Contact: Brenon Daly
For all of the attention paid to the financial and strategic aspects of M&A, it certainly pays to remember that, at their core, acquisitions are fundamentally legal processes. The terms and conditions of any acquisition effectively codify all of the other points that come up over the weeks or even months of negotiating a deal. Pricing, timing, governance, executive responsibilities – all of those key M&A considerations, along with dozens of other smaller-but-still-thorny concerns, are ultimately spelled out in a legally binding agreement.
Most of the final provisions of any deal surface during the earlier due-diligence period, which, depending on your particular view of law, can be a process to either help optimize the outcome of the combination or simply lessen the chances that you’ll get screwed in the transaction. Given the direct influence that due diligence has in shaping the ultimate acquisition agreement, it’s worth noting what the two sides are paying attention to when they strike a deal.
One key area of M&A-related examinations that’s getting an increasingly sharper focus is information security. A survey last October of 150 senior members of the tech M&A community, including a number of lawyers, revealed that not a single respondent reduced the amount of due diligence they did on a target company’s cybersecurity practices last year. Further, in the most recent edition of the M&A Leaders’ Survey from 451 Research and law firm Morrison & Foerster, fully eight out of 10 (82%) respondents said the level of scrutiny actually increased over the course of 2016, with the remaining 18% saying it held steady.
Obviously, as has come out in Verizon’s ongoing attempt to purchase Yahoo’s operating business, cybersecurity considerations can have a dramatic impact on a deal. The acquisition will now drag on a few months longer and the price will be lowered by $350m, or 7%, because of the massive data breaches that Yahoo revealed after the late-July announcement. As Verizon moves ahead with its plan to acquire the faded purple website, the transaction is nonetheless a reminder that cybersecurity concerns in M&A need to figure into boardroom discussions, not just courtroom disputations.
