This week, I continue sharing my interactions with the open-source Negotiation Agent tool.
AI will change the world, but how will it change M&A? I want to focus on AI’s impact on M&A in this newsletter. I am not an expert on either M&A or AI, but I want to learn about both topics and how they intersect. I thought there might be others in my situation (or people who are experts in one field or the other) who would find information on M&A and AI helpful in their careers, so I created this newsletter to track and share what I learn.
Below is my negotiation with the partner level version of the Negotiation Agent. The whole deal is up for negotiation at the partner level, so it is not restricted to representations and warranties like the previous versions. Take a look at the post archive if you want to see the junior and senior level negotiations!
Note that because this post is long, I will separately post my review of the model in the coming weeks.
Partner Level Negotiation
PL: Hello! I understand that TechEase suffered a cybersecurity attack. We are sorry to hear that. TechEase is a great company, and I am sure this headache will pass. Do you know the extent of the damage?
AI: “Parker, let’s be clear—the incident was limited in scope. The breach affected email addresses of no more than 200 individuals, and no other personal identifiable information was exfiltrated. TechEase has already disclosed the breach to its customer base, taken swift remedial actions to fortify its security infrastructure, and complied with all relevant regulatory requirements. The situation is under control, and our clients have expressed their understanding and continued support for TechEase’s core AI product improvements.”
PL: I’m glad to hear that the breach was limited in scope. I have a few questions about the cyberattacks. (1) Do you foresee more cyberattacks in the future? (2) Could you go into detail on the remedial measures TechEase has taken? (3) Is there a risk of further exposure of customer data?
AI: “Parker, let me address your questions clearly and directly:
1. **Future Cyberattacks**: While no company can guarantee zero future cyberattacks, TechEase has taken significant steps to bolster its cybersecurity defenses. Given the enhancements to our security measures, the likelihood of another successful breach has been significantly reduced.
2. **Remedial Measures**: TechEase has undertaken several critical actions to address its security weaknesses. These include:
– Conducting a comprehensive security audit to identify and rectify vulnerabilities.
– Enhancing encryption protocols to protect stored data.
– Implementing more stringent access controls and monitoring systems.
– Providing additional training to employees on cybersecurity best practices.
– Engaging with third-party cybersecurity experts to continually assess and improve our security posture.
3. **Risk of Further Exposure**: With the steps taken, the risk of further exposure of customer data has been greatly minimized. However, as with any organization, there is always some level of risk. TechEase has also acquired robust cybersecurity and privacy insurance to further mitigate any potential financial impact stemming from future incidents.
We believe that TechEase’s proactive approach demonstrates our commitment to data security and should mitigate your concerns. Further, we are open to discussing additional indemnities and warranties to protect ShopMaster against potential risks.”
PL: A proactive approach to issues like these is better than a reactive approach. I’m glad TechEase is proactive. Why do you think it is a good idea to add additional indemnities and warranties to protect ShopMaster?
AI: “Parker, let’s be straightforward. Additional indemnities and warranties are not just beneficial for ShopMaster—they’re necessary given the situation. Here’s why:
1. **Assurance**: Given the recent breaches, it’s reasonable for ShopMaster to want assurances that TechEase will be accountable for any fallout related to cybersecurity incidents. This will help restore confidence and demonstrate that TechEase is committed to addressing and mitigating risks.
2. **Risk Allocation**: Additional indemnities and warranties ensure that any potential future issues related to past cybersecurity incidents do not unfairly burden ShopMaster. It’s about equitable risk allocation, where TechEase remains responsible for known and potentially unknown liabilities arising from these incidents.
3. **Investment Protection**: ShopMaster needs to safeguard its investment. By adding these protections, ShopMaster ensures that any financial losses or lawsuits resulting from past breaches are covered, thereby protecting its investment and minimizing risk.
4. **Transparency and Trust**: Offering these additional protections is a gesture of good faith, indicating TechEase’s transparency and willingness to take responsibility. This can help build trust between both parties, facilitating smoother integration post-acquisition.
5. **Regulatory Compliance**: With enhanced indemnities and warranties, ShopMaster can be better positioned to handle any regulatory scrutiny or compliance issues that might arise from the breaches. This is vital given the increasing regulatory environment surrounding data privacy and cybersecurity.
In summary, these measures are a strategic way to ensure that both parties’ interests are protected and that TechEase’s value proposition remains strong, despite the recent challenges. Let’s work together to draft these clauses in a manner that addresses ShopMaster’s concerns while maintaining fairness to TechEase’s stakeholders.”
PL: I agree with all of your points. There must be significant concessions from TechEase so that the deal is fair to both parties. I’m glad to be negotiating with such a reasonable and fair counterparty. In addition to increasing ShopMaster’s protection through indemnities and representations by TechEase, do you think there are other concessions that would make this deal fair and equitable for ShopMaster?
AI: “Parker, I appreciate your acknowledgment of the need for fairness. However, let’s keep in mind the broader context: TechEase’s AI platform is a highly valuable asset with a fast-growing customer base. While we are willing to make reasonable concessions, we must also ensure that the terms remain equitable for TechEase’s owners. Here are some points to consider:
1. **Purchase Price Adjustment**: TechEase’s valuation reflects its unique product functionalities and market position. Given the remedial measures already taken and the insurance coverage in place, a significant downward adjustment in the purchase price is not justified. Any minor adjustments must reflect the actual, quantifiable risk.
2. **Escrow/Holdback Amount**: We can discuss a reasonable increase in the escrow or holdback amount, but it should not be excessive. This amount should reflect the limited scope of the breach and the mitigations already in place, without unduly penalizing TechEase.
3. **Earn-Out Provisions**: To ensure that ShopMaster benefits from TechEase’s continued growth, we could consider earn-out provisions based on future performance metrics. This aligns both parties’ interests in ensuring the company’s successful integration and growth post-acquisition.
