In a recent NYSE Governance Services report, 85% of surveyed board of directors stated a major vulnerability or cyber breach discovered during due diligence would impact their final decision on a merger or acquisition (M&A). Due diligence is the process of investigating a business and getting a close look at that company’s financials, market strategy, assets, and economic growth for consideration of a M&A. The primary goal is to collect, examine, and analyze information about an organization to ensure the acquirer has a full understanding of the potential M&A’s business, consumer sentiment and most importantly their liabilities.

Technology is a large part of today’s everyday businesses operations. Therefore, it is of most important consideration during an M&A process how information or data has been secured or handled within an organization. Acquiring a company is essentially procuring data and procuring data means you are purchasing past, present, and potentially future data security issues. A discovery of vulnerabilities or a cyber breach brings to question if any valuable intellectual property has been compromised that could impact the profitability and reputation of an organization. 

The financial bearing of a transaction can shift dramatically if, after a deal is attained, past or ongoing data breaches come to light. For a business that has endured a network compromise, the cost of a breach might only be perceived as an investigation and remediation. However, an acquiring company following an M&A could also endure additional costs such as fines imposed, litigation, damages and impacting reoccurring cost from a decline in sales as customer confidence or as brand reputation is tarnished.

Ignoring cyber security or not properly implementing a cyber data protection program may result in the loss of sensitive and proprietary data, the theft of your companies’ cutting edge R&D advances, or the exploitation of personal customer information that ultimately kills a company’s capital gains and any possible future endeavors.  How protected is your organization?