Cybersecurity Will Drive Changes in the M&A Due Diligence Process
3 October 2017
The latest edition of the Intralinks® Deal Flow Predictor report highlights the importance of cybersecurity, and discusses high-profile breaches and the effects of cybersecurity on the M&A due diligence process.
Over the past several months, there have been numerous global, high-profile cybersecurity breaches that have negatively impacted M&A deals. Damages ranged in severity from public embarrassment to millions in cleanup costs. According to IBM and the Ponemon 2017 Data Breach Study, the average data breach costs USD 3.62 million to resolve, making cybersecurity a critical factor that should be given serious consideration in the M&A due diligence process.
Buyers and sellers beware
Sometimes, M&A-related cybersecurity issues can be more embarrassing than anything else. Months before Salesforce.com showed an interest in social media network Twitter, a list of Salesforce.com’s other potential M&A targets – none of which was Twitter – came to light as a result of an email hack. While the hack didn’t cause either company to incur direct financial repercussions, there was certainly some reputational damage suffered on the part of Salesforce.
In December of 2016, however, a came to light during Verizon’s acquisition of Yahoo that had a dramatic economic impact on the deal. Yahoo lost negotiating power and the company’s stock took a 6.1% hit, enabling Verizon to demand “major concessions” for the deal to move forward to a successful close.
Then there was the Telstra acquisition of Pacnet, which had also been hit by a major data breach. Unfortunately, Telstra didn’t find out that Pacnet’s systems had been penetrated until after the deal was done. At the time, the average cost of a security event to an Australian company was AUD 2.82 million, and had Telstra uncovered it during due diligence, the terms of the deal would surely have been revised.
What the dealmakers say
Recently, Intralinks completed a worldwide survey of M&A dealmakers that provides insight into current opinion on the impact of cybersecurity breaches. Data was analyzed globally and broken down by region.
In the event of a data breach or cybersecurity issue, 55% of North American respondents estimated that bid value would drop by 5% to 20%. In the Asia Pacific region, 26% of respondents expect an increase in the rate of failed deals due to security issues, while in Europe, Middle East and Africa, just 12% believe the rate of failed deals will decrease. In terms of killing deals altogether, 20% of Latin America’s respondents thought the bidder would simply walk away in the event of a data breach.
But there’s much more to the story. Get the full picture and survey results by reading the latest edition of the Intralinks Deal Flow Predictor report for global analysis and more commentary on regional survey results.
M&A due diligence evolves
The net effect of high-profile data breaches, market pressure and future enforceability of data privacy guidelines, such as the EU’s General Data Protection Regulation (GDPR), is that the due diligence process is changing. Its scope is growing beyond legal, financial, commercial, environmental and HR aspects to include assessments of cybersecurity readiness and prior breaches.
At this early stage, however, a number of questions remain unanswered. How does one conduct cybersecurity due diligence? What do advisors and corporate development teams need to be aware of as cybersecurity attracts more scrutiny? As a buyer, how do I gain assurances that my target has taken appropriate steps to protect its information? As a target, what should I offer as part of the due diligence process, and how do I make it as painless as possible for the buyer?
The latest edition of the Intralinks Deal Flow Predictor is now available, featuring a spotlight article on cybersecurity and regional and sector insights into M&A markets, along with a look into the future of global M&A markets, six months ahead of anybody else.
As Intralinks’ senior director of strategy and product marketing, Matt Wells is a key member focused on the development and go-to-market strategy for Intralinks’ M&A business which includes our virtual data room and deal lifecycle solutions. Matt joined Intralinks in 2012 upon the acquisition of PE-Nexus, a company he co-founded in 2010 that pioneered the concept of online deal sourcing and buyer identification. Before PE-Nexus, he was a vice president at Cross Keys Capital, a boutique advisory firm, where he focused on middle-market M&A transactions.