Jurassic Park was an entertaining book, and then a blockbuster movie. Blinded by greed, scientists go too far: Using ancient DNA, they bring long-extinct dinosaurs back to life. What could possibly go wrong?
In a word, everything. It’s a classic Michael Crichton story. But what he didn’t realize—and you might not either—is that Jurassic Park provides an outstanding cautionary tale about the world of mergers and acquisitions, specifically when it comes to the crucial and often-overlooked realm of IT.
Fact vs. fiction
The resort in Jurassic Park was designed with a core of secure control buildings, as well as dinosaur pens protected by a sophisticated network of electrified fences. In the story, the head of IT is a character named Dennis Nedry, the one person with the tech keys to the kingdom, entrusted with keeping it all running smoothly.
As you surely recall, Nedry was a villain. He secretly sold out to his employer’s chief competitor; he planned to provide them with the park’s top secrets: dinosaur embryos. And so he disabled all the locks to the secret building where the embryos were kept, so that he could steal some, and then re-enable the systems.
That didn’t go well. Nedry—spoiler alert—was killed by a dinosaur before he could ever flip the “On” switch again. In the story, Nedry’s superiors, back at headquarters, are frustrated when they learn that all the security systems have been disabled—and then they’re horrified to learn that, when disabling the door locks, Nedry had also turned off all the electric fences, too. Just like that, dinosaurs are running amok across the island.
As you recall the role of Nedry, the lessons for acquirers—across the entire M&A lifecycle, from due diligence through post-merger integration (PMI)—seem obvious:
- Screen for untrustworthy characters like Nedry.
- Don’t give him all that responsibility: Acquirers need to screen for people who have been given an extraordinary amount of responsibility and access; they’re inherently risky for the buyer.
- Don’t let the “switch for doors” also control the “switch for electric fences.”
That’s a good start. But the issues run far deeper than that.
First, consider the role of IT in the first place: It’s there to provide a seamless experience which supports all of the business’ objectives. The risks of breaking that chain increase substantially during an acquisition, since the IT team is tasked with trying to not only “keep the lights on,” but also integrate Company B into Company A, seamlessly. This is a big reason why more than 50 percent of mergers fail.
Unfortunately, this problem can often be traced to the top—far above the Nedry’s of the world. Leadership is driven in quarter-by-quarter sprints. They’re pressured to show growth. If they can’t achieve it organically, they’ll go on the acquisition war-path. You’re familiar with the press releases: “It’s a merger of equals! The synergy is ideal! We’ll have it all wrapped up in less than 100 days!”
If you’re Nedry, this is beyond maddening. It’s career-killing. Indeed, in the story, Nedry is angry that he’s been pushed too hard by senior leadership for not enough money; this is what triggers his defection. In real life, this kind of stress has physical complications, too: it’s taxing on the body; people have been hospitalized for less.
Think about all that can go wrong in such a scenario: Exfiltration of company data. Reputational damage. Key people—and their tribal knowledge—walking out the door.
Keys to the kingdom
It’s always dangerous to give too much responsibility to a single person like Nedry. He had privileged access to multiple horizontal and vertical stores of information: personnel, critical business information, company secrets, and more.
“Well, Nedry is evil,” you’d counter, “Of course that’s a problem.”
But even if you have a trustworthy version of Nedry, it’s still a problem. What if he or she has a medical event? Or wants to take time off? Or simply burns out trying to complete an exhaustive list of M&A activities (in addition to their 40-plus-hour workload) and weekend systems migrations?
Here’s another consideration: Would you ever get the best set of ideas from just one person, with just one perspective? Nedry was responsible for infrastructure and hardware support; would he, alone, be able to create the most innovative solutions to support the business’ IT M&A diligence and post-merger integration plans?
What vendors did Nedry hire? When you’re looking to acquire a company, you want to scrutinize all those contracts and look at the spend history:
- How has this organization managed projects?
- Have they chosen the lowest-price/technically-acceptable vendors—or value-based solutions?
- How do they manage vendors?
- How long have they been in place?
We’ve seen situations, unfortunately, in which vendors and the people hiring them have been far too cozy. The warning signs may be subtle: Why is that “Nedry” disengaged from projects recently? Why does he suddenly seem to have more disposable income?
The electric fence
In Jurassic Park, Nedry’s managers discover, right away, that his switching off the security doors also disabled the electric fences. But it doesn’t happen like that in real life. In reality, it’s worse.
History has shown that, more often than not, the problems created by the Nedry’s of the world go undetected for years. Without solid IT due diligence across the entire M&A cycle, you might just be buying a company that has unknowingly been sabotaged—a Nedry in your midst.
That’s when the bomb explodes for executives whose pre-deal diligence was lacking: They turn on the news and learn about their company from Bloomberg. They get frantic text messages from colleagues: “I’m being barraged by reporters! What do I do?” They’re besieged by random vendors offering to “help,” when they don’t even know what they need help with. It’s like walking into your office and discovering a T-Rex ripping up your desk.
Here are a few considerations (of many) when it comes to keeping those “dinosaurs” at bay:
- Lock down the perimeter. You’ll want to have strategically placed systems that are actively monitoring your virtual perimeter, replete with logs and reports. That’s one layer of defense.
- Educate your people. You’d be amazed—and dismayed—to learn how many breaches originate from social engineering. Bad actors will create fake LinkedIn accounts, and “friend” your employees… setting them up to “watch this attached video,” which ends up spawning a virus throughout the organization.
- Manage your vendors. Today’s hackers actively target an enterprise’s supplier base. Why? It’s often a weak link. Think of that HVAC vendor who opened the door for the massive breach of Target stores just a few years back.
Don’t let the dinos sabotage your M&A program
In a bit of creative foreshadowing, Nedry kept a photo of J. Robert Oppenheimer—father of the Manhattan Project and the atomic bomb—taped to his computer monitor. Don’t let that happen to you or your M&A program. Download Ensunet’s free pre-/post-merger integration IT checklist. Or contact us today for a free, no-obligation consultation with one of our friendly subject-matter experts. We’ll help you keep those dinosaurs at bay.
Remember: M&A value creation happens when you address technology considerations, which in turn drives measurable execution to realize synergies across the value chain.