Cybersecurity Issues Are M&A Deal Breakers

Uploaded on 2016-08-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Even as one-time Internet giant Yahoo is swallowed in a $6.5 billion acquisition, merger and acquisitions (M&A) experts have warned that due-diligence audits of companies targeted for acquisition often reveal cybersecurity risks that compromise compliance and could threaten the merger and acquisition activities.

The warnings come in the wake of research, compiled for West Monroe Partners by research firm Mergermarket, that found 70 percent of acquisition targets had compliance issues and nearly half lacked comprehensive data security architectures.

Audits had revealed an abundance of security issues when companies were closely examined by potential acquirers: fully 37 percent of respondents said they had seen targets prove to be vulnerable to insider threats, with 27 percent lacking a data-security team and 17 percent having weak employee password policies.

A third of respondents said they had previously found inadequate mobile security at target companies, while 30 percent had found problems with local server storage and 20 percent had issues with vulnerable cloud storage.

There is no telling what cybersecurity issues emerged during Verizon's examination of Yahoo's internal systems in the lead-up to the clinching of the deal. However, the massive acquisition is likely to have surfaced more than a few outstanding issues that needed to be addressed.

Such findings can often have a material impact on the terms of an acquisition, with 20 percent of respondents saying they would use such findings to negotiate better terms including a lower purchase price.

“To protect themselves from security lapses, acquirers are turning to vigorous due diligence to examine the IT infrastructure of deal targets,” the report notes. “Diligence procedures are quickly expanding and improving – but many companies continue to identify shortcomings in the process.”

Reflecting this expanded focus, some 77 percent of survey respondents said that the importance of security of data at M&A targets had increased dramatically over the past two years, with the considerable costs of data breaches driving acquirers to take an increasingly proactive stance that can also result in deals being iced if a potential acquirer’s cybersecurity defences aren't up to scratch.

And that, the report's authors concluded, is an all too frequent finding once potential acquirers start digging deep into systems that have often struggled to get meaningful funding in the long term. Yet the presence of cybersecurity issues in and of its own is not a deal-killer; only one-third of respondents said they use the information gained in cybersecurity audits to decide whether to go ahead with the deal.

Rather, the key is to evaluate how much impact those issues will have on the business and how easily they can be remedied; some 47 percent of respondents said they used due-diligence findings to start planning for fixes to the problems they identified.

“It's realistic to expect most M&A targets to have a few cybersecurity issues,” the report's authors concluded, noting that a proper due-diligence exercise must examine “the full gamut of risks” including breach history, specific data threats, problems for integration, and the cost of potential fixes. “The key is identifying them and determining how easily they can be addressed.”

The cost of correcting existing problems after a merger was the most frequently-cited concern about cybersecurity issues, nominated by half of respondents. This compared with 43 percent who were concerned about potential complications for post-merger integration; 37 percent worried about frequent or recent data breaches; 37 percent worried about threats to customer data; and 33 percent worried about threats to business data.

Respondents flagged a lack of cybersecurity staff as a key issue during M&A deals, with 32 percent saying not enough qualified staff had been involved in the due-diligence process during recent deals. This had often increased the cost of getting a newly acquired company up to speed, particularly since acquirers inherited both the infrastructure and the risks and potential penalties that would be incurred from an unforeseen security vulnerability.

“The abundance of new data security tools has made it easier to have cutting-edge technology in place,” the report noted. “But the way in which tools are used and relationships are managed remains paramount when it comes to maintaining sound cybersecurity.”

CSO

 

« Insider Trading: Ukrainian Hackers Accomplice Pleads Guilty
Bio-Electronics: A New Business Controlling Human Organs With Electronic Implants »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

Mexis

Mexis

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Alcatel-Lucent Enterprise (ALE)

Alcatel-Lucent Enterprise (ALE)

We are Alcatel-Lucent Enterprise. Our mission is to make everything connect with digital age networking, communications and cloud solutions.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

Tria Federal

Tria Federal

Tria Federal is the premier middle-market Technology and Advisory services provider delivering digital transformation solutions to federal health and public safety agencies.