The 2014 Yahoo! Inc cyberattack that affected more than 500 million user accounts not only tarnished the reputation of the company but also impacted it financially. Verizon Communications Inc. which was on the process of acquiring Yahoo! cut the initial offer by $350 million.
The incident triggered a trend among other investors and enterprises, who started to add an extra level of scrutiny for the whole mergers and acquisition (M&A) process by hiring information security experts to screen targets for potential security risks.
Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France, while talking to Bloomberg said, “There’s a risk you’re buying an empty shell. Cybersecurity is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions.”
According to a survey by NYSE, nearly 85 percent of the executives have found critical flaws and vulnerabilities at the audit stage. This affected the company’s decision to mend or even backing out from the M&A deals. “Beyond the obvious threats to cybersecurity, conducting an audit of cybersecurity protocols can also reveal vulnerabilities that could require significant expenditures for the acquiring company,” the survey report added.
The bigger concern, according to the report, was the lack of necessary technical skills among the people involved in the M&A process.
Fortunately, the trend of employing cybersecurity professionals during M&A process is growing. According to hackmageddon.com, there were as many as 1061 cyberattacks in 2016, which is poised to surge in the coming years. With cyberattacks hogging the limelight, experts feel that the likelihood of seeing more companies devaluating targets or even backing out after spotting vulnerabilities will increase.