Page 10 - Cyber Warnings
P. 10
A Critical Part of a Courtship : Why M&As Must Address
Cybersecurity from Day One
by David Barton, Chief Information Security Officer, Forcepoint
At the height of merger-mania, eager participants frequently viewed cybersecurity as an
afterthought. “Let’s just make this acquisition work,” they’d reason, “and we’ll figure out how to
protect everything once the deal is in place.”
But we’re now seeing a more cautionary approach take hold. In fact, global merger and
acquisition (M&A) activity is falling off, with the value of deals totaling $1.71 trillion for the first
half of this year, down from $2.09 trillion for the first half of 2015, according to research from
Dealogic, a financial research/analytics company.
Even more telling: The value of withdrawn deals (those which were scuttled somewhere along
the way) amounted to $606.4 billion for the first half of the year – a record high.
Cybersecurity has emerged as a driving factor in the trend: four of five M&A practitioners say
they consider it as a “highly important” issue during the due diligence phase of deal-making,
according to survey research from the business/tech consultancy of West Monroe and
Mergermarket, an M&A-focused financial news site.
Despite the elevated attention, 40 percent of these professionals have encountered
cybersecurity problems after a deal went through – which reveals that the due diligence process
isn’t rigorous enough – and 77 percent say they’ve had to walk away from a deal due to data
security issues at the targeted company.
In another survey from the international law firm of Freshfields Bruckhaus Deringer, 82 percent
of dealmakers say the risk of cyber-attacks will change M&A procedures over the next 18
months.
Echoing the West Monroe/Mergermarket findings, the Freshfields Bruckhaus Deringer survey
reports that nine of ten respondents believe breaches would result in a reduction in deal value
and 83 percent say a deal could be abandoned if breaches are identified during due diligence or
the transaction.
As an M&A veteran, I’m extremely encouraged to see the focus on enterprise threats during due
diligence because – as stated – this hasn’t always been the case. There are essentially three
stages of a merger: pre-announcement, announcement and post-announcement.
Fortunately, more companies are concluding that they need to address cybersecurity from Day
One of the “courtship,” or the very start of the pre-announcement period. With this in mind, here
are three critical steps you should pursue in the initial stage:
10 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
