For many prospective acquirers, the due diligence process involves laborious, costly tech and policy audits that often extend beyond the deal close, rather than looking for the target’s digital risk and exposure. GroupSense CEO Kurtis Minder discusses this much easier (and obvious) approach.
Information and cybersecurity audits are a fundamental part of the M&A due diligence process. Given the impact of a breach on potential valuation, market acceptance, public relations and brand value, the security posture of a business being considered for an acquisition is a key element in understanding the liability, risk and value of the business.
The most famous case where a data breach dropped a stink bomb into the whole M&A process was when Verizon was in talks to acquire Yahoo! In this case, it was actually two data breaches, impacting more than 3 billion user accounts, which were disclosed during acquisition negotiations. Ultimately it caused Yahoo! to decrease its sale price by $350 million while also gaining responsibility for 50 percent of any damages resulting from subsequent litigation.
As damaging as the Yahoo! data breaches were, Verizon was fortunate to find out about them before they closed the deal so they could revise the acquisition price. This usually does not happen, often due to acquirers not…
