Global accounting firm EY recently surveyed 2,300 senior executives about their mergers activity over the previous year and turned up this disturbing result: Of those who had canceled a planned acquisition, 39% said the primary reason was “concerns about cybersecurity”.
Maybe it’s the Yahoo! Effect, fallout from the disastrous data breaches that disrupted the sale of the internet company to Verizon. Yahoo! had to knock $350 million off the sale price, and fallout continues with shareholder lawsuits and an SEC investigation.
Or maybe it’s just the general jitters of this WannaCry Era of ever-rising cyber risk to corporations.
Mergers and acquisitions do create some special due diligence and other challenges on the cyber side, such as:
Are mergers teams up to these challenges? A survey by international law firm Freshfields Bruckhaus Deringer LLP in 2014 of 241 “global deal makers” found that:
The Freshfields report also suggests a five-part framework for M&A teams to handle cyber risk in merger deals:
1. Data Management Risk
Quantify the value of the data and detail how it is protected.
2. Technical Risk
A forensic investigation of data encryption, firewalls and other protections.
3. Corporate Risk
Audit contracts with third-party suppliers to assess how they protect client data.
4. Employee Risk
Evaluate training, processes in place, and employment contracts.
5. Track Record
Investigate if the company suffered a data breach in the past and how it was handled.