From fundraising to aggregations

"A trend that continues and is part of a significant numerical evolution of start-ups: in 2019 there were 10.630, currently there are 12.068, equal to 3.3% of all newly formed corporations and 1.438 more compared to the previous year (Source: Italian Ministry of Economic Development).” In 2020, despite the pandemic, start-ups raised €691 million in Italy, a slight decrease from €723 million raised the previous year - according to the numbers released at StartupItalia's #SIOS20 event - but with a significant increase in equity crowdfunding, which raised €81 million, almost 20 more than in 2019. It doesn't have to be in a garage, but often creativity is stimulated to the point where ideas are born that become important businesses. Or can become one. Let's take the case of a startup looking for investors willing to fund it.

To make a fundraising operation successful and thus convince investors to believe in it, you need to have valid cards in your hand: an interesting company history is not enough, but if it is told through updated, complete, easily traceable documentation that can be securely shared, it helps to make the idea attractive to serious investors. You need flexible and secure digital tools to better organize the work and all the documents needed for a due diligence. This is a very thorough and complex investigation that scrutinizes the target company (object of the funding in this case) at 360 degrees. A virtual data room, i.e. a secure and accessible virtual room, in the fundraising phase is indispensable for sorting, protecting and making information available to authorized stakeholders in a completely secure manner. Modular and multilingual, it allows access with a simple broadband connection and a device, even on the move and always maintaining high levels of protection and control over data and user access.

"The central point of this reform lies in the fact that data protection is an investment that the company makes for itself, to protect its information assets, to be competitive and invulnerable," .... "This involves an economic commitment for companies, but it is an element of modernization for them." In doing so, they will be able to "enter the digital society not passively but as protagonists: it is an extraordinary change." This is what the Privacy Guarantor Antonello Soro stated in his lectio magistralis held at the University of Florence in March 2019 talking about the difficulties of adapting SMEs to the GDPR. According to the Information Security&Privacy Observatory of the Politecnico of Milan, in a research released at the beginning of the pandemic of Covid-19, after 18 months from the introduction of the European directive, 55% of companies have completed the adaptation to the GDPR, 45% have increased investments for this purpose and 61% now have a Data Protection Officer in force within their organization. The statistical balance of the Privacy Guarantor of the first two years of the directive in Italy sees almost 2.800 data breaches reported to the Authority and more than 50.000 quarterly communications of contact data of the Data Protection Officer.

Let's take as an example a successful manufacturing company operating internationally. The company has embarked on the Industry 4.0 path to certify its products since 2019, but has fallen behind on other, equally strategic fronts: GDPR and IP protection, having an R&D department that is always working. What are the tools for a company that wants to adopt all the best practices necessary to be compliant with current data protection legislation (GDPR) and wants to protect its know-how and its competitiveness in the market? Where do you collect, how do you protect and securely share information regarding data of employees, suppliers, collaborators (in addition to confidential documents, patents and special projects) ensuring traceability?  In network folders, perhaps segregated, or with the most common file-sharing tools that by their nature cannot guarantee vertical security and protection of data and access? Digital technology now creates solutions that guarantee the protection of confidential information and data that we all deal with on a daily basis and that we cannot ignore. The protection of our information and/or the information of third parties who rely on us, must be given or rather, guaranteed by default. We are already behind the curve on digital and need to move on to the next steps. A workspace data room, i.e. a highly secure multi-project platform, is a solution for all the needs listed above. A single centralized platform that allows the organization and consultation of information, its segregation through selective user access when necessary and the secure sharing of infinite research & development projects with colleagues around the world.

In 2018 and 2019, public administration spending on ICT exceeded 3 billion euros per year - according to the forecasts by the Digital Agency - showing significant growth in the field that refers to cloud services, fixed telephony and service quality monitoring activities. The estimate sees a decrease in spending in local government, and also at the regional level in 2019 compared to the previous year, and an increase in the central government. These trends with respect to the different levels of PA are also found in the Assintel 2020 report that, before the pandemic, estimated for 2020 an ICT expenditure of 4.2 billion (considering also health and education) substantially stable compared to the previous year. The case history we are considering in this case concerns a small local administration with the need to identify a secure and flexible document management and sharing solution and a workflow tool that would allow the optimization of many internal activities. The company was equipped with a rigid document management tool, unable to generate permissions/roles to assign access privileges and selective viewing rights to the documentation among the people who had to interact with it. 

In this specific case, employees involved in certain internal processes (approval and authorization) often found themselves unable to follow the various steps approved or to be approved, to meet deadlines and to keep certain steps confidential in order to safeguard privacy. In addition to having the habit of exchanging documents, even confidential ones, via email.  Making a public or private organization go digital also means asking questions about how to optimize workflows, streamline and control internal procedures. For a company that wants to make numerous internal workflows more transparent and efficient and optimize activities and resources, the adoption of a workflow that assigns tasks and deadlines to all users involved in the work is the ideal solution. If it is integrated with a VDR that allows you to already have the documentation of interest uploaded, protected and indexed, selectively visible to users, this will make processes not only faster but also more secure.

Although the number of deals (1240) has returned to the minimum levels of five years ago due to Covid (-23% compared to 2019 instead), the year that just ended was quite rich for Italian M&A: the value of deals - according to the Investment Banking Italia report prepared by financial data provider Refinitiv - rose by 37% to $75.6 billion: a figure made possible by the intense activity of the last quarter and the important contribution of deals targeting Italian companies with French and US groups as the most convinced buyers. The financial sector - with the double blow scored by the Nexi group (Sia and Nets), the banking aggregation between Intesa Sanpaolo and Ubi Banca and the acquisition of Borsa Italiana at Euronext - has been the great protagonist followed by telecommunications and technology. The case study on M&A and VDR this time concerns an S.O.S. sent out by a biotechnology company which had been targeted by a couple of large groups known worldwide who had expressed interest in the purchase, with different development and internationalization plans, but both very attractive. The company, among the European leaders in its segment, structured and brilliant from the point of view of scientific research and with several international awards to its credit, was in fact at its first due diligence. A small operation, they estimated. After all, only 3 parties, everything under control. The company, in the pre-due diligence phase, had started to sort and share tax and legal documents between internal members and advisors through the company email. A data breach, a hacker infiltration in the company's email system on a Sunday morning was the reason why in such an emergency, a highly secure digital solution was sought. There was no full awareness that an exchange of confidential documents needs dedicated channels and tools. And that target companies in an M&A transaction are particularly exposed to the risk of cyberattacks. A survey conducted in 2017 by Donelley Financial Solutions and Mergermaket provided a worrying indication of the relationship between "desirable" companies for the market and vulnerability to cyberattacks: 80% of dealmakers surveyed by the research globally discovered data security flaws in at least one in four of the companies evaluated as potential targets for an acquisition.

How much can errors such as the one mentioned above damage target companies if actions aren’t taken in time? The analysis of a company’s degree of protection against data breaches and the impact that an event can have on the target company can also significantly change the evaluation of an asset. If no one had noticed the attack, the confidential information exchanged would have increased day by day, turning into an actual confidential business dossier up-to-date and available to all. There are many examples of fragility or lack of protection of information in M&A: the most sensational cases of M&A operations in full swing that have had to deal with data breaches are those of Yahoo-Verizon, which saw the latter lower its offer by 350 million dollars after discovering two significant cyber-attacks on its web portal, and Marriot International, which brought to light a huge and continuous theft of data related to Starwood Hotels customers after completing the acquisition of the hotel chain. In our biotech case history the need was therefore to immediately find a highly secure document sharing platform in which to transfer and protect all of the company’s confidential documentation, but which would also allow secure and granular sharing of documents to employees, collaborators and investors with different permissions, always accessible from anywhere in the world, 24/7/365.

Virtual data rooms are where due diligence, among the most widespread, sensitive and cross-cutting transactions, are undertaken, managed and concluded. Legal, financial, strategic, tax, real estate and cyber security due diligence. A modular and customizable VDR can meet both needs. In the VDR, documentation can be uploaded with a click to have protected, classified, updated documents ready to be presented; then it acts as a secure repository and, when configured specifically, becomes the secure sharing platform with access established based on the operational role of each user (or group of users) invited to evaluate the asset. The Q&A section, the Advanced OCR Search and the customized Reports are among the most useful and used functions because they speed up the activities and always give an updated picture of the Due Diligence process. © ALL RIGHTS RESERVED.