Cybersecurity Issues Are M&A Deal Breakers

Uploaded on 2016-08-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Even as one-time Internet giant Yahoo is swallowed in a $6.5 billion acquisition, merger and acquisitions (M&A) experts have warned that due-diligence audits of companies targeted for acquisition often reveal cybersecurity risks that compromise compliance and could threaten the merger and acquisition activities.

The warnings come in the wake of research, compiled for West Monroe Partners by research firm Mergermarket, that found 70 percent of acquisition targets had compliance issues and nearly half lacked comprehensive data security architectures.

Audits had revealed an abundance of security issues when companies were closely examined by potential acquirers: fully 37 percent of respondents said they had seen targets prove to be vulnerable to insider threats, with 27 percent lacking a data-security team and 17 percent having weak employee password policies.

A third of respondents said they had previously found inadequate mobile security at target companies, while 30 percent had found problems with local server storage and 20 percent had issues with vulnerable cloud storage.

There is no telling what cybersecurity issues emerged during Verizon's examination of Yahoo's internal systems in the lead-up to the clinching of the deal. However, the massive acquisition is likely to have surfaced more than a few outstanding issues that needed to be addressed.

Such findings can often have a material impact on the terms of an acquisition, with 20 percent of respondents saying they would use such findings to negotiate better terms including a lower purchase price.

“To protect themselves from security lapses, acquirers are turning to vigorous due diligence to examine the IT infrastructure of deal targets,” the report notes. “Diligence procedures are quickly expanding and improving – but many companies continue to identify shortcomings in the process.”

Reflecting this expanded focus, some 77 percent of survey respondents said that the importance of security of data at M&A targets had increased dramatically over the past two years, with the considerable costs of data breaches driving acquirers to take an increasingly proactive stance that can also result in deals being iced if a potential acquirer’s cybersecurity defences aren't up to scratch.

And that, the report's authors concluded, is an all too frequent finding once potential acquirers start digging deep into systems that have often struggled to get meaningful funding in the long term. Yet the presence of cybersecurity issues in and of its own is not a deal-killer; only one-third of respondents said they use the information gained in cybersecurity audits to decide whether to go ahead with the deal.

Rather, the key is to evaluate how much impact those issues will have on the business and how easily they can be remedied; some 47 percent of respondents said they used due-diligence findings to start planning for fixes to the problems they identified.

“It's realistic to expect most M&A targets to have a few cybersecurity issues,” the report's authors concluded, noting that a proper due-diligence exercise must examine “the full gamut of risks” including breach history, specific data threats, problems for integration, and the cost of potential fixes. “The key is identifying them and determining how easily they can be addressed.”

The cost of correcting existing problems after a merger was the most frequently-cited concern about cybersecurity issues, nominated by half of respondents. This compared with 43 percent who were concerned about potential complications for post-merger integration; 37 percent worried about frequent or recent data breaches; 37 percent worried about threats to customer data; and 33 percent worried about threats to business data.

Respondents flagged a lack of cybersecurity staff as a key issue during M&A deals, with 32 percent saying not enough qualified staff had been involved in the due-diligence process during recent deals. This had often increased the cost of getting a newly acquired company up to speed, particularly since acquirers inherited both the infrastructure and the risks and potential penalties that would be incurred from an unforeseen security vulnerability.

“The abundance of new data security tools has made it easier to have cutting-edge technology in place,” the report noted. “But the way in which tools are used and relationships are managed remains paramount when it comes to maintaining sound cybersecurity.”

CSO

 

« Insider Trading: Ukrainian Hackers Accomplice Pleads Guilty
Bio-Electronics: A New Business Controlling Human Organs With Electronic Implants »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Menlo Security

Menlo Security

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email.

Lares Consulting

Lares Consulting

Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing and coaching.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

iZOOlogic

iZOOlogic

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defence solutions to protect client digital assets.

North American International Cyber Summit

North American International Cyber Summit

The North American International Cyber Summit brings together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Larsen & Toubro Infotech (LTI)

Larsen & Toubro Infotech (LTI)

LTI is a global technology consulting and digital solutions company with operations in 33 countries.

Vectra AI

Vectra AI

Vectra threat detection & response - see and stop threats across hybrid and multi-cloud enterprises.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

We Hack Purple

We Hack Purple

We Hack Purple is a Canadian company dedicated to helping anyone and everyone create secure software.

Ransomware Help

Ransomware Help

Ransomware Help is a trusted ransomware recovery company offering fast and effective ransomware recovery services to get your business back on track.

Vyntra Global

Vyntra Global

Vyntra is a global leader in transaction intelligence, formed from the merger of NetGuardians and Intix.