M&A process successfully completed! And where has IT security gone? 6 tips to reduce the risk of cyber threats!
by Svenja Koch
The term M&A - in the long form Mergers & Acquisitions - is used in the corporate sector to describe mergers, company sales and acquisitions or (hostile) takeovers. Since the first wave of takeovers in the USA, which began in 1895, M&A has been a cyclical phenomenon, the last wave of which ended in 2000. Current corporate takeovers hold a new challenge: IT integration or system migration. The term post-merger integration is used to describe the harmonisation of two existing IT systems after the merger of companies - a harmony that is only in the rarest of cases right from the start. Rather, business-critical problems often arise after mergers or acquisitions - because nowadays virtually all business processes are digitally supported. The relevance of a carefully executed IT integration is still underestimated by company management. IT integration must not cost anything and must be completed in the shortest possible time, according to management. The problem is that the dependence of business processes on IT is enormous. And mistakes are particularly expensive here.
In this article you will learn why you have to pay special attention to IT within the framework of the necessary M&A process steps and how you can reliably maintain IT security during a system migration.
What is the goal of M&A?
The overriding goal of every company is to secure its own existence, combined with growth. However, internal growth by increasing turnover can only be achieved to a limited extent, because at some point every product and every service reaches its limits in the form of saturated markets. Greater success in terms of growth can then only be achieved through external factors - through mergers or acquisitions of other companies. The acquired company immediately increases turnover through the merger, but especially in today's world it also brings with it a significant problem: IT.
The relevance of IT for M&A success
A significant proportion of executives attach too little importance to IT in the context of M&A. Company takeovers are regularly delayed because two IT systems (those of company A and company B) cannot be merged into a functioning unit "just like that". This is because processes within an IT system are already immensely complex - bringing two complex systems under one roof is a real challenge for IT managers, especially when budgets are tight and time resources are limited. But at M&A, time cannot be played for in many areas - just think of payroll, bookkeeping or accounting. These sub-areas of a company have to be integrated into the IT systems directly after the business takeover. E-mail addresses, telephone systems, the entire network and, last but not least, IT security do not allow any delay either, if one does not want to jeopardise the success of the business takeover.
What problems arise during IT integration?
In an upcoming IT integration, four areas put IT managers to the test. These issues are:
- A high complexity of the IT systems
- Low integration costs demanded by management
- The required speed
- Risks during system migration
Topic 1 - Complexity
When two companies merge, in most cases two completely different IT ecosystems meet. Conflicts arise here, for example, when company A uses a standard software solution and has acquired company B, which also uses its own development. The management quite rightly expects the operational business to run from day one - redundant systems or software island solutions that want to be consolidated do not exactly make the work easier for the IT managers.
Tip: How can the problem of complexity be solved? With careful preparation in the early phase of ongoing M&A process steps! With a good overview of the company's systems and applications and by identifying critical IT infrastructures, measures can be taken early on to ensure that IT runs as reliably as possible on the day after the transfer of ownership.
Topic 2 - The cost of integration
Synergy effects through consolidated processes, services and systems can be achieved after an M&A transaction, especially in IT - at least if the appropriate human resources are available. However, savings are often made at this point in particular - in order to present the business in a particularly attractive light. Licences and their costs can also become expensive in retrospect - if it is not clear before the merger who holds the rights to the licences and what the situation is with regard to maintenance and support.
Tip: How can the problem of costs be solved? Through conservative cost planning for IT integration! As soon as IT integration costs that are set too low are noticed, intervention is required - so that the supposedly lucrative deal does not turn into a cost-intensive IT disaster afterwards.
Topic 3 - The speed of system migration
After an M&A transaction, IT integration and system migration should be implemented as quickly as possible. Promptly here means that the momentum of the initial enthusiasm must be used without fail before day-to-day business once again dominates the entire working day. However, the roadmap of the integration goals must not be too tightly knit - but realistic and based on the possibilities.
Tip: How can the problem of speed be solved? Through realistic planning! In this way, problems can be reacted to quickly.
Topic 4 - The risks
The scarcer the human resources are in the context of a system migration, the greater the risks. Especially with ongoing IT integrations, there is a great danger that IT security will be shut down, resulting in glaring security gaps. However, if IT security shuts down parts of the systems or corresponding software because of security concerns, customer data may no longer be processed or orders may no longer be accepted.
Tip: How can the problem of risks be solved? Through detailed planning of IT integration and migration! The earlier critical actions are started, the lower the risk of conflicts.
The term post-merger integration refers to the harmonisation of already existing systems after the merger of companies. This can affect structures and processes as well as production processes. In the context of post-merger integration, IT plays a special role - because this is where problems that negatively affect the security of business processes occur particularly often after company mergers.
Post-merger integration and IT security: What exactly is important when harmonising two IT systems?
Many of the security gaps arise from operating errors - both in administration and in the use of software. Training is indispensable so that the relevant employees in both companies are aware of the danger points during and after a system migration and can adapt their behaviour accordingly. Here, the companies that work with common IT systems such as SAP or similar have a clear advantage. Here, service providers offer adaptation training to familiarise the employees of the merged companies with the new status quo in terms of software. With thorough measures before the merger, many security problems can be detected and subsequently eliminated.
How to ensure IT security in corporate mergers!
6 useful tips to reduce the risk of cyber threats before, during and after a system migration
- Allow sufficient time, also and especially for IT.
- Prepare thorough analyses and documentation of the existing IT systems.
- Cooperation between the IT security experts of both companies before implementing the acquired company.
- Have external security assessments carried out.
- Prevent operating errors by restricting access rights during the period of system migration and IT integration.
- Fixed IP address for devices in the network or recording of access-authorised end devices via MAC addresses prevents unrecognised logging in of private devices and minimises the risks of malware entering the network.
What are the dangers if IT security is not taken into account?
Of course, when two companies merge, there is unavoidable chaos in many areas of the company. The functioning of IT can and will also be impaired. If too little importance is attached to IT security, this is almost an invitation for hacker groups to break down the open barn doors of the companies. Whether it is social engineering, phishing or simply the cluelessness of untrained employees: unprepared IT poses a danger, especially along the individual M&A process steps. The greatest dangers include:
- Not testing the vulnerabilities of the systems to be implemented.
- Exploitation of existing IoT devices for DDoS attacks with insufficient server capacity at the same time
- Data stored in the cloud and then forgotten#
- Unnoticed logging in of end devices
Fazit
Company takeovers are extremely complex in their execution - which also and especially applies to IT. Today, almost all processes within a company are computerised, yet the majority of managers underestimate the importance of IT for the success of a merger. This puts immense pressure on IT managers, because the budgets are usually small - and the requirements huge. In order to ensure business operations during all M&A process steps, IT in particular requires extensive, detailed preparation and planning. The earlier and more precisely the IT integration and system migration are planned at M&A, the fewer security gaps remain undiscovered. In many cases, IT security suffers from the chaos of the restructuring phase. External service providers can provide effective support if the company's own IT security has been taken over by other M& process steps. And last but not least, many gateways for cyber criminals can be closed quite simply - through comprehensive training of all employees of the merging companies.