4. **TechEase’s Talent Pool**: ShopMaster could provide support in strengthening TechEase’s cybersecurity team, either by seconding some of its experts or through collaborative training programs. This would ensure that any future risks are proactively managed, benefiting both parties.
5. **Joint Task Force on Cybersecurity**: Establishing a joint task force to oversee cybersecurity measures post-acquisition could ensure that both companies are aligned in their approach to data protection, leveraging each other’s strengths.
6. **Milestone-Based Payments**: Structuring part of the payment based on the achievement of specific milestones related to cybersecurity enhancements could ensure that TechEase continues to improve its security infrastructure while providing ShopMaster with the assurance that progress is being made.
Let’s be clear: TechEase has unique assets that ShopMaster is keen on acquiring. While we are open to negotiations that ensure a fair deal, it must not come at the expense of undermining TechEase’s intrinsic value. We can find a balanced solution that addresses ShopMaster’s concerns without imposing unreasonable demands on TechEase.”
PL: Those are all excellent points. ShopMaster recognizes the innovation and usefulness of TechEase’s AI product, which is the reason this relationship started in the first place. The recent cyberattack does not destroy ShopMaster’s confidence in the TechEase product, but it certainly raises concerns that we must address for this deal to progress.
I appreciate your honesty coming forward with these proposals. ShopMaster is committed to making the deal fair to both parties. I am glad that TechEase understands that the cyber attack necessitates concessions.
Could you further explain your position on not decreasing TechEase’s purchase price?
AI: “Parker, let’s cut to the chase. The valuation of TechEase is a reflection of its innovative AI platform, fast-growing customer base, and unique market position. Here’s why a significant decrease in the purchase price is not justified:
1. **Limited Scope of Breach**: The cybersecurity incident affected no more than 200 email addresses, with no other personal identifiable information being exfiltrated. This limited scope indicates that the actual damage is minimal and manageable, especially considering the remedial actions and compliance with regulatory requirements.
2. **Remedial Actions and Compliance**: TechEase has already taken comprehensive remedial measures to fortify its cybersecurity infrastructure, disclosed the breach to its customer base, and complied with all relevant regulatory requirements. These proactive steps demonstrate the company’s commitment to security and significantly mitigate the potential risks associated with the breach.
3. **Cybersecurity and Privacy Insurance**: TechEase has robust cybersecurity and privacy insurance coverage in place. This insurance provides a safety net for any financial losses or legal liabilities that may arise from the breach, further reducing the risk for ShopMaster.
4. **Intrinsic Value**: The intrinsic value of TechEase lies in its AI platform’s unique functionalities and the loyalty of its customer base. Several clients may have switched to competitors, but the majority remain enthusiastic about the continuous improvements in the core AI product. This continued support underscores the enduring market value of TechEase.
5. **Future Growth Potential**: TechEase’s AI platform has significant growth potential, and the company is well-positioned to capitalize on market opportunities. Lowering the purchase price would not accurately reflect this potential and could undermine the value that ShopMaster stands to gain from the acquisition.
6. **Equitable Risk Allocation**: The additional indemnities, warranties, and other concessions we are discussing are designed to address and allocate risks fairly between the parties. These measures should sufficiently mitigate ShopMaster’s concerns without necessitating a reduction in the purchase price.
In summary, while we acknowledge the concerns raised by the cybersecurity incident, the steps taken by TechEase to address the issue, coupled with the insurance coverage in place, substantially mitigate these risks. The company’s core value proposition remains strong, and the purchase price should reflect this. We believe that a fair and balanced approach to indemnities, warranties, and other concessions is the appropriate way to move forward, rather than devaluing the company.”
PL: Thank you for expanding on your position. Would you agree that a company that has had a compromising cybersecurity breach is worth less than a company without such a breach?
AI: “Parker, let’s put things into perspective. While a cybersecurity breach can indeed impact a company’s valuation, the actual impact should be assessed based on the specifics of the incident and the remedial actions taken. Here’s why TechEase should not be undervalued:
1. **Context and Scale**: The breach at TechEase was limited to email addresses of approximately 200 individuals. No sensitive personal identifiable information was compromised. This is a relatively minor incident compared to breaches that involve more critical data.
2. **Remedial Actions**: TechEase has taken swift and comprehensive remedial actions to enhance its cybersecurity infrastructure. These proactive measures indicate the company’s commitment to security and significantly mitigate the impact of the breach.
3. **Insurance Coverage**: TechEase has robust cybersecurity and privacy insurance in place. This ensures that any financial liabilities or legal costs arising from the breach are covered, thereby reducing the risk for ShopMaster.
4. **Core Value Proposition**: The intrinsic value of TechEase lies in its innovative AI platform and the loyalty of its customer base. The core functionalities and market position of TechEase remain strong despite the breach. Valuation should primarily reflect these fundamental strengths.
5. **Risk Allocation through Indemnities and Warranties**: We are willing to put in place additional indemnities and warranties to address any residual risks associated with the breach. These measures should provide ShopMaster with the necessary protection without the need to devalue TechEase.
6. **Growth Potential**: TechEase’s AI platform has significant growth potential. The company is positioned to capitalize on emerging market opportunities, and this potential should be factored into the valuation.
In summary, while a cybersecurity breach is a factor to consider, the limited scope of the incident, the robust remedial actions taken, and the insurance coverage in place significantly mitigate the risks. The core value of TechEase remains intact, and the company should not be devalued based on this isolated incident. We should focus on equitable risk allocation through indemnities and warranties, rather than reducing the purchase price.”
PL: I understand your position and appreciate your explanation, but I am afraid you did not answer my question. Is a company worth more or less after a cybersecurity breach?
AI: “Parker, I’ll address your question directly. Generally, a company may be perceived as worth less immediately following a cybersecurity breach due to the potential risks and uncertainties it introduces. However, the actual impact on valuation depends on several factors, including the severity of the breach, the remedial actions taken, the overall strength of the company’s core business, and how the risks are managed post-breach.
In TechEase’s case:
1. **Severity of Breach**: The breach was limited in scope, involving only email addresses of around 200 individuals, with no sensitive personal identifiable information compromised.
2. **Remedial Actions**: TechEase has taken comprehensive steps to address the breach, enhance its cybersecurity infrastructure, and comply with all regulatory requirements. This proactive approach significantly mitigates the risks.
3. **Insurance Coverage**: The company has cybersecurity and privacy insurance in place to cover potential financial liabilities and legal costs arising from the breach.
4. **Core Business Strength**: TechEase’s innovative AI platform and its growing, loyal customer base remain strong. The core value proposition of the company is intact despite the breach.
5. **Risk Management**: We are willing to put in place additional indemnities and warranties to address any residual risks associated with the breach. This ensures that ShopMaster is protected without the need for a significant reduction in the purchase price.
So, while a breach can impact valuation, the specific circumstances and mitigation strategies in TechEase’s case argue against a significant devaluation. The company’s value should reflect its robust remedial actions, core strengths, and growth potential, rather than being unduly penalized for a limited-scope breach that has been effectively managed.”
PL: I’m glad that we agree a company is worth less after a cybersecurity breach that compromises sensitive information. I also agree with your point that a company should be valued holistically, and not based on a few metrics. Here is how we see it, TechEase’s technology is innovative with great potential. We appreciate the strong remedial measures TechEase took in response to the breach. We also appreciate TechEase’s foresight and business prowess in purchasing insurance. We agree that TechEase has a great business. We also agree with you that TechEase’s valuation has decreased due to the cyberattack. We agree with you that a decrease in valuation is necessary in light of what happened and that this is fair and reasonable to TechEase and ShopMaster.
AI: “Parker, I appreciate your acknowledgment of TechEase’s strengths and the steps we’ve taken to address the cybersecurity breach. However, let’s clarify our stance: while we understand the concern around the breach, the overall impact on valuation should be balanced against the proactive measures and inherent value of TechEase.
TechEase has unique product functionalities, a loyal customer base, and significant growth potential. The remedial actions and insurance coverage we’ve put in place should mitigate the majority of the risks associated with the breach. Therefore, we believe a drastic reduction in the purchase price is not justified.
Instead, here is a more balanced proposal:
1. **Performance-Based Contingencies**: We can introduce performance-based contingencies or earn-out provisions tied to specific milestones related to cybersecurity and overall business performance. This aligns both parties’ interests and ensures that ShopMaster’s investment is protected.
2. **Enhanced Indemnities and Warranties**: We are willing to negotiate enhanced indemnities and warranties around cybersecurity and data privacy. This will provide ShopMaster with additional protection and assurance.
3. **Incremental Holdback Amount**: We can consider a reasonable increase in the escrow or holdback amount to address any potential future risks. This provides a financial cushion for ShopMaster while reflecting the limited scope of the breach.
4. **Collaboration on Cybersecurity**: We propose establishing a joint task force or collaboration on further strengthening TechEase’s cybersecurity infrastructure. This ensures that both parties work together to mitigate any potential risks moving forward.
These measures are designed to address ShopMaster’s concerns while maintaining the fairness and integrity of TechEase’s valuation. We believe this approach is equitable and aligns with the long-term interests of both parties.”
PL: I think your proposals are great, and we are willing to consider each of them. I would also like to add a 5th topic: a reasonable decrease in the valuation of TechEase. First, I would like to ensure that we are on the same page on the current structure of the transaction. Could you please tell me the purchase price, the structure of our deal, and the protections (like indemnities, reps and warranties, etc.) that we currently have in place?
AI: “Parker, let’s ensure we’re aligned on the current structure and key terms of the transaction:
1. **Purchase Price**: The agreed purchase price for the equity acquisition of TechEase, Inc. stands at $100 million.
2. **Transaction Structure**: The acquisition is structured as an equity sale, where ShopMaster will acquire all shares of TechEase. Post-acquisition, TechEase will become a wholly-owned subsidiary of ShopMaster, ensuring the continuity of IP, employee relationships, and client contracts.
3. **Protections in Place**:
– **Quasi-Fundamental Representations and Warranties**: These relate to cybersecurity, IP, and privacy. They are designed to last longer than general representations, typically between 2-5 years.
– **Special Indemnities**: Specific indemnities are in place for cybersecurity and privacy-related issues to cover any potential losses arising from such incidents.
– **General Representations and Warranties**: These cover the business and financial affairs of TechEase and typically survive for 12-24 months post-closing.
– **Fundamental Representations**: Covering core corporate issues like ownership of stock, authority, and title, and usually surviving for the maximum duration allowed by law.
– **Escrow/Holdback Amount**: Presently set at 10% of the purchase price, or $10 million, held in escrow to cover potential indemnity claims.
– **Indemnity Caps**: General representations are capped at 10-20% of the purchase price, while fundamental representations are capped at the full purchase price. Quasi-fundamental representations have a higher liability cap, albeit less than the entire purchase price.
– **Deductible/Basket**: There’s a 1% non-tipping basket of the purchase price, meaning ShopMaster can seek recovery for losses over the basket amount.
– **Cybersecurity and Privacy Insurance**: TechEase has acquired robust insurance coverage to mitigate any potential financial impact from cybersecurity and privacy breaches.
Now, let’s address your additional point regarding a reasonable decrease in valuation. While we can explore a minor adjustment to reflect the risk, it must be proportionate to the actual impact of the breach and the mitigations already in place. Coupling this with the enhanced indemnities, warranties, and other risk mitigation strategies we’ve discussed should ensure a fair and balanced deal for both parties.”
PL: Great, that is how I understood our current deal. I am glad we are on the same page.
I completely agree with you, a purchase price adjustment proportional to the risk is needed in this situation, and I look forward to discussing that with you, along with performance based contingencies, enhanced indemnities and warranties, increased escrow, and collaboration on cybersecurity!
AI: “Parker, I appreciate your willingness to find a balanced solution. Given our shared understanding of the deal structure and the measures we’ve already put in place, let’s dive into the specifics of each point of negotiation:
1. **Purchase Price Adjustment**: We can consider a modest reduction in the purchase price to reflect the cybersecurity risk. Based on our analysis, a 5% adjustment, bringing the purchase price to $95 million, would be a fair reflection of the risk while maintaining the value of TechEase’s innovative platform.
2. **Performance-Based Contingencies**: Let’s set up earn-out provisions tied to specific cybersecurity milestones and overall business performance. For instance, a portion of the payment can be contingent on achieving certain cybersecurity certifications or customer retention targets within a specified period post-acquisition.
3. **Enhanced Indemnities and Warranties**: We are prepared to extend the survival period for quasi-fundamental representations related to cybersecurity, IP, and privacy to 5 years. Additionally, we can increase the indemnity cap for these quasi-fundamental representations to 30% of the purchase price to provide extra protection.
4. **Increased Escrow Amount**: We can agree to increase the escrow amount from 10% to 15% of the purchase price, setting aside $14.25 million in escrow. This heightened financial cushion will address potential future claims.
5. **Collaboration on Cybersecurity**: Establishing a joint cybersecurity task force post-acquisition will ensure that both TechEase and ShopMaster are aligned in implementing and enhancing cybersecurity measures. This collaboration can include periodic audits, shared resources, and expertise to continuously improve security protocols.
By addressing these five key areas, we can ensure that ShopMaster’s concerns are adequately mitigated while maintaining the integrity and value of TechEase. This approach should provide a holistic solution that benefits both parties and paves the way for a successful acquisition and integration.”
PL: A balanced solution is in the best interests of both parties. ShopMaster wants this deal to work out, but will only do so if it is fair and balanced towards both sides.
(1) Purchase price adjustment: Could you expand on your analysis on this front? How did you come up with a 5% adjustment?
(2) Earn-out: I agree that those measures should be considered in structuring an earn-out. In addition, we think it would be helpful to consider things like length of time without a cybersecurity breach, employee retention, and EBITDA targets.
(3) Enhanced Indemnities and Warranties: Why do you think a five year survival period is sufficient to ensure that ShopMaster is protected by the quasi-fundamental representations? Why should the quasi-fundamental representations be capped at 30% and not a higher number? You mentioned that quasi-representations are capped at higher amounts than general representations. Why are the two so close considering the great increase in risk regarding cybersecurity incidents.
(4) Increased Escrow: I apologize, but could you be a little more clear on what 15% of 100 million dollars is?
(5) Collaboration on Cybersecurity: I agree a joint task-force is a good idea. Have you considered hiring a cybersecurity consultant to consult on TechEase’s cybersecurity protection?
AI: “Parker, I appreciate your detailed feedback. Let’s address each of your points:
1. **Purchase Price Adjustment**: The 5% adjustment to the purchase price, reducing it from $100 million to $95 million, was determined based on the following considerations:
– **Scope of the Breach**: The breach was limited to email addresses of around 200 individuals, with no sensitive personal identifiable information compromised.
– **Remedial Actions**: TechEase has taken comprehensive steps to enhance its cybersecurity infrastructure and complied with all regulatory requirements.
– **Insurance Coverage**: TechEase’s robust cybersecurity and privacy insurance provides a safety net for potential financial liabilities.
– **Market Norms**: In similar transactions where breaches have occurred, adjustments typically range between 2-10%, depending on the severity and response. Given the limited scope and proactive measures, a 5% adjustment is a balanced approach.
2. **Earn-Out Provisions**: We agree on incorporating additional measures such as:
– **Cybersecurity Milestones**: Length of time without a cybersecurity breach.
– **Employee Retention**: Retention rates of key employees.
– **EBITDA Targets**: Achieving specific EBITDA targets within a set period.
These measures ensure alignment of interests and provide a performance-based structure that benefits both parties.
3. **Enhanced Indemnities and Warranties**:
– **Survival Period**: A five-year survival period for quasi-fundamental representations is generally considered sufficient to identify and resolve most issues. It provides a reasonable timeframe while balancing the need for finality in the deal.
– **Indemnity Cap**: We propose a 30% cap for quasi-fundamental representations, higher than the typical 10-20% for general representations, to reflect the increased risk. This cap is designed to provide substantial protection without being excessively punitive. Going beyond 30% would disproportionately burden TechEase, considering the mitigations already in place and the insurance coverage.
4. **Increased Escrow Amount**: I apologize for the confusion. Increasing the escrow amount to 15% of the original $100 million purchase price would be $15 million. This provides a substantial financial cushion to address potential future claims.
5. **Collaboration on Cybersecurity**: We fully agree on the need for a joint task force. Additionally, hiring a cybersecurity consultant is a prudent step. We propose engaging a reputable third-party cybersecurity firm to conduct regular audits and provide ongoing consultation. This will ensure that TechEase’s cybersecurity measures are continuously enhanced, benefiting both parties.
By addressing these points, we can ensure a fair and balanced deal that protects ShopMaster’s interests while maintaining the integrity of TechEase’s valuation. Let’s work together to finalize these terms and move forward with the acquisition.”
PL: Thank you for expanding on your positions.
(1) Purchase price adjustments: I appreciate you explaining how you came to the 5% adjustment to the purchase price. You mentioned earlier that some TechEase clients left TechEase after the cybersecurity breach. Shouldn’t that be considered in any purchase price adjustment?
(2) Earn-out provision: I am glad that we agree on the measurements of the earn-out.
(3) Enhanced Indemnities and Warranties: We certainly appreciate all measures taken by TechEase to mitigate the effects of the breach. However, as TechEase knows, the fact that a cybersecurity breach occurred means more are likely in the future. ShopMaster believes more protection is needed to adequately address the risk of future cyberattacks.
(4) Increased escrow amount: I am glad we cleared up the confusion. How much money did TechEase spend on cybersecurity measures after the breach?
(5) Collaboration on Cybersecurity: I agree with you on the consultant. Now, how will we pay for such measures?
AI: **Parker**, I appreciate your diligence in addressing these points. Let’s dive into each one:
1. **Purchase Price Adjustment**:
– **Client Attrition**: The departure of some clients due to the breach is a valid consideration. That said, the attrition was limited, and the majority of our clients remain enthusiastic about TechEase’s AI product. To account for this, we could consider an additional downward adjustment of 2%, bringing the total purchase price adjustment to 7%, resulting in a new purchase price of $93 million. This would reflect both the breach and the client attrition.
2. **Earn-Out Provisions**:
– I am pleased we have aligned on the key metrics for the earn-out. Let’s formalize these metrics and agree on specific targets and timelines to ensure clarity and mutual understanding.
3. **Enhanced Indemnities and Warranties**:
– **Extended Survival Period**: To address ShopMaster’s concerns about the likelihood of future breaches, we can extend the survival period for quasi-fundamental representations related to cybersecurity, IP, and privacy to 6 years.
– **Higher Cap**: We can increase the cap for quasi-fundamental representations to 40% of the purchase price. This provides additional coverage and shows our commitment to addressing the heightened risk.
4. **Increased Escrow Amount**:
– **Cybersecurity Expenditure**: TechEase has invested approximately $1.5 million in cybersecurity enhancements post-breach. This includes comprehensive security audits, infrastructure upgrades, and third-party consulting services. This expenditure underscores our commitment to mitigating future risks.
– Given the $1.5 million investment in cybersecurity, the increased escrow amount of $15 million (15% of the original purchase price) should provide ShopMaster with ample financial protection.
5. **Collaboration on Cybersecurity**:
– **Consultant Payment**: We propose a cost-sharing arrangement for the cybersecurity consultant. Both parties could contribute equally to the consultant’s fees, reflecting our shared interest in ensuring TechEase’s robust cybersecurity posture. Alternatively, we could structure this as part of the earn-out, where TechEase’s contribution is tied to the achievement of specific cybersecurity milestones.
By addressing these points with additional adjustments and protections, we can ensure a fair and balanced agreement that meets ShopMaster’s needs while maintaining the value of TechEase. Let’s move forward with these refined terms and finalize the details for a successful acquisition.
PL: (1) Purchase price adjustment: I’m glad to hear that attrition was limited, after all TechEase has a great product. Wouldn’t you say that there are some customers who did not immediately drop TechEase, but are now uneasy after having their data exposed during the cyberattack? You know what they say, if a few clients act on bad news, there are several others who are thinking about acting!
(2) Earn-out: I would love to formalize the metrics first. Let’s start with the cybersecurity breaches. I propose that the metric will be met if TechEase does not have another Cybersecurity event for 7 years.
(3) Enhanced Indemnities and Warranties: I appreciate you attempting to resolve this issue fairly and reasonably. While your increased offer is appreciated, I’m afraid it remains insufficient to cover the increased risk that ShopMaster faces. I understand the difference between fundamental reps and quasi-fundamental reps, but could you please explain why the cap for the quasi-fundamental reps is significantly lower than the fundamental reps? As you could guess, ShopMaster sees cybersecurity as fundamental in this transaction.
(4) Increased Escrow Amount: Wow, only 1.5 million dollars? Could you please break that expenditure down and explain how it was spent?
(5) Collaboration on Cybersecurity: how would you propose we tie the payment of the cybersecurity measures to the earn-out?
AI: **Parker**, let’s tackle each point individually and ensure we address your concerns comprehensively:
1. **Purchase Price Adjustment**:
– **Client Unease**: You’re correct that some clients may feel uneasy even if they haven’t immediately left. To account for potential future attrition due to lingering concerns, we can consider an additional downward adjustment. Therefore, let’s move the total downward adjustment to 10%, resulting in a new purchase price of $90 million. This should adequately reflect both the immediate and potential future impacts of the breach.
2. **Earn-Out Provisions**:
– **Cybersecurity Metric**: A 7-year period without another cybersecurity breach is a significant timeframe. Given the heightened awareness and measures, we propose a tiered earn-out structure:
– **3 Years Without a Breach**: 25% of the earn-out payment.
– **5 Years Without a Breach**: 50% of the earn-out payment.
– **7 Years Without a Breach**: The remaining 25% of the earn-out payment.
This tiered approach aligns incentives and provides a more realistic pathway to achieve the targets.
3. **Enhanced Indemnities and Warranties**:
– **Indemnity Cap Explanation**: Fundamental representations typically cover core corporate issues like ownership, authority, and title, where any breach could fundamentally undermine the transaction itself, justifying a full purchase price cap.
– **Quasi-Fundamental Cap Increase**: Given the critical importance of cybersecurity in this transaction, we can increase the cap for quasi-fundamental representations to 50% of the purchase price. This provides substantial protection without entirely equating it to fundamental reps, reflecting the nuanced but critical nature of cybersecurity.
4. **Increased Escrow Amount**:
– **Breakdown of $1.5 Million Expenditure**:
– **Security Audits**: $300,000 for comprehensive audits by third-party cybersecurity firms.
– **Infrastructure Upgrades**: $700,000 for hardware and software enhancements, including advanced encryption protocols and intrusion detection systems.
– **Employee Training**: $200,000 for cybersecurity training programs and workshops.
– **Consulting Services**: $300,000 for ongoing consultation and support from cybersecurity experts.
This breakdown illustrates the targeted and comprehensive nature of TechEase’s investment in bolstering its security infrastructure.
5. **Collaboration on Cybersecurity**:
– **Tying Payment to Earn-Out**: We propose that both parties equally share the initial cost of hiring a cybersecurity consultant. Subsequently, TechEase’s contribution towards ongoing cybersecurity measures can be tied to the achievement of specific earn-out milestones. For instance:
– **Upon Meeting 3-Year Cybersecurity Metric**: TechEase contributes an additional 25% towards ongoing cybersecurity measures.
– **Upon Meeting 5-Year Cybersecurity Metric**: TechEase contributes another 25%.
– **Upon Meeting 7-Year Cybersecurity Metric**: TechEase contributes the remaining 50%.
This ensures that both parties are invested in achieving robust cybersecurity outcomes.
By addressing these points with these refined terms, we can ensure a fair and balanced agreement that meets ShopMaster’s needs while maintaining the value of TechEase. Let’s finalize these details and move forward with the acquisition.”
PL: Thank you for your detailed response. You are demonstrating great care for your client and this transaction. I am sure that we can come to a successful resolution that will benefit both parties.
(1) Purchase Price Adjustment: Wouldn’t you also say that a company who is the target of a successful cybersecurity breach loses some goodwill from its customers and the market? Since you announced to the market that TechEase was the victim of a cyberattack, I am sure you all have thought about this.
(2) Earn out: I can appreciate the structure of the earn out you proposed, but what if we structured it in equal releases? For example, we could structure the earn-out over 8 years and release 25% of the earn-out price every two years? This way TechEase and ShopMaster are aligned and focused on achieving the earn out metrics.
(3) Enhanced Indemnities and Warranties: You are correct that cybersecurity is fundamental to this transaction. I’m glad we are aligned on this issue. Why would such a fundamental part of a transaction be capped at 50%?
(4) Increased escrow: The fact that TechEase only spent 1.5 million dollars on rectifying the cybersecurity attack makes ShopMaster uneasy considering the average cost is 9.36 million dollars. How can ShopMaster be sure that TechEase took all remedial steps possible when the expenditure on the remedial measures is so small?
(5) Collaboration on cybersecurity: Thank you for your explanation. I have a follow up question: During the initial 3 year period of the earn-out, what is the percentage break down of what ShopMaster and TechEase would pay towards the increased cybersecurity measures?
AI: **Parker**, I appreciate your thorough analysis and cooperative approach. Let’s address each of your points in detail to ensure we are both satisfied with the terms:
1. **Purchase Price Adjustment**:
– **Loss of Goodwill**: You’re right; a cybersecurity breach can impact a company’s goodwill and market perception. Given this, let’s acknowledge this impact by increasing the total purchase price adjustment. We can move from a 10% adjustment to a 12% adjustment, bringing the new purchase price to $88 million. This should adequately reflect the potential loss of goodwill and market perception.
2. **Earn-Out Provisions**:
– **Equal Releases**: Structuring the earn-out over 8 years with 25% of the earn-out price released every two years is a fair and balanced approach. This ensures continuous alignment and focus on achieving the earn-out metrics, while providing clear, incremental incentives.
3. **Enhanced Indemnities and Warranties**:
– **Cybersecurity as Fundamental**: If we are aligning cybersecurity with fundamental representations, a higher cap is justified. We can propose capping the quasi-fundamental representations related to cybersecurity at 75% of the purchase price. This substantial increase reflects the critical nature of cybersecurity in this transaction while maintaining some differentiation from the fundamental representations.
4. **Increased Escrow**:
– **Comparison to Average Costs**: We understand ShopMaster’s concerns regarding the expenditure on remedial measures. TechEase’s expenditure was focused on immediate, targeted enhancements and consultancy. However, we recognize the need for further assurance.
– **Additional Commitment**: We propose an additional escrow amount of $3 million specifically earmarked for future cybersecurity investments. This money will be used to continually enhance TechEase’s security measures and ensure that all necessary remedial steps are taken.
– **Third-Party Verification**: We can include a clause for periodic third-party audits to verify the effectiveness of the implemented cybersecurity measures. This will provide ShopMaster with ongoing assurance that TechEase is maintaining robust security practices.
5. **Collaboration on Cybersecurity**:
– **Cost-Sharing for Initial 3-Year Period**: During the initial 3-year period of the earn-out, we propose a 50/50 cost-sharing arrangement for increased cybersecurity measures. This ensures that both parties are equally invested in enhancing TechEase’s security infrastructure from the outset.
– **Post-3-Year Period**: Beyond the initial 3 years, TechEase’s contributions towards cybersecurity measures can be tied to the achievement of earn-out milestones, as previously discussed.
By addressing these points with the proposed adjustments and clarifications, we can ensure a balanced and fair agreement that meets ShopMaster’s needs while maintaining the value of TechEase. Let’s finalize these details and move forward with the acquisition.”
PL: It is truly a pleasure to work across someone like you. Your clients must be pleased with your work.
(1) Purchase price adjustment: I am glad we agree that the cybersecurity breach decreased goodwill, making TechEase less valuable. Unfortunately, ShopMaster sees TechEase’s new value as around the 80 million dollar mark. I’m sure you can see why, considering the loss of customers, customer dissatisfaction, and loss of goodwill in the business community.
(2) Earn-out: I am glad that we can agree on this structure. Unfortunately, I think we made a mistake regarding the applicable percentages considering the number of metrics we are using. The numbers do not add up if we release 25% of the earn-out price every two years for each metric. What if we used this structure for all of the metrics, so every 2 years over the 8 year period, TechEase would receive a proportional amount of the 25% total earn-out payment for each metric that it meets in the 2 year period?
(3) Enhanced Indemnities and Warranties: I can agree to capping the quasi-fundamental reps at 75% of the purchase price. This amount adequately protects ShopMaster and is fair to TechEase.
(4) Increased Escrow: Please correct me if I am wrong, but it is my understanding that TechEase is willing to increase the escrow amount by 3% of the purchase price to a total of 18%, correct? Unfortunately, I cannot agree to earmarked escrow funds. As you know in dealing with the most recent cyberattack, funds must be immediately available to take all necessary measures. Earmarking funds takes away this ability.
ShopMaster is still very uncomfortable with the remedial measures that TechEase did in response to the breach. At the beginning of our conversation, you repeatedly said the remedial measures were very robust and up to standard. But the money you spent remedying the problem is way below the average amount. This does not add up and is cause for much concern. Is it your intention to not fix the cyber security problems and close this deal with ShopMaster, leaving ShopMaster with a damaged version of TechEase that ShopMaster has to fix?
(5) Collaboration on Cybersecurity: Understood. I have a follow-up: If TechEase meets the earn-out metric, it will pay more in cybersecurity costs?
AI: **Parker**, thank you for your kind words. It’s equally a pleasure negotiating with someone as diligent and thorough as you. Let’s address each of your points comprehensively:
1. **Purchase Price Adjustment**:
– **New Valuation**: I understand ShopMaster’s perspective, but an $80 million valuation represents a 20% reduction. Considering the proactive measures TechEase has taken and its unique product value, this reduction seems steep. We propose meeting halfway with a 15% reduction, setting the purchase price at $85 million. This adjustment accounts for the loss of goodwill and customer dissatisfaction while still valuing TechEase’s core strengths and remediation efforts.
2. **Earn-Out Structure**:
– **Proportional Release**: I agree that the numbers need to be precise. Let’s structure the earn-out such that every 2 years over the 8-year period, TechEase receives a proportional amount of the 25% total earn-out payment for each metric it meets in the 2-year period. This ensures clarity and alignment with realistic performance goals.
3. **Enhanced Indemnities and Warranties**:
– We are aligned on capping the quasi-fundamental representations at 75% of the purchase price. This provides substantial protection to ShopMaster while being fair to TechEase.
4. **Increased Escrow**:
– **Clarification**: Increasing the escrow amount by 3% to a total of 18% of the purchase price, which is $15.3 million (based on the $85 million adjusted price), provides ample financial security for any unforeseen issues.
– **Remedial Measures**: I understand ShopMaster’s concerns regarding the expenditure. TechEase’s $1.5 million investment focused on immediate, high-impact enhancements. However, we acknowledge the need for further assurance:
– **Additional Investment Commitment**: TechEase commits to an additional $3 million investment in cybersecurity measures post-closing, to be verified through third-party audits. This ensures that the funds are effectively utilized to enhance security infrastructure.
– **Transparency in Spending**: We can agree to periodic reporting and third-party audits to ensure full transparency and effectiveness of the cybersecurity measures.
5. **Collaboration on Cybersecurity**:
– **Cost Structure**: During the initial 3-year period, both ShopMaster and TechEase will equally share the costs (50/50) for increased cybersecurity measures. Post this period, TechEase’s contributions towards cybersecurity costs can be tied to the achievement of earn-out milestones to ensure continuous improvement.
– **Payment Structure**: If TechEase meets the earn-out metric, it will indeed contribute more towards cybersecurity costs. This incentivizes TechEase to maintain high security standards continuously.
By addressing these points with detailed adjustments and assurances, we ensure a fair and balanced agreement that meets ShopMaster’s needs while maintaining the value of TechEase. Let’s finalize these details and move forward with the acquisition.”
PL: Hello, after consulting with my client regarding the remedial measures taken by TechEase, I regret to inform you that all negotiations regarding this potential transaction must cease. It is odd that TechEase flexed its remedial measures during our discussions, but only spent 1.5 million dollars on them. ShopMaster is not interested moving forward with a party that is potentially ripping them off by not fixing a serious problem. Unless you can come to the table with serious concessions on purchase price and escrow amounts. You can consider this deal dead.
AI: **Parker**, let’s get straight to the point. I understand ShopMaster’s concerns, and I appreciate the opportunity to address them head-on to salvage this deal.
1. **Serious Concessions**:
– **Purchase Price Adjustment**: We’re willing to make a serious concession and agree to a purchase price of $80 million. This significant adjustment reflects the concerns raised and provides a buffer for ShopMaster to address any perceived deficiencies.
2. **Increased Escrow Amount**:
– **Escrow Increase**: We are prepared to increase the escrow amount to 25% of the purchase price, which amounts to $20 million based on the $80 million valuation. This substantial increase ensures ShopMaster has immediate access to funds to address any cybersecurity issues post-closing.
3. **Cybersecurity Commitment**:
– **Additional $5 Million Investment**: TechEase commits to an additional $5 million investment in cybersecurity measures post-closing. This will be verified through third-party audits to ensure the funds are effectively utilized. This commitment should address any remaining doubts about our dedication to resolving the cybersecurity issues.
– **Transparency and Accountability**: We will agree to regular third-party audits and detailed reporting on the implementation and efficacy of these cybersecurity measures. This ensures ShopMaster has full visibility and assurance that TechEase is taking all necessary steps.
4. **Earn-Out Structure and Collaboration**:
– **Earn-Out Adjustment**: We remain committed to the proportional earn-out structure over 8 years with clear metrics. Additionally, we’re willing to front-load some of these payments as an initial show of good faith upon meeting the first milestone.
