Article May 16, 2022

Top 3 risks in tech M&A deals

The technology sector is continuing to boom and acquisitions are becoming a norm. In 2021, technology M&A values exceeded $1 trillion for the first time, a 60% increase on the previous year. Between 2010-2019, the 5 big techs in the US – Google, Apple, Facebook, Amazon and Microsoft collectively made 616 acquisitions, 400 of which were SME tech companies.

For tech businesses, M&A risks are wide ranging and can differ greatly to those of traditional businesses. These risks are not necessarily in physical assets but are often intangible and in many cases unique.

Here are 3 top risks within tech M&A deals:

  1. Intellectual Property (IP):

    IP is often the most fundamental and valuable asset which gives a tech company its purpose. An IP infringement action, for example by a competitor, can easily cripple a tech business. The tech sector is known for high growth and innovation. For this reason, in a sector with IP at the core of its value, litigation will be commonplace as businesses look to protect their most valuable assets and obtain competitive advantage. Representations and warranties are likely to include IP, so sellers could be liable for any problems that arise post-deal.

  2. Data Protection

    Client data is a valued commodity in today’s world, and the protection of this data has been the focus of regulators around the globe. In Europe, General Data Protection Regulation (GDPR) outlines strict requirements on how data can be collected and used, and the penalties for breaching these rules are severe. Tech companies are often data custodians because their customers trust them with their data in large volumes, which raises their exposure to data protection regulation. In tech M&A transactions, data breach issues which surface after a deal can lead to hefty claims and lengthy litigation.

  3. Cyber security

    Cyber threats have grown considerably in recent years. Google revealed that it blocks more than 18 million malware and phishing emails related to COVID-19 every day. Financial consequences have also become more severe, with cybercrime costing organizations $2.9M every minute. The implications of a cyber security breach within tech firms are probably greater than those in any other sector. This is in part related to data protection, as cyber-attacks can have flow-on effects on a tech company’s customer base which can result in litigation. In tech M&A, cyber security and risk exposure are analyzed in detail during the due diligence process.

As tech M&A transactions continue to increase, claims are also on the rise. It is worth noting that E&O policies typically exclude patent litigation, so having fit-for-purpose insurance in place can help facilitate a smoother transaction and provide the seller with peace of mind.

Transaction liability private enterprise (TLPE) is a first-to-market sell-side product developed by CFC which can provide comprehensive coverage for tech M&A transactions up to an enterprise value of $15M. TLPE covers the seller for any innocent breaches of warranties up to 7 years, as well as defence costs. 

If you have any further questions, please contact the transaction liability team at