October 13, 2015

Cyber Risk: Mergers and Acquisitions Will Never Be the Same

October is National Cyber Security Awareness Month – and a good time to put the spotlight on the role that cyber risk plays in mergers and acquisitions (M&A).

Last year, a survey of over 200 corporate and other deal-makers around the world showed that cyber risk is turning out to be a major threat to M&A deals.

The survey, by the law firm Freshfields Bruckhaus Deringer, showed that 90% of respondents believed cyber breaches would result in a reduction in deal value while 83% believed a deal could be abandoned if cyber security breaches were identified.

While these numbers reveal a growing recognition of the cyber threat, the survey also showed that in many cases the threat is not being addressed – 78% of respondents said “cyber security is not analyzed in great depth or specifically quantified” as part of the M&A due diligence process.

In today’s connected world, cyber risk of a target company must become part of the overall M&A risk evaluation process.

“Without a true understanding of the security posture of a target company, the risk of cyber security issues cannot be reflected in the price of the acquisition, and M&A teams cannot fully trust in the proper return on their investments,” wrote blogger Mike McCormack in a securestate.com story.

Here are guidelines.

An organization that stockpiles its old hard drives has an increased risk of a data breach. Clean out storage rooms now – and schedule secure destruction of hard drives.