Companies Hiring Cybersecurity Experts To Screen Potential Acquisitions

Companies and investment funds are adding an extra layer of scrutiny to mergers and acquisitions by hiring cybersecurity experts to screen targets for security risks.

According to Bloomberg Technology, the need for cybersecurity expertise became clear after a 2014 Yahoo! Inc. hack affected about 500 million accounts, damaging the company’s reputation and leading Verizon Communications Inc. to cut its offer to buy the company by $350 million.

“There’s a risk you’re buying an empty shell,” overpaying for a target whose patents have been spied on and copycatted, or whose sensitive customer data has been stolen, said Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France. “Cybersecurity is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions.”

At Deloitte, Bittan’s French team started the service about three months ago and has signed up about a dozen customers. Deloitte’s global cybersecurity unit more broadly had sales of $850 million during the full-year that ended at the end of May 2016 and has a target for $1.8 billion by the end of May 2020.

Research shows that a majority of executives would seek to significantly lower a deal’s valuation by as much as 20 percent in case of a high-profile data breach, with about 85 percent of executives saying that discovering major vulnerabilities at the audit stage of an acquisition would probably affect their final decision to go ahead with the takeover or back out.

And though the majority of deal-makers don’t think potential cybersecurity effects are quantified as part of due diligence, this is a step that is expected to become more commonplace as high-profile attacks are spotlighted.

“There’s huge potential for development – the more attacks there are, the more cyber audits are likely to become standard procedure,” said Frederic Ichay, a partner at law firm Pinsent Masons LLP, who specializes in M&A transactions. “We’ll see more and more of them as we see more cyberattacks against companies and more flaws being exploited, not just blocking computer systems, but also potentially entire factories.”