Our thinking

Navigating change: US M&A H1 2018

What's inside

Clouds are forming on the horizon, however appetites for big-ticket deals have not yet diminished

US M&A defies market uncertainty

An impressive first half of the year for US dealmaking reflects M&A's enduring value in an uncertain market

After a very strong 2017—when M&A in the US reached its third-highest overall deal value since the financial crisis—deal value grew again in the first half of 2018. Compared to H1 2017, value rose 30.5 percent to US$794.8 billion when compared to the same period in 2017, while deal volumes held steady.

Activity has been brisk despite increasing macro-economic headwinds. The Federal Reserve recently raised interest rates and signaled its intention to do so again twice more before the year is out. Threats of a bourgeoning global trade war are intensifying after the imposition of tariffs by the US and other large economies. And the US stock market has experienced significantly higher volatility this year than it did last.

One could reasonably expect that M&A would cool against this backdrop, but the fact that it has not suggests that deals are going ahead for essential strategic reasons rather than opportunistic ones.

Technology and its disruptive impact across all sectors is one of the main factors that has made M&A a necessity. The impact has been most apparent in sectors such as retail and healthcare, where digital platforms are ideally placed to disrupt established service and distribution channels. No sector has been untouched, however. Unless non-tech companies have the resources in-house to write their own software and algorithms—and most do not—M&A may be the best option to keep pace with dynamic change.

We expect the second half of the year to be busy, but no one can afford to ignore the threats posed by rising interest rates, increasing protectionism, an incipient trade war that could increase tariffs, a potentially inverting yield curve, unsustainable pricing demands and a volatile stock market. Companies will need to navigate these dynamics if M&A's bull run is to continue.


John Reiss
Global Head of M&A
White & Case

Gregory Pryor
Head of Americas M&A
White & Case


Navigating change: H1 in review

First-half activity remains on par with 2016, as strong fundamentals continue to drive M&A

New York City buildings

PE hits new post-crisis high

Despite intensifying competition within the market, US private equity activity is yet to show signs of a downturn

aerial photography of Empire State Building in New York

Sector watch

Energy, mining & utilities leads the field

Bulky oil & gas deals pushed energy, mining & utilities close to the top spot in H1, while digital disruption ensured a steady flow of tech deals

large metal pipes

Technology M&A gets white hot in 2018

Dealmakers across all industries are looking to secure US tech assets in order to keep up with the technological changes disrupting their industries

urban area at night

Consumer firms adapt to survive

Despite a drop in headline figures, M&A within the US consumer sector remains an important method to secure long-term growth

root vegetables

Oil & gas M&A gains cautious ground

A steadying oil price signals a brighter future for oil & gas M&A, yet market caution remains

oil pipelines

Big-ticket deals drive pharma M&A

Activity in the sector is fueled by the need to refill product pipelines and navigate convergence between health and tech firms


Industrials & chemicals M&A gathers pace

Corporate repositioning and tax reform are two key trends driving M&A in the sector


Is blockchain M&A poised to accelerate?

US dealmakers are learning to navigate the complex world of blockchain M&A, but they will have to proceed with care in heavily regulated sectors

building windows

In focus: Financial services regulation

An overview of the financial regulatory landscape and key trends to watch

US dollar

Decision time for M&A in Delaware

Noteworthy rulings out of the Delaware Supreme Court and the Court of Chancery in the past six months are already having consequences for M&A activity

pedestrian streets

Spotlight on public companies: Cybersecurity and governance

The number and severity of cybersecurity incidents at major companies has increased, causing regulators to take a tougher approach. We look at five practical steps companies can take to manage these risks

computer programming


Key trends to watch in the months ahead

Acquirers shrugged off macro-economic uncertainty in the first half of the year to secure deals of strategic necessity

New York City buildings

Meet our partners

Global M&A leaders

John Reiss


John Reiss
Partner, New York


Gregory Pryor


Gregory Pryor
Partner, New York


 Dr. Jörg Kraffel

Dr. Jörg Kraffel
Partner, Berlin


Christopher Kelly


Christopher Kelly
Partner, Hong Kong


Allan Taylor


Allan Taylor
Partner, London


 Barrye Wall


Barrye Wall
Partner, Singapore


John Cunningham

John Cunningham
Partner, London


Alexandre Ippolito

Alexandre Ippolito
Partner, Paris


Spotlight on public companies: Cybersecurity and governance

The number and severity of cybersecurity incidents at major companies has increased, causing regulators to take a tougher approach. We look at five practical steps companies can take to manage these risks

4 min read

Regulators, including the Securities and Exchange Commission, have increased their focus on the growing threat of cybersecurity. This trend underscores the fact that cybersecurity is not merely an IT issue, but an integral component of a company's broader enterprise-wide risk management structure, necessitating board oversight of cybersecurity risk.

And of course, cybersecurity is a critical consideration in M&A transactions. The risk profile, security protocols and cybersecurity preparedness of any possible target should be carefully evaluated when considering potential business combinations.

Proper board oversight requires the board to be fully informed about both the effectiveness of existing cybersecurity measures and the importance of any cyber incidents that have occurred. Companies must assess whether they have adequate processes in place to ensure that cybersecurity risks and incidents are identified, evaluated and reported to the board in a timely manner.

To manage the risks posed by cybersecurity, companies should focus on five main areas:


1: Take a tailored approach

Cybersecurity risks vary by company. Companies should tailor their approach, taking into account the data for which they are responsible and the types of risks they may face. This is especially the case for personally identifiable information, such as payment or health data, as well as proprietary data and third-party data.


2: Choose the right oversight structure

Board oversight of cybersecurity can be achieved in a variety of ways. In many companies, the audit committee retains primary oversight of cybersecurity risks, consistent with its role overseeing enterprise risks generally. However, in some companies it may make sense to assign primary cybersecurity oversight to a risk committee that oversees a range of the company's enterprise risks, or a technology committee focused on oversight of technology-related risks.

Any oversight structure should include regular meetings with the company's chief information security officer (or equivalent). In addition, there should be appropriate protocols for elevating information about significant cybersecurity risks and incidents that arise between those meetings.


Cybersecurity is a critical consideration in M&A transactions.

3: Regularly assess the risks

The board (or relevant committee) should evaluate the company's cybersecurity risks and the effectiveness of its controls. To do this, it should use appropriate benchmarks to industry standards and regulatory requirements and maintain an awareness of ever-evolving state-of-the-art cybersecurity technologies and best practices. Directors will need to decide who should make those evaluations (management, internal audit, an external advisor or some combination thereof) and should have a "dashboard" to look at critical issues, monitor the progress of the company and watch for trends.


4: Develop crisis management and incidence response plans

An effective cybersecurity strategy requires expediency in responding to a breach and resilience in addressing and recovering from such a breach. Having a crisis management team in place, including representatives from investor relations, IT, legal and management, allows the company to: (i) respond quickly and effectively to a cyber incident; (ii) gather information in order to craft accurate disclosure; (iii) address shareholder concerns when information is released to the market; and (iv) understand the role of outside counsel in leading forensic investigations and maintaining privilege.

Companies should consider conducting cyber breach simulations to test for weaknesses and prepare personnel for a true incident.


5: Watch for red flags

Directors should be on alert for red flags that might indicate that cybersecurity resources are insufficient and, if appropriate, request an independent assessment of the company's cybersecurity programs. Directors should be mindful of cyber incidents at peer companies and critical vendors, which can provide insight into the types of attack the company might be subject to and highlight potential systems and supply chain vulnerabilities that should be addressed.

While board oversight of cybersecurity is critical, the directors' role is to oversee companies' risk management, not to manage those risks themselves. Directors do not need to know how specific cyber protection and detection technologies work. The board should focus on ensuring that the company identifies and assesses its key risks through adequate policies, procedures, technical resources, personnel and organizational structures. It should also ensure that the company tracks and manages those risks effectively over time, keeps leadership fully informed and discloses incidents and other material cybersecurity risks to the full extent required.



This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2018 White & Case LLP