White Paper: Mergers, Acquisitions and Divestitures

Synopsis:

The 2021 Fortune 500 CEO survey documents that two-third of the interviewed CEOs consider cybersecurity risk as their greatest concern. The implications of this rising source of risk are significant in the context of mergers and acquisition (M&A), as M&A transactions offer sophisticated cyber terrorists an opportunity to target the firms involved. The process of data migration and integration conducted in the immediate aftermath of the acquisition is complex, sensitive and exposes high-value data to potential cyberattacks, which is often further compounded by media coverage attracting the attention ofbad actors.

The industry has witnessed where the lack of good cybersecurity has a direct impact on M&A deals. In 2016, TalkTalk, a U.K.-based telecom business, was fined £400,000 when a threat actor accessed a customer database it acquired earlier was hacked. In 2017, the price of Verizon’s acquisition of Yahoo’s internet business plunged $350 million after Yahoo disclosed three massive data breaches compromising more than one billion customer accounts. And, companies exploring M&A today would be wise to consider a recent example from April 2020. A pending merger had 5% of its total purchase price set aside to cover the potential fallout from a ransomware attack. (Source: SecurityIntellignce)

As such, knowing what you are buying from a cybersecurity perspective, along with sustaining a good cybersecurity posture in your own business is becoming more critical from the deal price as well as understanding what level of historical risk you are buying or even selling.