Cybersecurity Programs Shown to Have Tangible Value in M&A Assessments

Cyber security should be a major area for due diligence, here’s some reasons why. Also, I found it mildly ironic that this story was carried on Yahoo, who had their own ‘difficulties‘ whilst being acquired…:

CLEARWATER, Fla., Sept. 30, 2019 /PRNewswire/ — (ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today released the findings from its Cybersecurity Assessments in Mergers and Acquisitions report, which surveyed 250 U.S.-based professionals with mergers and acquisitions (M&A) expertise. The goal of the study was to discover how cybersecurity programs and breach history factor into the dollars and cents valuation of companies during a potential purchase. 96% of respondents indicated that cybersecurity readiness factors into the calculation when they are assessing the overall monetary value of a potential acquisition target.

Survey respondents unanimously agreed that cybersecurity audits are not only commonplace but are actually standard practice during M&A transaction preparation. The research also found that the results of such due diligence can have a tangible effect on the outcome of a deal, both in terms of overall value and even whether a deal is completed or not.

The report’s findings highlight the importance of developing and adhering to sound cybersecurity strategies and policies in order to maximize organizational value. Among the major findings:

  • 77% of M&A experts have recommended one acquisition target over another based on the strength of a cybersecurity program
  • 57% of survey respondents said an acquiring company they work with has been surprised to learn of an unreported data breach during the audit process; Nearly half (49%) indicated that they had witnessed a merger or acquisition agreement fall through as a result
  • 52% of respondents indicated that the share value of publicly-traded clients has been negatively affected as a result of an acquired company’s post-acquisition data breach


Original article here