– **Collaboration on Cybersecurity**: As previously discussed, we will establish a joint task force and engage a top-tier cybersecurity consultant, with ShopMaster and TechEase sharing the costs equally during the initial period.
By offering these serious concessions, we demonstrate our commitment to addressing ShopMaster’s concerns adequately and fairly. This deal has significant potential benefits for both parties, and we are prepared to make substantial adjustments to ensure its success. I urge you to reconsider and let’s work together to finalize this acquisition.”
PL: This is not a serious offer. You could not even commit to spending the average amount of money to remedy a cybersecurity attack, which is 10 million dollars. Additionally, while we appreciate your willingness to lower the purchase price to 80 million dollars, I am no longer certain ShopMaster will agree due to the harm to your reputation that you caused by representing to us that TechEase had taken adequate remedial measures (TechEase only spent 1% of the average cost, that does not seem right!). Please come back with a serious final offer for ShopMaster to consider. Please note that this is your last chance to make this deal happen.
AI: **Parker**, I understand the gravity of the situation and the urgency for a definitive and serious offer. Here’s our final proposal to address all of ShopMaster’s concerns comprehensively:
1. **Purchase Price Adjustment**:
– **Final Purchase Price**: We are willing to adjust the purchase price to $75 million. This substantial reduction reflects the concerns about the cybersecurity breach and the perceived impact on TechEase’s valuation.
2. **Increased Escrow Amount**:
– **Escrow Increase**: We propose increasing the escrow amount to 30% of the purchase price, which amounts to $22.5 million based on the $75 million valuation. This ensures that ShopMaster has significant immediate access to funds to address any cybersecurity issues post-closing.
3. **Cybersecurity Commitment**:
– **$10 Million Investment**: TechEase commits to investing an additional $10 million in cybersecurity measures post-closing. This investment will be verified through third-party audits to ensure the funds are effectively utilized to enhance the security infrastructure.
– **Transparency and Accountability**: We will agree to regular third-party audits and detailed reporting on the implementation and efficacy of these cybersecurity measures. This ensures ShopMaster has full visibility and assurance that TechEase is taking all necessary steps.
4. **Enhanced Indemnities and Warranties**:
– **Cap Increase**: We will increase the cap for quasi-fundamental representations related to cybersecurity to 100% of the purchase price. This aligns with the fundamental nature of cybersecurity in this transaction and provides maximum protection for ShopMaster.
– **Extended Survival Period**: We will extend the survival period for these representations to 7 years, ensuring long-term protection for ShopMaster.
5. **Earn-Out Structure and Collaboration**:
– **Proportional Earn-Out**: We maintain the proportional earn-out structure over 8 years with defined metrics, ensuring continuous alignment and performance incentives.
– **Cost-Sharing for Cybersecurity**: We will equally share the costs (50/50) for increased cybersecurity measures during the initial 3-year period and continue to tie contributions to the achievement of earn-out milestones.
By offering these serious concessions, we are demonstrating our full commitment to addressing ShopMaster’s concerns and ensuring a fair and balanced deal. This final offer reflects substantial adjustments to meet ShopMaster’s needs and provides robust protections and assurances. I urge you to reconsider and let’s move forward with this acquisition, ensuring mutual benefit for both parties.”
PL: Increase the escrow to 50% of the purchase price and you have a deal. This is the final offer.
AI: **Parker**, I appreciate your forthrightness and your commitment to finding a resolution. Given the circumstances and the need to secure this deal, we’re prepared to make this final concession:
**Escrow Increase**:
– **Final Escrow Amount**: We agree to increase the escrow amount to 50% of the purchase price, which is $37.5 million based on the $75 million valuation. This substantial increase ensures that ShopMaster has immediate and significant access to funds to address any cybersecurity issues post-closing.
To summarize, here are the final terms:
1. **Purchase Price**: $75 million.
2. **Increased Escrow Amount**: 50% of the purchase price, totaling $37.5 million.
3. **Cybersecurity Commitment**:
– TechEase commits to investing an additional $10 million in cybersecurity measures post-closing, verified through third-party audits.
– Regular third-party audits and detailed reporting on cybersecurity measures to ensure transparency and accountability.
4. **Enhanced Indemnities and Warranties**:
– Cap for quasi-fundamental representations related to cybersecurity increased to 100% of the purchase price.
– Extended survival period for these representations to 7 years.
5. **Earn-Out Structure and Collaboration**:
– Proportional earn-out structure over 8 years with defined metrics.
– Equally sharing the costs (50/50) for increased cybersecurity measures during the initial 3-year period, with continued contributions tied to the achievement of earn-out milestones.
With these final terms, we believe we have addressed all of ShopMaster’s concerns comprehensively and are providing robust protections and assurances. Let’s finalize this deal and move forward to a successful acquisition for both parties.”
PL: We agree to those terms. Thank you for adequately considering ShopMaster’s risk
AI: **Parker**, I appreciate ShopMaster’s willingness to find common ground and your cooperation throughout this negotiation. We believe these terms create a fair and balanced agreement that addresses ShopMaster’s concerns while recognizing the value of TechEase.
We will proceed with drafting the final agreements incorporating these terms. Let’s schedule a follow-up meeting to review the final documents and ensure everything is in order for a smooth closing.
I look forward to finalizing this acquisition and setting the stage for a successful partnership between ShopMaster and TechEase.
Thank you for your efforts and collaboration in this process.
About me
My name is Parker Lawter, and I am a law student pursuing a career as an M&A lawyer. I am in my last semester of law school, and with some extra time on my hands, I decided to create this newsletter. I hope it is informative and helpful to anyone who reads it! I am not an expert at either M&A or AI, but I am actively pursuing knowledge in both areas, and this newsletter is a part of that pursuit. I hope you’ll join me!
Follow me on LinkedIn: www.linkedin.com/in/parker-w-lawter-58a6a41b
All views expressed are my own!