Preparing a Business for Sale in 3 Steps
We've created a 3-step guide to help prepare a business for sale, including exit planning, assembling your deal team, and starting the M&A process.
Cybersecurity is primed for a spike in M&A transactions. According to data from Ernst & Young, the value of cybersecurity deals grew by 160% between 2014 and 2015 — a jump that represents an increase of $16.5 billion. In that same year, the number of deals surged by 46 percent. Experts in the space anticipate this is just the beginning of a long period of growth.
At the same time, cybersecurity is becoming increasingly important to deal professionals across transactions. British insurance company Lloyd’s estimates cyber attacks cost companies $400 billion a year, and while 66.5 percent of firms state privacy and security concerns are “high” or “very high” priorities, just 39 percent of companies have clear privacy due diligence processes in place.
Mark Sauter, managing director and management team member at Pickwick Capital Partners, summarizes the dynamism of cybersecurity perfectly: “Cybersecurity is of unique importance… it’s both a source of large and growing deal flow and an area of increasing importance in the completion of transactions across all business sectors.” Over email, Sauter, who has advised a number of cyber companies and managed a contract for the National Security Agency, shared his thoughts on the two sides of the cybersecurity coin.
Cybersecurity is an “exciting, high-growth space for those who specialize in it,” according to Sauter. Billions of venture dollars have been poured into the space, driving activity from the growth stage and into M&A transactions. Word on the street is that cybersecurity is on the up and up, and Sauter and his colleagues agree. The “lost steam” in the public markets and fewer IPOs “should result in more M&A [and] the consolidation of point security technologies into broader solution suites that are easier for customers to buy and maintain.”
“Crossover between Big Data and cyber security analytics and the convergence of physical and cyber security” — Sauter cites unified systems that allow users to control access to digital resources as well as material ones, like office doors, as an example — make cybersecurity an active sector ripe for deals.
Cybersecurity concerns are quickly becoming as important as financial information in transactions. Pointing to security fiascos at Sony (it’s been called the “hack of the century”) and Target, Sauter says that “increasing legal standards for the protection of customer information” are shifting “the legal responsibility for these issues is increasingly moving from IT geeks to executives and boards.” This movement makes keeping a close eye on privacy and security in the transaction process and target company even more important for deal professionals.
“Buyers are already adding sophisticated cybersecurity diligence to their processes, often assisted by new practices at major accountancies, who are adding such services to their legacy financial diligence services, and specialist security companies,” says Sauter. The increasing importance of cybersecurity in diligence and the growing implementation of separate diligence processes is shifting the onus of mitigating privacy concerns to sellers.
“The pressure is really now on sellers to ensure they’re ready for the scrutiny,” a pressure that may include acquiring cybersecurity insurance — demand for which is soaring. The risks in a cyber attack are great, especially from a buyer’s perspective. In addition to the loss of IP and customer information, buyers run the risk of accidentally inheriting what Sauter calls a “cyber bomb,” “sophisticated malware such as advanced persistent threats (APTs) [that] can lurk undetected in software systems for years.”
According to Sauter, the discovery of a cyber problem during diligence blow up a deal; it can also reveal a hack in the seller’s system that can result in mandatory disclosure to customers and a wave of lawsuits.” Investing in strong cybersecurity before going to market is key. Compared to the millions that stand to be lost in civil lawsuits and government fines—not to mention the millions lost in market value — “investing in good cybersecurity… [is] inexpensive in comparison.”