FEATURE
CYBER SECURITY IN AFRICAN M&A
The use of technology in African M&A processes is developing dramatically as infrastructure improves and awareness around data security grows.
IT and internet infrastructure in Africa has lagged developed markets for years, curtailing the use of virtual data rooms and other online tools in African dealmaking. In recent years, however, the market has transformed to the point where DataSites and online due dilligence platforms are now standard in the vast majority of M&A processes.
 
Mergermarket’s survey of more than 100 dealmakers on the continent finds that almost three quarters of those polled (74%) use virtual data rooms for transactions in Africa.
Merlin Piscitelli, a director at Merrill DataSite, says the development of wireless and mobile internet access has been a major reason for the evolution. “I’ve dealt in Africa for the last 10 years and I’ve watched a market that has changed. There used to be no such thing as a virtual data room and horrendous internet speeds where people couldn’t actually access a virtual data room to do due diligence. Now we see an emerging market that has skipped over other forms of wired computers to mobile devices and wireless dongles with faster speeds than people get in their offices.”
Security conscious
As the use of technology to execute deals has increased, so has the awareness around cyber security and the protection of confidential data. In the Mergermarket survey, cyber security is given the highest importance by 60% of respondents, with 39% saying it is reasonably important. Only 1% of those polled say it is of minor importance.
 
External data breaches, meanwhile, rank as the biggest data-related risk, with respondents giving it a 5.65 score (on a scale where 1 is not risky and 6 is extremely risky). Internal data leaks score the next highest at 5.13, closely followed by cyber intrusions (5.17) and intrusions into IT systems (5.09). Piscitelli says dealmakers in Africa are adapting technology to suit their specific needs and are very conscious of protecting their data and systems. “Previously the goal was simply to get everything digitised in some way, in an electronic format that was semi-organised. Now everything is digitised, organised and protected. Dealmakers are looking at technology and the security protecting their data as a vital thing in any process that they’re running,” Piscitelli says. The rise in the use of technology in deals and the increased awareness of security risks can also be explained by the rise in transactions in Africa, particularly from foreign investors. As the percentage of inbound M&A into Africa has increased (from 39% of total African deal value in 2008 to 70% in 2015) vendors have become more conscious of who is interested in their companies, the reasons for this interest and how to protect IP and commercial data when there are so many parties eager to look it over. “The entry into Africa from investors from all parts of the world automatically makes somebody ask why a potential buyer wants access. There is now competitive tension from a global audience and that shifts the mindset. A vendor doesn’t have to give a buyer everything because it’s the only one party that’s interested,” Piscitelli says. “There is now a very diverse group of buyers looking at every asset and that naturally increases the risk.” A way to go Despite the increase in the use of data rooms in African M&A and the recognition of the security benefits the technology offers, there is still a sizeable minority of dealmakers who remain concerned about using data rooms. According to Mergermarket’s survey the 26% of respondents who do not use data rooms are either unfamiliar with the technology, concerned about costs or reticent because the regulatory framework for putting data online is not mature enough. Piscitelli says that in South Africa and Nigeria, the two engine rooms of African M&A, data rooms will be standard, but that in other smaller jurisdictions, where M&A volumes are lower, it will take time for the technology to take hold.
 
“Outside of Johannesburg and Lagos the market is very fragmented. There are a number of smaller transactions in a variety of jurisdictions. As you move down the value ladder there is less familiarity because these markets haven’t had an event that’s going to require such a thing as a data room, or online due dilligence platform,” Piscitelli explains. As the African deal market grows and matures, however, the uptake of data room technology is likely to track that expansion as dealmakers become more conscious about protecting their data, controlling what bidders can see, meeting the regulatory requirements of jurisdictions where inbound bidders are based and reducing the risk of leaks. “You still see a nervousness from boards about putting all their company documents, employment agreements, lease agreements, pricing strategies, five-year plans etc. online,” Piscitelli says. “But there is recognition that a virtual data room gives more control and is more secure than a paper room. It provides the infrastructure to authenticate somebody using the site, tracking will know who they are and what they’re doing. That gives you such valuable information to run a more efficient and intelligent process.”