Given the increasing frequency of cybercrime and online security breaches, cybersecurity has moved to the forefront of importance when evaluating M&A prospects. Acquirors want to ensure that they are receiving the full value of what they are purchasing and protect themselves against any possible data breaches that can result in reputational, legal, or financial harm.
A report by the New York Stock Exchange Governance Services surveyed 276 directors and officers of public companies to determine how the growing presence of cybersecurity threats has had an impact on their M&A due diligence process. The report indicates that:
- 66% of respondents include a security audit of the target’s software applications;
- three-quarters of respondents place the quality of intellectual property as a top consideration in their due-diligence process and say that a high-profile data breach would have serious implications on a pending transaction; and
- 84% of respondents said that the discovery of a major vulnerability relating to a target’s software assets would “likely” or “very likely” affect their final decision.
These data breaches can have serious implications for a business. Every major industry utilizes technology in a way that can result in serious damage to the company if a breach were to happen. We have seen recent high-profile data breaches across the board, from insurance companies and retail giants to universities across the United States.
Finding out the vulnerabilities of a company is one of the main reason for performing due diligence. During the due-diligence process, acquirors must not only examine possible data breaches that may have happened, but also look forward at the potential costs to bring a company “up to code” with their cybersecurity.
While companies are beginning to realize the importance of cybersecurity in the M&A due diligence process, they often don’t have the technical skills to adequate assess a company’s vulnerabilities. As a result, it may be necessary to develop their internal resources to overcome this weakness, or look to third-party specialists and consultants to assist with the due diligence process.
Stay informed on M&A developments and subscribe to our blog today.