According to a recent M&A trends survey conducted by Deloitte, 51 percent of 1,000 executives responsible for Mergers and Acquisitions (M&A) at U.S. companies and private-equity investor firms listed cybersecurity threats as their top concern in executing deals virtually. (Compliance Week)
Especially now – as virtual work environments and digital-first processes are driving business in a post-pandemic era, cyber risk assessments must play a major role in M&A deals. 80 percent of global dealmakers said they uncovered data security issues in at least one-fourth of their M&A targets. From poor due diligence, to failures in post-merger processes, data security issues have created catastrophic exposures for numerous companies.
Cyber Attack Acquisition Risks
After the disclosure of two massive data breaches, Yahoo and Verizon agreed to new terms for the sale with Verizon paying $350 million less than originally planned. The two agreed to accept the hacking from the terms of “business material adverse effects” that could have affected the deal from closing with Verizon refraining from making any further attempts to reduce the deal price because of these hacks. Many wondered at the time if Verizon would simply cancel the Yahoo deal.
Another recent example known to MixMode involved a private equity company that acquired an e-commerce platform, and during the post-acquisition period, learned of a breach affecting the company’s public-facing application server. An attacker had gained unauthorized access to the underlying operating system, installed malicious code, and was skimming the credit card information of customers performing legitimate transactions.