Verizon’s acquisition of Yahoo taught us that the financial implications of a data breach are significant. They can dramatically decrease a deal price – sometimes resulting in a discount of hundreds of millions of dollars – and often incur additional costs related to cleaning up after the attack and restoring customer trust.

The financial implications of cybersecurity risk

With the prevalence of data breaches – and their financial impact – cybersecurity takes on even greater importance for technology companies planning for an exit, such as an acquisition, merger, or IPO. According to a 2016 survey of public-company directors released by the New York Stock Exchange (NYSE) and Veracode:

  • 22 percent wouldn’t consider acquiring a company that had recently experienced a significant data breach.
  • 52 percent said a breach would significantly lower the target’s valuation.
  • 85 percent said the discovery of major security vulnerabilities during the due-diligence process was either very or somewhat likely to affect a merger or acquisition.

Why it matters

A company’s data is often what’s sought after during an acquisition. Companies don’t buy companies, they buy value – and the assets valued in an acquisition are the same ones that make it attractive to a hacker. These include the following:

  • Source code
  • Proprietary information and systems
  • Customer lists

A cybersecurity-aware company knows where critical assets reside and how safely they’re protected. This is achieved through:

  • Policies and procedures
  • Data-protection mechanisms
  • Security awareness program, including in-depth employee training
  • Robust incident-response plan

The complexity of today’s business operations makes keeping data secure harder than it once was. The availability of cloud technologies means critically important information may be stored offsite, while companies that outsource key functions may inadvertently give vendors access to data with inadequate security controls. Additionally, the ease in which cloud services can be used lets anyone send sensitive information outside an organisation without its IT department knowing.

Source: Denver Biz Journal