How To Counter The M&A Cybersecurity Threat
It’s the worst nightmare for anyone involved in mergers and acquisitions.
By ansaradaThu Jul 16 2015
A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years. In exploring a merger or a takeover, strategy shouldn’t be discussed via email and certainly not on Twitter. Someone who should have known better not to use Twitter to discuss a takeover, especially because of his time at Goldman Sachs, is Twitter chief financial officer Anthony Noto. Last year Mr Noto tweeted: "I still think we should buy them. He is on your schedule for Dec 15 or 16—we will need to sell him. I have a plan." The post was quickly deleted but not before Mr Noto’s followers did a screen grab. It became the M&A fail story of the day. Just as Twitter is not secure for M&A discussions, neither is email.
Movie studio Sony was hacked last year. Among the emails leaked by hackers was an approach by Lions Gate Entertainment to engage in potential takeover or merger talks with Sony. Sony Entertainment chief executive Michael Lynton was prescient when he said in an email that it would be “very disruptive” if the “lionsgate stuff gets out.” Linkedin too can unwittingly play a role in bringing a potential deal to a screeching halt. Potential buyers of a company may search Linkedin for information about the employees at the target firm. The target company’s Linkedin employees can see who is looking at their profiles. They may be alerted to the potential of a M&A transaction. If merger and acquisition negotiations are underway it is important to put debt rating agencies, if they are involved in rating debt financing for the M&A transaction, under strict quarantine.
This week Fitch leaked details of data center real estate investment trust Digital Realty’s $1.89 billion takeover of data center solution provider TelX before the deal was announced. Fitch put out an opinion affirming Digital Realty’s “BBB” bond rating in the wake of the deal, detailing $700 million of stock issuance and $1.2 billion in new debt to pay for TelX. Such a mistake could have torpedoed the deal and left Fitch not only embarrassed but also potentially liable for costs associated with the deal’s failure. The biggest recipient of leaks on M&A deals are reporters or traders who may face criminal charges if they knowingly use inside information. Some on the bidding side perceive it is advantageous for a potential acquirer to leak details of its takeover offer to the news media to speed up a deal or derail it if the potential bidder faces strong competition. A leak to a reporter on a potential M&A transaction may also be a way to extend a deal’s completion time, frustrate the selling party and enable a bidder to walk away without paying a breakup fee. But such tactics mean dealmakers are playing with fire.
To ensure security from hackers and that there are no leaks of vital deal information, data room security is paramount. Here are some tips:
Make sure questions and answers are done through a data room. If questions on the deal are emailed and the reply itself is also an email, news of M&A negotiations may become public knowledge.
Ensure security settings related to bidder, folder and document are applied. Document security should be discussed so all members of the deal team know what the security settings are before bidders are asked to enter the data room.
Make sure deal documents that can be printed or saved have watermark settings that make them discoverable.
Expire saved documents by making sure a security policy travels with documents that are verified in real time every time they are accessed. This can allow flexibility at zero cost to security.