Bankers are hiring cyber experts to help get deals done
Executives and investors are hiring an unlikely crowd to help them do deals: computer geeks.
Companies and investment funds are adding an extra layer of scrutiny to acquisitions by screening targets for cybersecurity risks, as global computer attacks raise awareness. That’s prompting offers specifically tailored to takeovers by a variety of players, from consultants like Deloitte to software providers including Intralinks Holdings.
“There’s a risk you’re buying an empty shell,” overpaying for a target whose patents have been spied on and copycatted, or whose sensitive customer data has been stolen, said Michael Bittan, head of Deloitte’s Cyber Risk Services unit in France. “Cybersecurity is not about getting technical, it’s about business impact, and ultimately valuations. It will become a pillar of M&A decisions.”
The wake-up call for cybersecurity expertise during mergers and acquisitions came after a 2014 Yahoo! Inc hack affected about 500 million accounts, damaging the company’s reputation and causing Verizon Communications to cut its offer to buy the company by $350 million. There’s concern that computer viruses can be planted and remain dormant until after a deal, leaving the acquirer to cope with stolen customer data, industrial secrets or ransom demands.
At Deloitte, Bittan’s French team started the service about three months ago and has signed up about a dozen customers since. Deloitte’s global cybersecurity unit more broadly had sales of $850 million during the full-year that ended end-May 2016 and has a target for $1.8 billion by end-May 2020.
A majority of executives would seek to significantly lower a deal’s valuation in case of a high-profile data breach, a survey by stock market operator NYSE showed last year. About 85 percent of executives interviewed in the study said discovering major vulnerabilities at the audit stage of an acquisition would likely affect their final decision to go ahead with the takeover or back out.
“That trend will grow — we’ll see more companies killing deals or devaluing the target,” said Grace Keeling, head of communications at Intralinks, which has conducted a similar survey.
There’s concern that computer viruses can be planted and remain dormant until after a deal, leaving the acquirer to cope with the fallout of stolen data