Get a Quote
Log In


01-Sep-2018 22:26:07

Any acquisition, merger or fund raise is likely to involve several months of intense due diligence. The potential investor or buyer will assess everything to do with the business, even taking things like cyber security and company culture into account.

The result ends up being a vast set of files that have to be accurate, accessible and available at speed. The likelihood of deal completion decreases if the momentum slows down, or if errors undermine confidence in the process.


There is another crucial challenge involved in facilitating the huge file sharing that’s used in the M&A process. Security is key. With so much sensitive information being shared, it is vital that neither scale nor speed compromise security.

Information in the wrong hands can:

  • Weaken the vendor’s negotiating position
  • Compromise staff morale, leading to the loss of important employees
  • Risk action from financial regulators
  • Lead to loss of good will and reputational damage
  • Cause the deal to collapse entirely

The reality is that the vast majority of reported data breaches are a result of human error.

Employees who unwillingly cause security incidents through negligent action are called inadvertent insiders. These individuals were responsible for two-thirds of all recorded breaches last year, according to IBM’s annual X-Force Threat Intelligence Index.

Human error covers everything from sending an email to the wrong recipient to failure to recognise phishing attacks, or simply forgetting to use BCC. In pressured environments, such as an M&A process, it is easy for mistakes to happen.

In July this year, it was revealed that a coding error had resulted in the NHS accidentally sharing 150,000 patients’ medical details. The huge Sony breach back in 2014 was due to fake Apple ID verification emails, taking advantage of the fact that people will always use the same log-in credentials for both personal and professional accounts. Even organisations as secure as the Pentagon come undone because of human fallibility.


When it comes to M&A, the risks of breaches are much higher because multiple parties are involved, and it can be a distressing time for the people involved. A secure, objective third-party to manage the data exchange is essential.

Virtual data rooms (VDRs) understand the implications of a data breach during a deal, and there is broad agreement among us on how we manage the main issues that might impact its forward momentum. But there are meaningful differences.

For us, it starts with private servers hosted in a top-tier data centre based in the UK. Then, once a deal is up and running, our platform builds on this secure foundation with features like dynamic watermarking, time-restricted file access, and – crucially – an audit trail for all activity that happens inside a room.

We also choose to partner with complementary technologies like Adobe LiveCycle and Microsoft Information Rights Management to further tighten up security on all files being uploaded and shared within a data room.

The balance VDRs need to reach is taking measures like the above without blocking a deal from progressing. When there is so little margin for error or delay, the solution from our perspective has to be a great team of people.

Our clients are often working 18 hours or more per day when they’re in the middle of a deal. So many potential issues are solved with a fresh pair of eyes and a human being to talk to. Support that with a robust technology, and it's a winning combination that gives every deal the best chance of crossing the finish line. 


These Stories on Sterling