How rapid M&A IT integration can cut costs and boost M&A cybersecurity

In brief

• Rapid integration can position an acquired asset to be part of a long-term business transformation for corporate buyers or for private equity (PE) resale.
• Rapid M&A IT integration tools and strategies can secure data against attacks by cybercriminals.

There are five good reasons why companies and private equity investors can consider rapid M&A IT integration.

Simply defined, rapid integration allows any acquirer to deliver high-priority goals of the transaction with the minimum technical capabilities required to achieve desired synergies. Often for corporate buyers, a longer-term full and transformative M&A integration of various technologies may be part of the investment strategy. But a rapid integration may be the right way to go for these reasons:

1. The chief reason rapid M&A IT integration may hold appeal is that the number of multiple, parallel transactions — with technology integration complexities and rising IT costs — is on the rise as businesses seek growth in an uncertain market.¹ IT, which is often among the largest contributors to M&A integration costs, can drive half of M&A synergies, EY analysis shows. EY-Parthenon experience indicates that acquirers can reduce one-time M&A technology integration costs by one-third to one-half in partial integrations by using innovative software and technology applications, including Zero Trust Network (ZTN) and M&A cybersecurity tools, to build moats around existing IT processes.
2. A second benefit of rapid IT integration is the speed it enables in achieving revenue synergies and growth goals in the short term. Speed also may allow corporate buyers to manage a higher volume of acquisitions as part of a broader plan to eventually do a full IT reboot. For a PE buyer, speed can help PE investors streamline future carve-out costs and complexity, especially in consolidation strategies focused on regional businesses with satellite locations.
3. A third benefit is that rapid M&A IT integration can reduce system disruptions for the business and end-users that might otherwise slow growth. 
4. Fourth, when an acquired asset is in a separate line of business with unique IT system requirements, partial integration, done quickly, can reduce disruption to that line of business and allow for continued operational efficiency.
   
   These factors can appeal to a corporate investor intent on transforming a business with a longer time horizon and multiple transactions. But there is one last reason rapid M&A IT integration holds appeal:
   
   
5. When the buyer, especially a private equity investor, has a short time horizon for investment, a traditional, full integration would be impractical due to time, cost or investment thesis and may not be necessary.
   

The bottom line is that rapid IT integration helps an acquirer create value by moving quickly toward growth and transformation while reducing costs and risks.

There are several tools acquirers should focus on to rapidly integrate and address M&A cybersecurity² during rapid M&A IT integration: enterprise resource planning (ERP), data strategy and network architecture.

Creating an ERP landing zone

Merged companies need the ability to report on critical financial and operational data soon after the deal close. This is especially challenging for serial acquirers that are tasked with multiple and often concurrent M&A technology integrations.

In EY-Parthenon experience, this pain point can be addressed with strategies such as a two-tier ERP approach that creates a “landing zone” ERP for newly acquired or non-integrated acquisitions. This allows the enterprise system to run the core business without disruption, along with multiple core ERPs. The acquired processes can be harmonized separately. This also creates additional visibility into critical data to drive combined business performance.

ERP case study

To reduce spending and simplify their exit strategy, private equity investors often use partial M&A technology integration. When they do invest in technology transformation with an acquisition, it is frequently to fulfill specific commercial or operational objectives or limit risk.

One private equity buyer that acquired a global distributor leveraged a two-tier ERP approach, combined with data orchestration tools, to limit cost and complexity while providing new insights into operations and profitability. The target firm, the portfolio company and several satellite entities all relied on heavily customized, on-premises ERP solutions tailored to their specific regulatory and operational environments. On top of the ERP solution, the purchaser opted to use data orchestration to roll up financial reporting and create new insights into the operation and profitability of each regional satellite and its products and customers.

Through this rapid and partial technology integration strategy, EY analysis indicates the purchaser reduced ERP implementation costs by more than $1m and reduced ERP future-state implementation time by multiple months. In addition, the process limited business interruption and allowed the acquirer to redeploy savings elsewhere.

Assuring seamless data strategy and orchestration

Data insights are particularly critical during M&A IT integration to measure progress against key performance indicator targets and monitor risks. Many business acquisition strategies assume the ability to share data seamlessly across an enterprise, but that is often not what happens. Historically, companies have tried to quickly force enterprise-wide data into a single repository, an aggressive goal that is difficult to achieve, costly and time-consuming.

New cloud-based technologies allow data “orchestration” that takes information from multiple sources to assess and securely report for the business. This increasingly popular approach can help acquirers meet regulatory data sharing and governance compliance requirements.

Helping the end-user with software, M&A cybersecurity exercises

One of the first and most common M&A IT integration requests from an acquirer is to help improve end-user computing — the ability to quickly enable interorganizational communication and collaboration. Major software platforms enable advanced methods for newly integrated employees to remain on their email, chat, and other communication platforms post-merger but security measures must be in place. During the integration, security phishing and other exercises can help train employees about cybercriminals’ techniques in an M&A transition. Testing of critical security controls should be in place during the transition period.

Employing Zero Trust network protection

Modern technologies that leverage cloud-based Zero Trust cybersecurity frameworks restrict access and can be deployed rapidly to bolster M&A cybersecurity. Zero Trust network access (ZTNA) allows acquired companies to remain on their own platforms with segmented networks protecting sensitive systems and data, applications, and content. They are the antithesis of what was the typical integration approach — a full transition to the acquirer’s networks, domains and security procedures. However, that kind of broad access can open vectors for cybercriminals, increase the risk of inappropriate access by employees and create additional technology cost and complexity.

Zero Trust frameworks also are a significant asset during transition service agreement (TSA) periods; because Zero Trust access can help prevent unauthorized access or disclosure of sensitive data or data that is not part of the transaction.

Zero Trust case study

One large health insurance provider, a serial acquirer, reduced technology integration costs by 50% by leveraging a partial integration strategy with modern technologies. The target and acquirer could not converge IT systems on the deal timeline due to the complexity of the IT integration and the short timeline to close. It was not practical for employees to use two laptops or have multiple sign-on accounts. An EY team supported the deployment of a Zero Trust platform of services to connect networks, harden security and improve compliance standards across the companies. In addition to improving cyber defenses, partial integration between identity providers for sign-on access enhanced the end-user experience. Overall, the effort directly reduced technology costs so the buyer could focus spending on transformational initiatives.

Thanks to Ajay Bhatia, Bimal Pall, Stacy Scott, Skip Scholl, Sam Prescott, Angela Tessin, Thomas Kuklenski, Brian Levine, Don Williams, Basil Rizik, Joydeep Bhattacharyya, Tom Spak and Scott Sheahan, who contributed to this article.