9 Things Security Directors Should Know About SPACs and IPOs

Taking a company public can be extremely advantageous.

Companies use initial public offerings (IPOs) or special purpose acquisition companies (SPACs) to gain access to new capital, enhance their business, and accelerate their future growth. Another benefit is the significant increase in a company’s visibility and industry credibility that comes with pursuing public fundraising.

The popularity of public fundraising events has increased dramatically since 2010. In this year alone there are more than 700 companies that plan to go public via SPACs or direct listings.

Source: Statista

While these high-profile events can provide enormous opportunities, they also create unique security challenges. A public fundraising event completely and irrevocable changes a company’s threat landscape, and elevates risks to a company’s reputation, its people, and its business operations.  

When it comes managing these risks — combating both digital and physical threats — it can take years to successfully design and implement a new security system. As companies mature, so do the requirements for effective and scalable security programs.

Going through an IPO can create a host of challenges. Here are 9 things security directors should consider:

1. The SEC requires public disclosure on company founders, executives, board members, and key employees. This creates opportunities for targeted criticism or harassment by people with grievances, particularly in the absence of reverse due diligence on the company, its management, and its partnerships to assess areas that may jeopardize a successful IPO.
2. A lack of due diligence of a company’s relationships overseas — including its agents, suppliers, vendors, and M&A partners — could result in a discovery that it’s doing business with foreign officials or state-owned enterprises and a perception of potentially illicit activities.
3. Heightened visibility of executives can expose them to harassment, protests, or even exposure to stalkers and persons of interest (POIs) who may wish to do them harm.
4. Public disclosures coupled with the ubiquitous amount of personally identifiable information (PII) on the Internet allows bad actors to more actively target company leadership on personal phones, emails, or at their homes.
5. Increased publicity around an IPO event often leads to greater scrutiny, controversy or activism directed at the company. This may result in harassment of company employees or lead to protest activity outside company facilities.
6. IPO filings often correspond with “roadshows” that involve executives, while public relations teams travel extensively and attend events where the company will need to ensure their safety and enable their mobility.
7. The volume of open-source, social media, and deep web conversations about a company will accelerate dramatically around an IPO event and remain elevated for a lengthy period thereafter. Dealing with a massive increase in coverage as well as a growing level of hostility or threats can sometimes overwhelm internal intelligence teams.
8. Rapid organizational growth often leads to new internal challenges, including problems with scaling, ensuring operational awareness (could also be common operating picture, situational awareness), informed decision-making, or continuity of effort around crisis management.
9. Rapid growth also forces most companies to redesign policies, refine roles, and revise organizational structures to ensure the continued safety of their people.

Having a plan and the resources in place beforehand can be the difference between a smooth process and a potential crisis.

Managing the risks of a public fundraising event will be time and resource intensive: the security window for successfully managing any anticipated IPO or SPAC event is at least one year before the announcement and requires ongoing security activities for an additional two to three years at a minimum.

Concentric has helped dozens of pre-IPO companies identify their unique risks and design tailored security and due diligence programs to help them manage today’s risks while scaling for the inevitable growth after a public event.

Contact us if you’d like to learn more about how we can support you.