M&A and Security


There have been some stunning mergers and acquisitions in contemporary times. Though the largest M&A to have ever occurred took place over twenty years ago.

According to Statista, Vodafone and Mannesmann’s merger in 2019 involved more than $200 billion. Apart from the Time Warner/AOL deal the following year, nothing has ever come close to toppling the mother of all mergers.

However, this doesn’t imply that M&A today involves trifling amounts. Indeed, M&A can often involve tens of billions of dollars or pounds.

The processes behind M&A involve incredibly sensitive information also. This means that these transactions require intense security.

A brief definition of M&A transactions

The term M&A gets bandied around as one single phrase but it refers to two very different things.

M&A is simply an abbreviation for mergers and acquisitions. A merger is when two entities decide to form one new business under a single name. All assets and financial aspects are merged into this new entity, and the process is normally deemed to be friendly.

Acquisitions on the other hand can more often be described as hostile. A merger might involve two companies on even footing, or at least where one has IP or assets that make it a viable partner to the other business.

A hostile acquisition is where one business is targeted for takeover by another. What makes it hostile is when the targeted business has no desire to be purchased.

It is worth noting that there are friendly acquisitions too. And probably some mergers where some board members on one side wished to remain independent also.

What are the motives behind M&A?

One of the motivations behind these deals can sometimes simply be survival. There were a record amount of closures in London’s restaurants during the pandemic.

Many restaurant groups have been known to merge in the past, and in some cases, this preserves the survival of a failing chain. In the case of an acquisition, it may be that one restaurant group wanted to acquire locations that the other group held.

In these circumstances, they may allow the other business to continue trading under their own brand in some locations while switching the branding in other areas to their own.

Other reasons for M&A transactions are as follows:

  • The acquiring of assets
  • Increased share value
  • Increased financial clout
  • Tax liability
  • Bigger market share

Asset acquisition

This is a powerful motive for a friendly or hostile M&A. One business may have assets including scientific research or intellectual property that the other firm seeks.

Increased value

Shares in companies involved in M&A will often rise sharply after the announcement of a deal. Two merged companies could even be worth more than they were as two separate entities.

Financial power

A merger can provide the ability to obtain higher levels of finance for expansion and operations.

Tax liability

Another motive to merge with, or acquire, another business is to use their tax losses to reduce their own tax liabilities.

Market share and diversity

Two big players in one industry can become extremely powerful. These types of mergers are often subject to scrutiny as was the Post Office/Payzone merger.

Alternatively, an M&A may allow one business to diversify if the consolidated company specialises in different fields. A streaming TV business merging with a music company for example.

Why the need for such security during M&A?

During M&A, a number of documents need to be viewed to carry out the process. These documents can amount to thousands or even tens of thousands of pages in the most complex of deals.

Much of this documentation may be repetitive, trivial, and even mundane. But a large proportion of it will contain very sensitive and important data.

Taxes, financial details, assets, intellectual property, trademarks, liabilities, insurance policies, client lists, and private information about key employees.

If any of this information was leaked it could damage an M&A, or halt it completely. It could change the valuation of one of the businesses. And the information could in theory even be sold on to a competitor.

Therefore, international – even military – standard security is critical to M&A.

How is this level of M&A security achieved?

In today’s world of M&A, high levels of encryption and multi-factor authentication are used to keep documents away from unauthorised eyes.

This is accomplished through the use of data rooms. These are sometimes called VDRs, virtual data rooms, or deal rooms, and are operated by vendors such as Firmex.com who use ISO-level encryption to protect files.

Why are data rooms used during M&A?

Data rooms have always played a part in transactions such as M&A, the difference today is that they are largely virtual.

A large number of players can be involved in an M&A, especially ones pertaining to billions of £s or $s.

This list of people can include advisors, investors, lawyers and legal teams, accountants, and buyers, who all need access to documents involved in M&A.

A virtual data room provides an area where documents are uploaded securely and then accessed only by individuals with pre-approval. One of the reasons for this is to carry out due diligence.

What is the purpose of due diligence?

Due diligence is an investigation into the proposed M&A to understand whether there is value in the transaction. This involves many steps.

One part of due diligence is to understand whether the proposed valuation of the deal is accurate. Another part is to understand the working culture behind the other party and whether a merger could be successful.

Due diligence is put into place to test for risks involved and to understand exactly what the M&A would mean for both parties. A due diligence process should involve such things as whether management views on both sides are aligned. It would also check for security issues including data breaches, and whether the deal simply offers value.

Failure to provide proper due diligence from Crowdcube was blamed for the Rebus collapse, reports Business Insider. Poor due diligence has led to many missives in M&A, with some costing millions of pounds.

Could due diligence be performed without the use of a data room?

Due to the global nature of business today, it is difficult to see how these documents could be shared securely, and quickly in any way other than a virtual data room.

VDRs offer many security features to protect the documents that are stored, and also who can view them. Other features include granular tracking which can be very useful in understanding the other parties’ motives, and where their interest mostly lies.

Trying to store thousands of pieces of paper in a room and share it amongst the two parties would simply be impractical. And trying to transfer documents constantly online in another fashion wouldn’t reach the levels of security M&A requires.


There have been some very successful M&A throughout history. There have been some true catastrophes too. Time will tell what last year’s Caeser’s buyout means for William Hill.

In any M&A though, security is a top priority. Data rooms provide this level of security and privacy. They allow documents that need to be kept private to be shared, but in a very secure way.

Understanding the nature of modern virtual data rooms today makes it that much more difficult to see how M&A ever happened securely in the past.