In this article, Stephen Singh, Global Vice President, M&A/Divestitures at Zscaler, explores the ever-changing M&A/Div market and the vital role zero trust has to play in removing the danger and protecting businesses when it matters most
A resilient market
2022 saw the beginnings of a hard market correction which led us to where we currently stand in 2023; reduced valuation and volume of deals due to changing economic conditions, interest rates, inflation, and the rising cost of capital, all of which has resulted in businesses taking a very conservative approach.
While global M&A/Div is off to its slowest start in a decade, signs of life are starting to be seen, with Q1 2023 transactions approaching 9k and nearly $600B in valuation, with announced mega deals – those consisting of anything greater than $10 billion – continue to slowly recover.
In such a fluctuating market, the need for better deal velocity, efficiency, and effectiveness is key, but so too is protection from constantly evolving risk. While the market may be thriving, for those not deploying zero trust, it is also dangerous.
Riding the wave and managing the risk
Given current market conditions, two patterns are emerging: well-capitalized companies making acquisitions in their core businesses; and companies shedding non-assets, allowing them to focus on what they do best or grow inorganically with another tangential acquisition.
Whether leaders are expanding, contracting, or consolidating their businesses, it’s elevated the need for risk management and a greater emphasis on cyber risk mitigation.
Managing cyber risk is a major concern for any one of these transactions. The biggest risk occurs post announcement, placing the acquired firm – and now its acquiree – in a highly vulnerable position and open to attack from all sides. Often the acquiree lacks the cyber maturity of the acquirer, creating a path of least residence for incident, compromise, and extortion once the transaction is completed.
As a result of this, M&A is a top concern for CISOs, who in some cases are the last to learn of an acquisition, and yet must deliver a speedy integration process in order to protect both sides. Without having a clear understanding of the new company’s cybersecurity risk posture, the integration, or separation process puts the CIO and CISO in a compromised position should any breaches happen.
Traditionally, once a deal is announced, the acquisitor will spend the next few months completing post closure due diligence, integration/separation planning and cost estimates. Following which, the acquirer will invest quarters mitigating risk, executing the IMO/SMO plan, acquiring new technology, replacing talent lost during the deal process, and implementing the necessary controls.
Transactions as a Service
When time, cost, and risk are too great, a transformative approach is needed to meet the needs of the business. By deploying zero trust during a transaction, what once took many quarters can now be achieved in just a few days. Utilizing the Zscaler Zero Trust Exchange eliminates many of the technical, logistical, and operational complexities impeding a successful transaction in the first 90 days.
Transactions as a Service on the Zero Trust Exchange provide meaningful benefits when it comes to cyber risk, since everything is considered insecure – past concerns with ransomware propagation, third-party access, IOT/OT environments, insider threats, supply chain attacks, IP/data loss and insecure public cloud instances are addressed by day one. With the use of AI/ML within the Zero Trust Exchange, data-driven insights are leading to improved user experiences, predictive analytics (breach notification), end-to-end risk analytics and ratings, and secure access to business applications (large language models).
Consequently, corporate development organizations – recognizing that they are still relying on outdated playbooks from over a decade ago – are increasingly requesting the support of IT and cyber development teams to deliver various outcomes, including securing synergy savings, eliminating TSA’s, managing cyber risk, ensuring tech standardization through common platform deployment, and addressing any technical dept to enable reduction, rationalization, and consolidation. These tactical steps allow for the cleanup of any mess created when transactions were started but never finished
Post-closure clean-ups
Another important step in the M&A process is the post-closure cleanup – something that is critical to avoid rising costs. Over time, a company may find it has acquired a dozen separate finance systems, HR systems and CRM systems, as well as the supporting technology that goes along with them. This increases technical debt, replicates existing IT capabilities/systems, and increases operating costs often eroding the synergy savings and growth benefits initially projected.
Completing past integrations and separations is central to achieving cost savings that are critical for overall business health. Additionally, minimizing the time and cost of Transition Service Agreements (TSAs) – a contract or agreement between two companies in which the buyer agrees to pay the seller for certain services to support the divested business for a defined period of time – is key to avoiding paying a premium for a commodity.
Zero trust as a business enabler
As a business problem, not a technical one, zero trust plays a meaningful role in improving M&A/Div deal velocity, efficiency, and effectiveness. Despite a global slowdown of economic growth and M&A transactions in 2022, dependent on the avoidance of recession, it is predicted that the market will experience a strong end to 2023 that will carry through to 2025.
Buyers, including enterprise and private equity firms, are becoming increasingly aware of the need to clean up their backyard as they begin to acknowledge just how busy the market is about to become.
The Zscaler Zero Trust Exchange has proven, for hundreds of clients, to reduce time to value (taking it from years to just weeks), dramatically reduce cyber risk, and cut in half one-time and recurring IT.
As companies consider where they want to grow, the barriers around value proposition which held them back previously are being reduced. Zero trust platforms can deliver every single benefit to help overcome the key barriers, including time, cost, risk simplification, and importantly, talent retention due to the improved efficiency of the process. As a result, zero trust is a competitive differentiator that removes the danger of M&A/Div and protects businesses when it matters the most.
About the Author
Stephen Singh is the Global Vice President of M&A/Divestiture and Private Equity at Zscaler. Stephen’s organization focuses on accelerating client transformations during transactions, accelerating alignment across technology, risk, and operations. He has more than 25 years of industry experience spanning management consulting, professional services, enterprise IT, and SaaS go-to-market responsibilities.
