Cybersecurity Risks Suddenly Are Emerging As Challenge to Closing Promising Business Deals
Discover how cybersecurity issues became a financial problem in major deals for Verizon and Marriott, and what steps to take to protect your business deals.
Doing due diligence is a common part of any complex business deal, as buyers assess financials, employees, technologies and risks.
As technology plays an increasing role in the work of all types of companies, cybersecurity is an increasingly critical part of pre-closing assessments. And concerns about cybersecurity have seriously derailed recent business deals.
How Critical Is Cybersecurity in Business Due Diligence?
Cybersecurity is a massive issue for companies. Hacks, including ransomware and data theft, can be devastating for businesses’ bottom line and reputation if they fall victim to an attack. Yet even some of the largest companies in the world have seen deals restructured due to unforeseen issues with cybersecurity.
Consider Verizon’s 2017 purchase of Yahoo! The phone and internet giant purchased the news site in 2017, but not before massive issues with data security were discovered. The acquisition was ultimately confirmed for $4.48 billion, a $350 million discount.
Data breaches that initially were believed to have affected 500 million Yahoo1 users were at the heart of the restructured deal., with Verizon and Yahoo! agreeing to split the legal and regulatory costs. However, ultimately all 3 billion user accounts were affected by the breach, Verizon announced months after the deal was restructured.
Similarly, Marriott International paid a hefty price for a breach during its acquisition of Starwood Hotel & Resorts. The Marriott-Starwood deal, valued at $13.6 billion, was hampered by a years-long cyber breach of its reservations system beginning in 2014. According to Bloomberg, hackers accessed records including passport numbers, travel plans and loyalty program account data, beginning in 2014. Starwood also disclosed a security breach mere days after the deal was announced.
The implications were real for Marriott, as the hack could allow hackers into Marriott‘s portal. But the financial implications were even direr. The U.K.’s Information Commissioner’s Office (ICO) fined Marriott $123.6 million in July 2019, claiming the hotel chain had failed to protect European Union residents’ data as part of the recently enacted General Data Protection Regulation.
The U.K. regulators claimed that “Marriott hadn’t conducted proper due diligence when it bought Starwood in 2916,” according to the Wall Street Journal.
How Can I Protect My Company from Cybersecurity Issues in an Acquisition?
If your company is considering a merger, buyout or other major transaction, consider taking these steps to ensure that cybersecurity issues are front and center and do not derail a deal:
- Mark Your Risk. Be sure that you have a clear sense as to what data is most vulnerable, whether it’s employee data, client files, financial information, intellectual property or other data. What would the impact if that data were compromised?
- Determine Risk Vulnerabilities. Your business needs to have systems in place to identify, prioritize and mitigate risks. You also need solutions in place to detect, respond to and resolve risks as they arise.
- Test Systems. Penetration testing and other assessments need to be done regularly to ensure that new vulnerabilities that emerge are addressed and threats accounted for.
- Monitor Third Parties. Your system likely relies on third-party systems, whose controls and vulnerabilities must also be known and addressed.
Veltec Networks helps businesses in San Francisco and San Jose with penetration testing, firewalls, network security, data backup services and other solutions that protect your business. To learn more, contact us today.
