Dealmakers React Slowly to M&A Cyber Threats

There is a “worrying level of complacency” in assessing cyber risks in M&As, according to dealmakers, in a survey by Freshfields Bruckhaus Deringer.

31 July 2014


During the deal process, many things can go wrong, leading to missed opportunities. Sometimes, those lost chances take the form of derailed transactions, or of reduced valuations for viable businesses.

But one of the fastest growing threats in the digital age is that of a cyber-attack, such as the theft of intellectual property or data. It’s also a problem that dealmakers aren’t addressing adequately. Currently, there is a “worrying level of complacency” in assessing cyber risks in M&As. That was the finding of an interesting survey of international dealmakers, recently conducted by law firm Freshfields Bruckhaus Deringer, announced here.

Cybersecurity Breaches Can Sink Deals

There are several statistics underscoring the problem and the response — or lack thereof — to it:

  • Ninety percent of respondents believe cyber breaches will reduce deal value
  • Eighty-three percent of the respondents believe a deal might be dropped completely if a cyber breach were identified during the due diligence period, or in mid-transaction
  • Despite this, 78 percent of respondents claimed cybersecurity isn’t being analyzed in depth, or addressed during the due diligence process

The second stat isn’t too surprising. As we’ve pointed out previously, due diligence is a crucial time for a deal, and transparency and confidentiality are key. The revelation of a serious breach of data or IP during this time would potentially inflict the most possible damage — and so dealmakers should consider special precautions. Unfortunately, that doesn’t seem to be the case.

We Know It’s Bad, But …

The revelation of a past or current cyber breach — or even an existing major data vulnerability — could cause a successful company’s value to drop. But despite this considerable risk, most respondents aren't addressing such a threat in the M&A process. This is surprising, as one expert states, in the press release.

He asks: “You wouldn’t dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks it faces around data management and cybersecurity?” Possibly there isn’t enough knowledge about cyber threats, he suggests.

Fixing the Breach

The report’s authors do believe investors are starting to realize the dangers out there. After all, companies are facing shareholder punishment for breaches, as we’ve discussed before. (Think about Target's major credit card snafu and the damage it did to the CEO's career.) As we’ve noted, cyber insurance sales are up. And companies are beginning to do more to harden their network security. In fact, according to the report, 82 percent of dealmakers claimed the threat of cyber-attacks will lead to deal process change over the next 18 months. (To read the full report, click here.)

At Intralinks, we believe that you should always remain in control of your deal process, which is why we offer the industry’s leading virtual data room. Want to learn more? Then we invite you to explore Intralinks Dealspace™ and discover how you can share confidential and regulated content securely.

Stay IN the know

Sign up for our newsletter for must-read market analysis and thought leadership, delivered right to your inbox.