Skip to content
Digital Transformation M&A
Digital Transformation M&A

Blog post -

Mergers & Acquisitions: Assuring operational resilience post acquisition

By Simon Fieldhouse

As a company that has made an acquisition ourselves (NCC Group acquired Iron Mountain’s Intellectual Property Management business) in the last twelve months, we’ve had a recent front row seat to the huge amount of preparation that goes into an acquisition — including commercial, financial, legal, and technology review — along with the critical integration phases.

According to Refinitiv data, the total value of global M&A deals announced in 2021 stood at $5.8 trillion, surpassing the full-year tally of $3.59 trillion in 2020. The technology, financial, industrials, and utilities sectors continued to lead the way and made up the majority of this activity.

The fact is that your organisation may be involved in an acquisition or divestiture at some point —either as an acquiring company or as a target.

The importance of technology due diligence

Standard due diligence in M&A has historically focused primarily on the legal, commercial and financial aspects of a target business, but in recent years, a thorough technology & IP asset appraisal has also become an important part of the picture.

As explained by Mayer Brown, “technology is often a key asset and value driver — in some cases, acquiring technology is the primary reason for the deal in the first place. Failure to conduct adequate technology due diligence can leave a buyer prone to overvaluation of a target.”

To ensure that those key technology assets remain valuable and to maintain continuity and access during and following a deal, rigorous research, analysis and planning is essential to understand any actual technology developed by a business and the associated supply chain, and also the critical software and systems used to support the business and its everyday operations.

Understanding control, ownership and legal contracts surrounding critical software applications and systems is a must to ensure that anything that is purchased as part of the deal will be accessible, available and usable upon completion.

Here we focus on the importance of software resilience and how it plays a key role in the acquisition process in order to help assure business continuity post- acquisition.

How software resilience can be leveraged in the M&A process?

It is critical for purchasers to have a focus on effective integration planning and evaluation right from the outset of the deal, not to start thinking about it as the ink is drying on the purchase agreement.

Here are some of the situations where software resilience can be integrated as a best practice.

  • Intellectual Property (IP) protection

When you acquire a business, you're acquiring it in a ready format. But you also want to make sure that you're acquiring the IP that may form part of the unique value proposition that comes with that business.

Considering how you can protect that IP and ensure that it is intact is a must as part of any deal. Technology development for IP in either physical or digital form should have an audit trail with date and time stamp and kept independently by a third party so that it can serve as a master record of the technology assets that were reviewed and could offer further comfort to the purchaser, the investor, or even the insurance provider.

This ensures to those interested parties that the IP included in the deal is complete, performs as promised, and is securely protected with a neutral third party.

Further, if there are key individuals whose knowledge is critical to the valuable IP in target, purchasers should also consider independent verification services which verify, capture, and document how such IP is deployed so as not to have one single point of knowledge.

  • Business systems integration

Another example of where software resilience strategies are effective, is when it comes to the actual integration of two companies and can play a valuable part in ensuring that business-critical systems remain up, running, and are also successfully migrated.

Based on multiple studies, the Harvard Business Review reports the failure rate of mergers and acquisitions lies somewhere between 70% and 90%. The article concludes that companies that manage M&A activity successfully work hard at effective integration and invest in integrating the two businesses. PwC’s report on Success Factors in Post-Merger Integration explains, “Deal makers who manage a speedy integration benefit from the positive effects of a merger much sooner, enabling them to quickly return to managing daily business.”

  • Supply chain

To the previous point, an acquiring company must understand which of the target company’s systems are essential and keep these operating smoothly to successfully serve customers post transaction. This can be an afterthought in M&A transition plans but can have a profound impact on revenue if customers start to leave.

Depending upon the structure of the acquisition and the perspective of the seller, it may be that data as well as the systems have to be ported in a configurable format in order to allow the purchaser to keep operating in the ordinary and usual course of business.

The company being acquired may rely on certain technologies which they license from a third party, which the acquiring company may not already have. If during the due diligence process you identify dependencies on third-party applications, it would make sense to enter into discussions with those software vendors and have safeguards put in place to protect the future accessibility and availability of that software, technology or asset.

If your organisation is involved in M&A activity, the above software resilience considerations are a useful guide to ensure business continuity during acquisition and beyond.



Press contacts

NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7824 412 405

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom