A Surging Wave of M&A Sends IT Leaders Into Overdrive: Security and AI Readiness in the Spotlight
A new era is breaking across IT departments: organizations are reporting a dramatic uptick in merger and acquisition (M&A) activity, a shift that’s fundamentally reshaping how they approach cloud migrations, security policies, and artificial intelligence (AI) adoption. A recent survey by ShareGate, powered by Workleap, shines a spotlight on these accelerating trends and the growing pains that come with them. For Windows and Microsoft 365 professionals, the landscape in 2025 is turbulent: opportunities abound, but so do critical challenges, especially regarding security and the readiness for next-generation AI adoption.The M&A Boom: An Unprecedented Catalyst for IT Change
According to ShareGate’s research, a staggering 80% of IT leaders in North America and Europe are involved in or planning an M&A event within the next year or two. This is more than a headline figure. It marks the single largest catalyst for digital transformation in the corporate world in recent memory and suggests that, for many organizations, change is not optional—it’s an imperative.In the context of these transactions, Microsoft 365 (M365) migrations have gone from being a strategic planning item to an urgent operational requirement. As companies combine forces, they must rapidly unify their data environments, collaboration tools, and security protocols to enable business continuity and unlock growth potential. Yet, the process can be riddled with uncertainty.
The Harsh Realities of Data Migration
Richard Harbridge, a Microsoft MVP and ShareGate Champion, highlights the typical rush to organize data integration plans: “In the rush, it’s easy to overlook that this migration represents a critical opportunity to securely handle data and build the basis of future readiness for Copilot.”Migrating to the Microsoft 365 cloud isn’t just a technical operation. It’s an opportunity to evaluate what data is really needed, apply rigorous security controls, and develop policies that will ultimately allow organizations to safely leverage advanced AI tools like Microsoft Copilot. The trouble is, as the survey reveals, these are not background processes—they require deliberate planning, executive support, and specialized tools.
Security: Both Driver and Barrier in Cloud Migrations
The ShareGate survey finds that security remains front and center for IT professionals. 64% of respondents cited security improvements as the primary reason for migrating to Microsoft 365. Organizations want to leverage Microsoft’s advanced threat protection, compliance frameworks, and built-in governance tools. Indeed, the wave of ransomware attacks and high-profile data breaches in recent years has raised expectations for security infrastructures.However, the same survey exposes a deep paradox. While security is the major motivator for cloud adoption, it is also the greatest obstacle, especially as organizations look to scale their use of AI. “Managing security during these transformations is complex and multifaceted,” says Harbridge. “Security concerns push organizations to modernize but also act as barriers when scaling technologies.”
Top Security Challenges During M&A and Migration
The complex dance between tightening security and maintaining business agility plays out acutely in an M&A scenario. Integrating IT environments brings new risks:- Integration of Disparate Systems: Mergers often mean bringing together incompatible legacy systems, open security vulnerabilities, and poorly cataloged data assets.
- Compliance Requirements: Organizations in different jurisdictions may face conflicting regulatory requirements and overlapping obligations for data protection, such as GDPR in Europe and CCPA in California.
- Data Quality and Retention: Ensuring data is accurate, up-to-date, and managed according to compliance standards isn’t always straightforward in a high-stress acquisition or merger.
Who Drives the Change? IT Operations Takes the Lead in AI and Cloud Strategy
Another noteworthy finding is the shifting center of gravity in technology leadership. When asked who drives the adoption of AI tools like Microsoft Copilot, 42% of survey respondents pointed to IT operations and infrastructure teams, compared to 38% for security and compliance leaders.C-suite engagement remains vital, but the survey suggests a “bottom-up” dynamic is now dominant. Senior decision-makers often sketch big visions, but it’s the technical leadership—security architects, infrastructure engineers, and operations professionals—who are increasingly responsible for making cloud and AI adoption a reality.
Implications for Organizational Structure
This trend can yield benefits: hands-on tech leaders are generally closer to the everyday risks and know the legacy pain points and bottlenecks that will impact AI rollouts. However, the strain is visible—many IT leaders report a lack of resources and support from executives, which can leave organizations vulnerable to rushed decisions or missed opportunities for optimization.The Race to AI Readiness: Microsoft Copilot at the Forefront
AI is no longer hypothetical for most organizations. Microsoft’s Copilot, which integrates generative AI into the suite of Microsoft 365 apps, is on the deployment agenda or already in use at 62% of surveyed organizations. This is a notable acceleration: just a year prior, Copilot pilots were relatively rare, with large-scale deployments more aspirational than practical.Despite this, the journey to widescale AI integration is far from smooth. The major blockers? Data quality, retention controls, and access management.
- Data Quality: Without clean, structured, well-labeled data, Copilot and similar tools cannot provide reliable outputs. Any “garbage in, garbage out” weakness will quickly become a security risk and an operational headache.
