The wake-up call for cybersecurity expertise during mergers and acquisitions came after a 2014 Yahoo! Inc. hack affected about 500 million accounts, damaging the company’s reputation and causing Verizon Communications Inc. to cut its offer to buy the company by $350 million. There’s concern that computer viruses can be planted and remain dormant until after a deal, leaving the acquirer to cope with stolen customer data, industrial secrets or ransom demands.
“There’s a risk you’re buying an empty shell,” overpaying for a target whose patents have been spied on and copycatted, or whose sensitive customer data has been stolen, said Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France. “Cybersecurity is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions.”
Companies and investment funds are adding an extra layer of scrutiny to acquisitions by screening targets for cybersecurity risks, as global computer attacks raise awareness. That’s prompting offers specifically tailored to takeovers by a variety of players, from consultants like Deloitte LLP to software providers including Intralinks Holdings Inc.