Skip to main content
Marsh logo

Article

Navigating risks in the tech M&A landscape

Investors can capitalize on the potential for growth within Canada’s booming tech industry by identifying and navigating these potential challenges.

10/15/2024 · 7 minute read

Canada’s extensive industry expertise and supportive research and development culture have helped position Toronto as the fourth-largest tech talent hub in North America. And the technology industry’s recent contraction from the pandemic-fueled digitalization surge has led to a drop in valuations, presenting a unique opportunity for investors seeking to participate in the sector's growth through strategic acquisitions.

Both private equity firms and strategic buyers are interested in capitalizing on the opportunities in Canada’s tech industry. They are also keenly aware of the challenges in this fast-evolving sector, where success often hinges on the ability to seize opportunities afforded by innovation, while managing associated risks.

Canada’s consecutive lending rate reductions, which are expected to continue, and favorable deal activity should help the tech mergers and acquisitions (M&A) landscape grow. However, geopolitical factors and uncertainties surrounding the 2024 US election and the 2025 election in Canada could increase buyer caution and may influence this trend.

By carefully understanding, identifying, and navigating these challenges, investors can capitalize on the potential for growth within Canada’s booming tech industry.

Risks of high concern for tech companies include

Data security and privacy

Regulatory compliance

Reputational risk

Digital business interruption

Technology errors and omissions

Risk factors impacting Canada’s tech sector

The tech sector continues to evolve at breakneck speed. Artificial intelligence (AI), autonomous vehicles, and other innovations are revolutionizing the way we live and do business, having profound impact well beyond the tech world. But these groundbreaking developments introduce a host of new risks, particularly to the organizations spearheading advancements, including:

  • Generative AI risks. The swift and continuous evolution and rapid implementation of generative AI could increase the risk exposure for tech companies. Improper AI usage, errors, or oversight, for example, could increase the risk of cyberattacks. AI design failures could also increase the risk of errors and omissions and impact operations. While the use of AI becomes more pervasive, insurers in Canada do not yet have language to support it, but are working to address this issue.
  • Business interruption. Increasing reliance on connected systems means that even a simple system outage can have severe consequences, hindering access to critical data and disrupting operations. For example, a CrowdStrike software update in July 2024 caused outages for millions of users of Microsoft Windows devices worldwide, which is believed to have contributed to total direct financial losses of around US$5.4 billion solely for Fortune 500 companies. Several organizations are asking how they can better protect their operations to mitigate the impact of similar incidents.
  • Evolving regulatory scrutiny and governance. As risks evolve and increase, regulators are introducing new requirements and increasing their level of scrutiny.

Robust due diligence essential in tech-related transactions

Considering the significant repercussions of these dynamic challenges, it is important for potential buyers to conduct a comprehensive review of sellers’ representations. This should be part of a rigorous due diligence process that identifies potential risks to the transaction, quantifies their impact, and determines whether they can be accepted. A robust due diligence process can also help buyers validate whether the purchase price is appropriate. 

Buyers should take a number of steps to protect their transaction, including:

  • Meticulously examine the risk management and risk transfer strategies of target companies
  • Engage an external risk specialist to pinpoint key insurable exposures
  • Implement a robust due diligence process that helps identify any gaps in the target’s insurance procurement strategy
  • Identify any foreseeable changes in insurance expenses
  • Assess the target’s loss history
  • Provide a roadmap of key insurance-related actions to be completed before and after the deal closes

Tech companies offer a wide range of complex products and services, ranging from SaaS solutions to smart devices, and spanning multiple industries. Buyers can benefit from expert risk management, risk transfer, and legal advice not only in their native industry, but in all industries connected and serviced by the target. Digital supply chain mapping, back-office IT audits, and cybersecurity audits, among others, can help buyers better understand potential risks associated with the transaction.

In addition to identifying risks and issues that could be detrimental to and possibly derail the transaction, a comprehensive due diligence process allows buyers to quantify potential costs to remedy existing issues and invest in creating value post-transaction.

