Don’t Let Poor Cybersecurity Devalue Corporate Transactions
Learn about disastrous cybersecurity issues that have disrupted major corporate deals and how to keep data secured … and your company’s value maximized.
Due diligence has long been a standard operating procedure for any business involved in a merger or acquisition. Assets need to verified, inventories need to be audited and personnel needs to be tracked.
In 2020, add cybersecurity risk to the checklist of items that need to be covered. It’s a lesson that several buyers and sellers have recently learned painfully. Corporate deals are being reevaluated and in some cases put on hold due to concerns and exposures related to digital security. The issue has not been confined to smaller players, either. Major corporations are dealing with cybersecurity issues that are shaking up multi-billion deals. Here are a few examples:
- In 2017, Verizon agreed to purchase Yahoo!’s internet properties for $4.8 billion. However, after the purchase had been announced, the company revealed that a 2013 cyberattack affected all 3 million user accounts, up from the previously reported 1 million compromised accounts. The consequences were significant for both buyer and seller, with $350 million slashed from the purchase price, settling on $4.48 billion. Verizon and Yahoo! agreed to split the regulatory and legal costs as part of the compromise.
- Marriott agreed to buy its rival hotel chain Starwood in 2016 for $13.6 billion. However, mere days after the deal was announced, the companies announced a data breach that came on top of a massive 2014 breach that affected 500 million guests, compromising loyalty program accounts, travel histories and passport numbers. In 2019, the U.K.’s Information Commissioner’s Office (ICO) fined Marriott $123.6 million, noting that Marriott had failed to do proper due diligence and had compromised data of European Union residents in violation of the recently enacted General Data Protection Regulation.
- Spirit AeroSystems originally announced its acquisition of Asco, a mechanical assemblies producer, for $650 million in 2018. However, regulatory concerns about data processing prompted a price reduction to $604 million in May 2019. A month later, a cyberattack crippled production at Asco for a week, prompting a more significant reduction to $420 million. The deal has also been delayed with a closing pushed out to at least April 2020.
How Can We Reduce Cybersecurity Risk?
Cybersecurity is critical in mergers and acquisitions. It’s also more complex. To protect your business from deal-related losses, look to partner with an experienced data security firm to address key issues, including:
- Risk Assessment. You need to know what data is most essential to protect and what the impact would be if that information — from employee records to client files to intellectual property — were compromised.
- Risk Identification. Identify what risks exist, how likely they are, and what provisions are in place to identify risks, respond appropriately and recover data and operational control if an incident occurs.
- Risk Testing. People, systems, procedures and communication plans need to be tested to find out how they respond to a simulated attack. Not only does testing expose flaws in the plan, but it also provides for a practice run in the event of a real incident.
- Third Parties. Cybersecurity is important not only for your systems but those of your supply chain partners and collaborators.
- Regulation. Most companies today are subject to multijurisdictional compliance issues. Make sure your systems, processes and reporting are compliant.
Veltec Networks has cybersecurity experts and solutions that help businesses protect valuable data and systems. Contact us to learn more.
