital M&A, United Kingdom

It is necessary to assess and quantify these risks in terms of how much effort and cost it will take to fix them. Organizations should provide a roadmap for the acquiring company to achieve quick wins in the first three months, as well as strategic initiatives that will align with the overall investment hypothesis. 
Accurate quantification of the risk also becomes part of negotiation given the provisions that will need to be put in place to address any cyber risk shortcoming, and what reduction in deal cost will be needed to pay for those provisions. 

Effective Cyber Due Diligence Equals Greater Operational Resilience

It’s uncommon for companies to halt an acquisition because the target entity has experienced a cyber risk in a sub-division somewhere. However, investors and corporates need to understand the critical red flags that will require action. If there are no hidden dangers, companies should still be aware of where the target business is in terms of its cyber maturity. Determining what investment is needed to get the company to where it needs to be from a cyber security perspective is key to achieving short- and long-term operational resilience. 

General Disclaimer

This document is not intended to address any specific situation or to provide legal, regulatory, financial, or other advice. While care has been taken in the production of this document, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the document or any part of it and can accept no liability for any loss incurred in any way by any person who may rely on it. Any recipient shall be responsible for the use to which it puts this document. This document has been compiled using information available to us up to its date of publication and is subject to any qualifications made in the document.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

Aon's Better Being Podcast

Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.

Aon Insights Series UK

Expert Views on Today's Risk Capital and Human Capital Issues

Construction and Infrastructure

The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.

Cyber Labs

Stay in the loop on today's most pressing cyber security matters.

Cyber Resilience

Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.

Employee Wellbeing

Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.

Environmental, Social and Governance Insights

Explore Aon's latest environmental social and governance (ESG) insights.

Q4 2023 Global Insurance Market Insights

Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.

Regional Results

How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.

Human Capital Analytics

Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.

Insights for HR

Explore our hand-picked insights for human resources professionals.

Workforce

Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.

Mergers and Acquisitions

Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.

Navigating Volatility

How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?

Parametric Insurance

Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.

Pay Transparency and Equity

Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.

Property Risk Management

Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.

Technology

Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.

Top 10 Global Risks

Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.

Trade

Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.

Weather

With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.

Workforce Resilience

Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.

More Like This

View All
View All
Subscribe CTA Banner