Why M&A strategists need to pay attention to cybersecurity risks
THERE is no sure-fire way to make mergers and acquisitions (M&A) successful but cybersecurity risks are threatening deals like never before.
According to the Role of Cybersecurity in M&A Diligence report, cybersecurity issues are putting deals in jeopardy for over 53 percent of survey respondents.
Among the countries in the Asia Pacific that participated in the survey, Australia reported that 40 percent of deals were affected, Singapore pegged the number at 50 percent, while responses from India totaled 63 percent.
Deals in Australia experience the least impact of cybersecurity risks amongst the countries surveyed, while India suffers the most from it.
This reflects the fragmented cybersecurity practices and regulations in APAC countries which may hinder M&A deals in the region.
Cybersecurity risks not only put the buyer and purchaser relationship in hot waters but also the value of the deal.
For example, Verizon slashed Yahoo’s acquisition price by US$350 million following news of massive security breaches that affected users.
That markdown is a little more than one-third of what an analyst forecasted the discounted price tag could be: US$1 billion.
CNN also reported that Verizon competitors had taken jabs at the company over the acquisition drama.
The Verizon-Yahoo deal has a lot of lessons for members of the boardroom, but most of all, it is to put cybersecurity at the core of a business plan to safeguard its market value.
How cybersecurity risks will impact business market value and deals
Gartner forecasts that over 60 percent of companies wanting to expand their M&A strategy will consider cybersecurity posture as a critical factor by 2022. Today, that figure is just about 5 percent.
Haworth Senior Information Security Analyst Joe Cardamone advised companies to pay attention to cybersecurity when acquiring any asset for the company.
“[Cybersecurity] is a very tangible thing and true money that can be lost,” he said.
All companies must realize the critical nature of an in-depth cybersecurity assessment in transactions because the risks directly impact the market value.
In a merger and acquisition lifecycle, 71 percent will carry out the assessment before the deal firms up.
However, 6 percent only do so post-announcement, when the integration is already in motion.
That is exactly what happened to Marriott when it acquired Starwood as a security breach was disclosed days after the deal.
“We fell short of what our guests deserve and what we expect of ourselves,” said Marriott CEO Arne Sorenson in a statement.
The Marriott-Starwood deal has a deep-rooted network effect on the hospitality company’s biggest asset: its customers and its b2b partners.
The security breach allowed hackers to access the Marriott portal and redeem points for gifts, flights, and hotel stays, thereby exposing partner organizations to fraud and other vulnerabilities.
Marriott only merged their rewards programs two years later after ironing out technical as well as the customer-facing issues.
Cybersecurity risks not only threaten deals but also cost time and effort to undo what can be avoided with thorough reviews.
In the end, cybersecurity should be a top priority whether or not there is a deal because market value dips as soon as brand confidence plunges.
After all, a business’ biggest asset is always its consumers. So, cybersecurity should be at the core of any business plan to protect its consumers, including M&A strategies.
Cardamone said — “Treat it like you are buying a used car. Look underneath the hood” — encouraging deal makers to pay close attention to the mechanisms and systems of the company they’re looking to buy.