Global mergers and acquisitions activity has soared to record-breaking levels, with almost $4tn of deals agreed since the start of the year.
In the UK, the Office of National Statistics released statistics yesterday which show a “notable increase” in M&As, with overseas companies spending £27.7 billion on acquiring British businesses in Q2 – which is £19.4 billion higher than Q1. The value of domestic M&A (UK companies acquiring other UK companies) was £10.6 billion in Q2 2021, an increase of £6.1 billion on previous quarter.
But M&As can be extremely dangerous, with organisations that buy other companies taking on the risk profile of the business they acquire. If a company has vast amounts of unstructured data, for instance, this will quickly become a big problem for its new owner, which runs the risks of suffering breaches and even faces an increased risk of insider threats.
Mergers and acquisitions can cause major problems with compliance, because when an organisation acquiring other companies and their infrastructure, it risks inheriting their data and permissions problems as well.
The risks are huge and the punishments serious, with GDPR fines waiting for the unwary. Unfortunately, ignorance is no excuse - which means any company thinking about an M&A needs to prepare immediately.
Following yesterday’s ONS announcement around UK M&A activity, we can offer an interview with Matt Lock, technical director UK at Varonis, a global security firm which specialises in data security. It has carried out extensive research into the dangers of M&As and how to solve them. We can also provide anonymous case studies which illustrate the problem – as well as solutions.
Matt Lock, technical director UK at Varonis said: “When one company acquires another, it also acquires its cybersecurity problems. It’s very difficult – if not impossible - to accurately assess the risk of the systems and data held by another company before a merger.
“As the M&A surge continues, organisations must make sure they are not buying up major problems. Complex enterprise environments typically carry a lot of risk, which means any business planning to acquire a company should carefully have visibility of its data landscape as well as lock down and monitor its data.”