“Wall Street Is expecting an M&A Explosion This Year” –Business Insider
“Tax Cuts Fuel Biggest Merger Spree Since 2000” –The Wall Street Journal
Whether it’s the tax cuts or optimism about the economy or piles of cash on hand, it is likely that this is the year many more companies will confront firsthand the hard truth that cyber risk = merger risk.
The infamous case in point: The discovery during Verizon’s acquisition of Yahoo! in 2017 of the massive data breach of Yahoo! user accounts, resulting in a $350 million price reduction – in effect, Verizon’s revised estimate of the risk (of legal judgments, for instance) it was taking on with Yahoo! And in fact, Yahoo! investors recently won an $80 million court settlement.
So proactive cyber due diligence has become a must-do, especially in deals where the key assets are customer data or intellectual property. Typically, that includes evaluating the company’s “first line of defense” by running penetration testing or checking compliance with best practices standards. But more sophisticated acquirers also run a thorough analysis that puts a price tag on cyber risk.
RiskLens can help. The RiskLens application was built to estimate the financial costs of cyber risk, and just as important, the FAIR model (that’s Factor Analysis of Information Risk) that powers RiskLens provides a roadmap for the difficult tasks of data gathering in merger due diligence.
Let’s take an analysis of the target company’s Top 10 cyber risks as the starting point. The FAIR approach is, first of all, a structured way for analysts to interview experts from around the company – not just in IT, but finance, legal, HR – to uncover…
With accurate data on the company’s top risks in hand, analysts can run the numbers through the RiskLens application’s Monte Carlo engine. The result is a distribution, a curve showing a range of probable loss in dollars for each risk or all top risks aggregated.
As a decision tool in a merger, where complete visibility into the target company is tough to achieve, this output has some big advantages: