The 2020 edition of the IT Due Diligence Guide has been released.
An October 2019 Deloitte survey conducted by OnResearch asked 750 US-based corporate executives what their primary M&A strategy was expected to be over the next 12 months. The top response was, “Seeking deals that will help us acquire new (to us) technology.” As this is written in June 2020, with the world beginning to “reopen” from COVID-19, it’s expected that M&A activity derailed by the pandemic will resume.
Those deals will likely focus on smaller targets with niche services and technologies. Unfortunately, those are the companies that are most likely to present risks that threaten to reduce the value of the acquisition.
There are several reasons.
Hackers are now more carefully targeting businesses, especially with ransomware. Cyberattacks against companies are up 13% year-over-year. Attacks that shut down city governments and large company networks frequently make the news, but you’ll never hear about the many successful hacks against smaller companies, governments, and organizations. 58% of ransomware victims paid a ransom last year.
At the same time, companies of all sizes are struggling to hire qualified IT security staff and find the resources needed to protect against cyberattacks. When larger companies find it challenging to establish proper IT security practices, smaller organizations are likely operating at even higher risk levels.
Another trend impacting companies of all sizes is the rise of new data security regulations around the world. While the EU’s GDPR (General Data Protection Regulation) has received much attention, individual countries and American states have added overlapping and sometimes conflicting data and IT security laws. In some cases, these laws apply to citizens of the regulating government, so any company storing or processing data for those citizens, regardless of where the company is located, may be required to follow the laws. Many smaller companies are not aware of the existence of these laws, let alone in compliance with them. These regulations can have a material impact on a company’s business model or need for future IT investment.
Of course, these developments don’t reduce the need for the traditional IT due diligence focus on IT staff, product plans, system scalability, software licensing, etc.
In the 2020 edition, the IT Due Diligence Guide has been further expanded and reorganized to address current IT security and operational concepts. Due diligence requests have been added and explanations have been revised.
Using the IT Due Diligence Guide and the related tools included with the book, both seasoned due diligence professionals and those working on behalf of the infrequent investor can uncover the technology risks and opportunities in any company.