Why do 70% of insurance merger and acquisition deals fail?

It may surprise you to learn that a staggering 70% to 90% of merger and acquisition (M&A) deals fall short of delivering their expected value. In the insurance sector, that risk is even higher. Legacy systems, sensitive data handling and stringent regulatory requirements mean that technology isn’t just part of the deal, it often determines its success or failure. Despite this, technology and cybersecurity are still brought in too late.

While deal activity slowed slightly in 2024, the insurance M&A landscape is showing signs of recovery. We’re seeing a shift towards fewer, larger, more strategic goals, often aiming to enhance digital capabilities or achieve greater scale. However, while discussions in boardrooms may heavily centre around financial aspects, the real complexities often emerge after the agreement is finalised. This is where the value is either realised or lost.

Integration: where success is determined

Post-merger integration is the moment of truth. This is where systems, teams and processes come together – and where cracks quickly appear. In the insurance realm, integrating policy systems, claims management platforms, customer databases, cloud environments and various other components is rarely straightforward. However, successful integration goes beyond the amalgamation of systems; it’s about people, operating models and navigating change.

When the integration process is rushed or inadequately resourced, the impact is immediate:

•  Operational bottlenecks
• Rising costs
• Security vulnerabilities
•  Delayed or lost synergies

Nearly half of all M&A failures are linked to IT integration challenges. Without a well-defined strategy in place, the value case behind the deal starts to fade, fast.

Due diligence: addressing challenges before the deal

Many of these challenges arise during due diligence. Too often, technology and cybersecurity are treated as checkbox exercises, despite their critical importance. This creates a blind spot at the worst possible moment.

Only around half of dealmakers properly assess IT during the due diligence process, even though 50% to 60% of M&A synergies hinge on technological considerations. Conducting thorough technology due diligence does more than identify risks, it helps recognise opportunities and gives oversight of the entire package, including:

• How scalable platforms are
• Where technical debt sits
• The quality and usability of data assets
•  Existing security posture

Missing these can mean that decisions are being made with only a partial picture.

Cyber risk: an aspect not to be overlooked

During mergers, cybersecurity is frequently underestimated. M&A activity creates a perfect environment for cyber risks, with systems undergoing changes, access points shifting and new connections being introduced. Malicious actors are keenly aware of these vulnerabilities, with more than half of organisations reporting disruptions to deals due to cybersecurity concerns, and two-thirds regretting their decisions post-acquisition due to security-related issues.

For insurers, the stakes are considerably higher. Sensitive customer data, regulatory pressure and reliance on third parties all increase the impact of getting it wrong. Identity management, cloud security, data governance and third-party risk need to be addressed proactively, or they can quickly escalate into significant liabilities.

What success looks like

The most successful insurers don’t treat technology as a bolt-on, but a core part of the deal strategy. They engage IT and security teams early in the process, build realistic integration plans and use the deal for transformative change.

Some insurers take this opportunity to consolidate or simplify infrastructure, accelerate cloud adoption or enhance their data platforms. Others may focus on eliminating technical debt or strengthening cybersecurity measures. A common thread among successful transactions is comprehensive preparation, alignment across teams and a clear, realistic understanding of how technology supports the strategic goals of the deal.

A quick checklist for insurance M&A success:

•  Engage IT and cybersecurity teams at the outset.
• Carry out thorough, structured technology and cybersecurity due diligence.
•  Outline the complexities and timelines of integration ahead of day one.
•  Ensure alignment between IT plans and business objectives, as well as synergy targets.
• Realistically budget for integration costs, typically around 6% or more of the deal’s value.
•   Retain essential IT talent and manage change effectively.

The bottom line

The biggest risk in M&A isn’t the deal itself, it’s waiting too long to involve the teams who make it work. Don’t postpone involving your technology and cybersecurity teams until the deal is officially closed. They are critical to protecting value, delivering synergies and ensuring long-term success. By including them early in the discussions, you can better understand potential risks and opportunities, significantly enhancing the likelihood of a smooth and successful integration.

How Softcat can assist you

At Softcat, we are committed to guiding insurers through every stage of the M&A lifecycle, from early due diligence through to post-merger integration. Our simple focus is to help reduce risk, move faster and realise value more quickly. We support with:

•  Infrastructure and cloud integration
• Secure data migration and analytics
•  Comprehensive cybersecurity assessments and remediation
•  Solutions for end-user computing and enhanced collaboration tools
• Managed services designed to stabilise IT throughout the integration process
•  Advisory support to align your IT strategy with overarching business goals

If you are considering a deal, or even just weighing your options, now is the perfect time to start asking questions about technology and security. We are here to help you find the answers you need for success. Click here to engage with our Sales team.