3 Cyber Risks Tech Companies Need to Watch When Entering an M&A Deal

By: | July 16, 2022

Previously an M&A underwriter working across a range of private equity and strategic acquisitions in the US and Europe, Joe Perrett now heads up CFC’s transaction liability private enterprise product team. He can be reached at [email protected].

Topics: Cyber | M&A

For the majority of businesses, the global pandemic fast-tracked their digital transformation programs by months or even years.

And there’s no doubt that the accelerated demand for digital technology solutions was a boon to an already booming sector and saw a rush of start-ups come to market. 

Despite signs that the tech market itself is seeing a return to more normal rates of growth, the number of global unicorns (privately owned start-ups valued over $1 billion) grew by almost 14% from 936 to 1,066 in the first quarter of this year — and the majority of these sit within the tech sector. 

This growth has undoubtedly fueled the level of tech mergers and acquisitions.

Indeed, tech M&A values exceeded $1 trillion for the first time last year, a 60% increase on 2020, and SMB businesses are key targets for the giants of the sector.

Of the 616 acquisitions collectively made by the five big techs in the U.S. — Google, Apple, Facebook, Amazon and Microsoft — in recent years, 400 were SMB tech companies.

By their very nature, tech businesses can be ground-breaking and in many cases are bringing new and innovative solutions to market so when it comes to any merger or acquisition, the risks they present are wide ranging and can differ greatly to those of more traditional businesses.

These risks are not necessarily in physical assets but are often intangible and in many cases unique. 

As in many other industry sectors, representation and warranty (R&W) insurance has become an increasingly important risk transfer mechanism within tech M&A — and in a sector that has heightened risks, R&W insurance is proving its value as one recent report states that claims are especially prevalent within the manufacturing and technology sectors.

With the report citing compliance with laws and intellectual property making up 16% and 7% of all claims, we’ve taken a closer look at the tech sector to identify the top three risk areas specifically within tech M&A deals. 

1) Intellectual Property (IP)

IP is often the most fundamental and valuable asset tech companies have.

In a sector with IP at the core of its value, litigation will be commonplace as businesses look to protect their most valuable assets and obtain a competitive advantage.

Litigation can be complex, lengthy and most importantly very costly. An IP infringement action, for example by a competitor, can easily cripple any tech business, dragging on for years.

Perhaps the most high profile case to date has been the Samsung and Apple patent infringement litigation, which began in 2011 and concluded seven years later in 2018 with Samsung having to pay $539M in damages.

R&W in a tech merger or acquisition agreement are likely to include IP, so sellers could be liable for any problems that arise post-deal. 

2) Data Protection

Compliance with regulations and legislation is important for any businesses, but tech companies tend to have particular exposure to data protection regulation and any breach can have severe consequences.

Client data is a highly valued commodity in today’s world, and the protection of this data has been the focus of regulators around the globe.

Most countries have data protection regulation in place that outlines strict requirements on how data can be collected and used, and the penalties for breaching these rules are severe.

Uber in 2016 was fined $148M when there was a large data breach of their driver and user accounts.

Tech companies are often data custodians because their customers trust them with their data in large volumes, which raises their exposure to data protection regulation. In tech M&A transactions, data breach issues which surface after a deal can lead to hefty claims and lengthy litigation.

3) Cybersecurity

Cyber threats have grown considerably in recent years.

Google revealed that it blocks more than 18 million malware and phishing emails related just to COVID-19 every day.

Financial consequences have also become more severe, with cybercrime costing organizations $2.9M every minute.

The implications of a cyber security breach within tech firms are probably greater than those in any other sector. This is in part related to data protection, as cyberattacks can have flow-on effects on a tech company’s customer base which can result in litigation.

It’s not surprising therefore that in tech M&A, cybersecurity and risk exposure are analyzed in minute detail during the due diligence process.

As tech M&A transactions continue to increase, claims are also on the rise. It is vitally important that companies in this sector looking to undertake any transaction truly understand the unique risks that any deal presents and also understand the limitations of their everyday insurance covers — for example, E&O policies typically exclude patent litigation.

Having fit-for-purpose R&W insurance in place can help facilitate a smoother transaction and provide the seller with peace of mind. &

More from Risk & Insurance