Risk transfer considerations

Quantifying a target company’s risks and ensuring it has the right lines of coverage and sufficient limits is an important component of an organization’s risk transfer strategy. Failing to do so can result in purchasing insufficient coverage, especially in light of the recent inflationary environment that has impacted valuations. The due diligence process should also consider the financial implications of increased insurance costs and how pending claims as well as potential historical liabilities could impact the organization’s future revenue streams.

Strategic buyers should also explore opportunities to integrate the target company into their existing corporate insurance arrangements to ensure a seamless post-acquisition transition and minimize coverage gaps or overlaps from day one.

Representations and warranties (R&W) insurance continues to be a ubiquitous deal tool in private M&A circles and serves to streamline negotiations between parties, offer recourse for the buyer when a seller indemnity is not available, and preserve key relationships in the event of an indemnity claim post-closing.

R&W insurance has also been used successfully in take-private deals, which are increasing in the tech sector. An experienced insurance broker can help buyers manage the nuances and obstacles — such as incomplete disclosures — that could impact the underwriting process. 

R&W insurance can help bridge the gap between a buyer’s desire for recourse for post-closing financial loss due to a breach of representations in the purchase agreement and the seller’s desire for a clean exit. 

Tax indemnity insurance has also been tactically deployed in tech M&A deals to protect a buyer against potential adverse tax treatment of acquired net operating losses or tax credits.

The insurance industry is also taking action to support the tech sector’s evolving requirements through innovative offerings aimed at mitigating both physical and business risks. Challenger and disruptor insurance (CADI) is one example. This solution, which is offered to FinTech companies, brings together different lines of coverage in one policy that can be tailored to an organization’s specific exposures and budget.

As they focus on aligning their insurance programs to their risk appetite, some PE funds and tech companies are increasing retentions. Some are also exploring integrated program structures and other alternative risk programs as they seek to optimize their risk management approaches to counter difficult property and casualty insurance conditions.

Creating value through cyber improvements

In the current deal environment, PE funds are putting increased emphasis on identifying opportunities to create value within their portfolio. Historically, directors’ and officers’ (D&O) liability coverage was a main focus for PE funds seeking to increase value across their portfolio. However, cognizant of the extensive implications of cyber threats, more PE funds are looking at improving their portfolio companies’ cyber posture. These risk management improvements, which often entail partnering with cybersecurity consulting teams, may also help PE funds secure needed cyber coverage to protect their investment.

Similarly, tech companies themselves are also establishing stronger internal cyber policies and improving their cyber posture. Measures include investing in cybersecurity controls, such as multi-factor authentication; developing incident response planning and testing; and providing cyber risk awareness training. It is wise for potential buyers to investigate areas including these controls, strategies, governance measures, and enterprise risk management approaches to safeguard their investments and enhance resilience in the face of evolving cyber threats.

Proactively developing data- and analytics-centered risk mitigation strategies and understanding their own risk philosophies can help organizations mitigate both emerging and evolving risks. Doing so effectively often requires partnering with an advisor who can help organizations identify vulnerabilities.

As the industry continues to evolve, managing risks in tech M&A transactions remains paramount. By understanding and mitigating these risks, investors and tech companies can better navigate a landscape in flux and remain ahead of the curve.

Our people

Sandeep Shenoy

Sandeep Shenoy

PEMA Canada Practice Leader

  • Canada

Matt Bassani

Matthew Bassani

Business Development Leader, PEMA

  • Canada

Chris Johnson

Chris Johnson

National Tech Industry Leader

  • Canada

Related insights

Earth Day concept with tropical forest background, natural sence with canopy tree in the wild

Article

Facilitating the bankability of energy transition projects: Risk management and insurance considerations

11/15/2024
woman gazing at skyscrapers under sky

Report

Transactional Risk Global Tax Bulletin

11/06/2024
Seamless skyscraper facade with blue tinted windows and blinds at night. Modern abstract office building background texture with glowing lights against dark black exterior walls. 3D rendering.

Report

Global Transactional Risk Insurance Claims Report 2024

06/24/2024
Skyscrapers building sunshine

Report

Transactional risk insurance 2023: Year in review

03/14/2024
View more