In the process of due diligence and the sea of documents that precedes a merger or an acquisition, it’s crucial to take stock of the target company’s strengths and assets, as well their weaknesses and liabilities. Among the many liabilities that acquiring companies need to review are the amount of financial debt, any complex legal activities and poor revenue streams. One of the biggest liabilities that acquiring companies need to consider is how well the target company manages its cybersecurity.
Modern businesses rely heavily on computer network systems and digital data and the quality of those systems often equates to the quality of operations. Companies should have plans to identify and recognize cyber risks and have a strong risk management plan in place. These plans give greater assurance to the acquiring company that the target company has done its best to prevent a cyberattack.
How Important Is Cybersecurity in a Merger or Acquisition?
According to an ISC2 study of 250 merger and acquisition professionals, the cybersecurity position of an acquisition target is one of the main issues that acquiring companies consider when seeking to make a deal. In fact, about 96% of them said they considered a strong cybersecurity program to be a serious factor in assessing the value of a company. Just under half of those who answered the survey said that they’d seen a merger or acquisition deal fall through because of cybersecurity issues. A 2016 survey by the NYSE Governance services, companies that discovered a major vulnerability considered passing on the deal.
Companies have good reasons to be concerned about cybersecurity protection. Around 52% of those surveyed reported that a publicly traded company’s share price dropped after it was acquired and later experienced a data breach. As an example, after a breach was discovered at Yahoo!, the acquiring company, Verizon, cut the value of the acquisition by $350 million.
All of the survey takers agreed that cybersecurity audits should be a standard part of acquisition deals as part of the due diligence process. The findings from the audit have a great deal of impact on the outcome of an acquisition.
All of the survey takers agreed that cybersecurity audits should be a standard part of acquisition deals as part of the due diligence process. The findings from the audit have a great impact on the outcomes of an acquisition. About 77% of the experts said that they would recommend one target acquisition over another based on the strength of their cybersecurity program. A little over half of them said that they considered a weak cybersecurity program to be a liability that would decrease the value of a company they were considering for acquisition.
Merger and acquisition experts agree that the existence of a cybersecurity program counts, and the quality of that program counts even more. Companies that are willing to make a financial investment in technology and human resources would be more likely to be viewed as not being much of a liability. Corporations can take specific steps to maintain or increase their value. Good risk management policies, security awareness training programs and promoting a culture of cybersecurity are positive steps that companies can take to substantiate their worth. Mature cybersecurity programs bring value to an acquisition deal.
During the course of an acquisition, the acquiring company should be looking at how companies store their electronic information and how they protect it. A cybersecurity analysis should incorporate cyber issues, electronic records and the infrastructure of the network. The data serves as an indicator of the viability of the company and it gives the buyers transparency into existing vulnerabilities and signals them around potential security problems. The findings from the analysis can also be used to evaluate the company and structure a fair, lucrative deal.
Problems for Target and Acquirer
Every acquisition comes with a degree of risk. Executives, attorneys and other professionals who work on mergers and acquisitions need to be as diligent as possible and should try to catch as many red flags as they can. There’s always a chance that a deal will uncover significant cybersecurity weaknesses. One of the major concerns is that the target company may cause vulnerabilities in the acquiring company and set the stage to take the entire entity down.
Finding issues is not yet an exact science and there are many hidden dangers. Individuals who work on merger and acquisition deals need to be aware of what hidden dangers look like and how to spot them. Looming cyberattacks can be invisible for long periods. Spotting cybersecurity issues is less about problem-solving after an incident has happened and more about being vigilant and proactive. It’s possible that neither side could detect malware or some other security issue that would devalue a company before the ink dries on the final forms. By the time any problems get discovered, it could be entirely too late.
Cybersecurity mistakes cost both sides and the cost can be quite high. As an example, Target Corporation experienced a data breach of the financial information of over 70 million of its customers. By the end of the ordeal, the company had lost over $162 million. By taking over another enterprise where there’s been significant cyber trouble, customers will distrust the company and it could substantially damage the company’s reputation. When a company’s reputation has been damaged enough, it can create a situation in which there is a loss of revenue for everyone.
Diligent Corporation sets companies up with all the right digital tools, including virtual deal rooms, for merger and acquisition deals to close successfully. Diligent designs its tools and programs by following the standards for cybersecurity. Diligent stays ahead of the topics and trends so that they can keep improving their products and ensuring that they continue to update their security protocols to the strongest level possible. Taking advantage of digital software solutions is the modern governance approach to mergers and acquisitions. Count on an industry leader like Diligent.