- Retention and Access Control: Organizations are finding that their existing access policies are not always robust enough for the granular permissions required by AI systems, especially as they begin automating knowledge discovery and task delegation at scale.
Missed Opportunity: Migration Tools Often Chosen Too Early
Perhaps surprisingly, the survey also finds 55% of organizations select their migration solution before the M&A event is finalized. This can mean tools and approaches are chosen in a vacuum, without a full understanding of the true integration risks or the complex realities of the merger.The risk here is multi-fold:
- Inadequate Discovery: Early tool selection can bypass careful audits of the legacy environments being merged.
- Suboptimal Integration: Tools suited for “simple” migrations may not support the sophisticated policy mapping or custom transformation necessary in a merger involving regulated industries or sensitive IP.
- Underinvestment in Compliance: A tool that migrates data quickly might deliver speed at the expense of robust chain-of-custody controls or the ability to tag and segment sensitive data properly.
Strategic Recommendations: Turning Turbulence Into Opportunity
Given these findings, what should IT leaders, Windows admins, and decision-makers do to ensure migration and AI initiatives succeed amidst a tidal wave of M&A activity?Build Security Into Every Stage of Migration
- Comprehensive Assessment: Before choosing any migration tool, conduct a full asset discovery in both legacy environments.
- Involve Security Teams Early: Don’t wait until go-live to address compliance; security and compliance teams should help select tools and define migration policies.
- Automated Governance: Leverage tools within M365, like Microsoft Purview, to automate tagging, policy enforcement, and activity monitoring during and after migration.
AI Readiness: Start With the Data
- Cleanse and Catalog Data: A data-first approach, including data cleansing and cataloging, pays off not just for migration purposes but as a bedrock for Copilot AI deployment.
- Review Permissions: Use least-privilege models to revisit access controls, especially for sensitive content (legal, HR, IP).
- Pilot With Guardrails: Deploy Copilot (or any generative AI) with strict monitoring and feedback loops to identify misconfigurations early.
Executive Engagement and Organizational Alignment
- IT-Led, Business-Focused: While IT teams may be “in the driver’s seat,” success requires buy-in from executive stakeholders, finance, HR, and legal.
- Clear Communication: Regularly communicate risks, milestones, and opportunities of migration and AI projects to a cross-functional leadership group.
- Continuous Training: Ensure all IT and business users are up-to-date with security procedures, compliance changes, and best use of AI tools.
The View From the Field: Practitioner Insights
Industry conversations corroborate ShareGate's findings. Market analysts and IT consultants widely report increased client inquiries about managing the convergence of M&A, cloud security, and AI deployment.Real-World Scenarios
- A Global Pharma Merger: Two multinationals merging Europe and U.S. operations faced a labyrinth of regulatory obligations. Only by running a months-long, tool-agnostic assessment did they avoid costly compliance failures.
- A Financial Services Spin-Off: An IT team that bypassed early data scrutiny during migration later discovered unauthorized access by third parties—a scenario typically flagged by data governance best practices.
Strengths and Opportunities: Where Organizations Excel
- Proactive AI Exploration: With a majority of organizations already piloting or rolling out Microsoft Copilot, there’s ample willingness to experiment and learn from the bleeding edge.
- Universal Security Awareness: Security as the prime migration driver means most organizations are aware of their risk landscape and are motivated to modernize.
Risks and Pitfalls: The Roadblocks Ahead
- Overlooking Custom Security Needs: Every M&A event is unique; generic migration templates may not satisfy distinct regulatory or business constraints.
- AI Governance Gaps: Without robust policies, generative AI can inadvertently leak data, grant excessive access, or automate in risky ways.
- Resource Constraints: IT teams are stretched thin by overlapping demands for security, migration, and AI deployment. A lack of executive sponsorship amplifies this risk, threatening burnout and project failure.
What’s Next: Transforming Challenges Into Competitive Advantage
As the M&A wave continues, organizations that recognize migration as more than a technical procedure will emerge stronger. By treating security and AI readiness as integral to every phase—from due diligence to post-merger optimization—they turn potential chaos into a foundation for sustained innovation.Windows and Microsoft 365 professionals are well placed to lead this transformation. With the right strategy and tools, they can ensure that today’s urgent transitions lay the groundwork for secure, intelligent, and agile operations for years to come.
Conclusion: Leadership in Transition
The stakes have never been higher for IT departments navigating both consolidation and technological disruption. The findings from ShareGate show that while the road may be fraught with complexity, it is also ripe with opportunity. The true winners will be those who combine early strategic planning, cross-functional stakeholder engagement, and a relentless commitment to securing every link in the digital chain.M&A will always be a catalyst for change, but in the age of AI, it is also the gateway to organizational reinvention. Those who understand how to align people, processes, and platforms—especially Windows and Microsoft 365—will define the next chapter of enterprise technology.
Source: Morningstar https://www.morningstar.com/news/pr-newswire/20250514de87113/it-leaders-report-massive-ma-wave-while-facing-ai-readiness-and-security-challenges/
