Due diligence in M&A deals

The gaming industry moves at an extremely fast pace, which places even more importance on completing mergers and acquisitions in a timely and secure manner, avoiding downtime at all costs.

Organisations looking to be acquired or to acquire must do so with utmost caution. Hackers are always on the lookout for opportunities to exploit vulnerable IT systems during mergers or acquisitions.

A prime example of such neglect outside is Starwood Group, an American hotel and leisure company. The company fell victim to a data breach in 2015 caused by malware infected point-of-sale terminals, shortly after the acquisition by Marriott Corporation had been announced.

Because of the breach, hackers gained access to customer names, payment card numbers, security codes, and expiration dates.

It was later questioned whether IT systems were appropriately assessed before the acquisition was made public. There is so much going on in the process of an acquisition or a business merger that IT systems are often neglected creating vulnerabilities and potentially exposing sensitive information which cyber criminals can exploit.

IT teams must focus on ensuring the security of existing systems before a company even considers undergoing an acquisition or merger.

Technical due diligence

Pre-acquisition technical due diligence refers to the period during which IT systems are inspected, reviewed and assessed for areas of vulnerability.

Organisations looking to be acquired or merge should begin this process internally before seeking interested parties. Many organisations also carry open source licensing risks. Open-source modules or snippets of code are commonly incorporated by developers into the software to aid rapid development.

Companies often have no idea what open-source code is used in their systems and any breach of licensing restrictions can be costly to fix and endanger the deal. The internal technical due diligence should include an assessment of open-source licensing risk, to resolve any problems in advance.

By conducting thorough technical due diligence before embarking on the process of an acquisition, organisations will have a greater appeal to interested parties and can ensure the deal will proceed smoothly.

Once an acquisition has been agreed in principle, senior stakeholders must address which systems and platforms are being continued and which should be decommissioned.

Companies often underestimate the amount of work that goes into managing the process of an acquisition. This can result in the appointment of a project manager without the necessary skills needed to efficiently run the entire process.

All too often it is assumed acquisitions only affect the financial and legal teams, when in actual fact every department is affected.

Post-acquisition journey

Post-acquisition integration is a separate project in its own right and can often take several years to complete, requiring continued close engagement from senior stakeholders.

Merging IT systems across companies can affect the running of daily operations, exposing flaws in acquired systems likely to cause system downtime.

By bringing third-party experts on-board, companies facing both pre- and post-acquisition challenges can be kept safe in the knowledge that IT systems are maintained and sensitive data is kept safe. No matter how big or small the company or the number of employees, acquisitions are always a major upheaval.

It is vital the entire integration is properly planned and effectively executed by a skilled project manager supported by engaged stakeholders and effective communication at all levels.