Cyber security breaches pose a real threat to M&A deals but companies are too complacent in the assessment of cyber risk, according to a recent survey of 214 “dealmakers” from Freshfields Bruckhaus Deringer.
The international law firm reports that 90% of survey respondents believe that cyber breaches result in deal reduction value and 83% say that their companies would abandon transactions if cyber breaches are identified before sale completion.
Dealmakers recognize cyber’s growing threat, but aren’t addressing it: More than 75% of respondents say that cyber security is not analyzed during due diligence.
“You wouldn’t dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks it faces around data management and cyber-security?” says Chris Forsyth, co-head of the firm’s international cyber security team.
Top concerns include acquisition targets suffering cyber attacks during deal discussion, the target being proven as a victim of data or intellectual property theft by cyber attack, and evidence of a target not handling a past breach effectively.
Acquirers are mostly concerned with cyber security during transactions, which doesn’t translate to sellers as 81% are unconcerned or slightly concerned about the risk of the deal falling through.
More American respondents (51%) say that cyber security has become a part of due diligence than European respondents (39%), and the U.S. has seen more suppliers audited, more internal cyber security specialists appointed and more external cyber security consultants engaged to review risks, the survey reports.
Cyber's impact on agent and broker deals is low, according to National Underwriter advisory board member and OPTIS founding principal Tim Cunningham. “Typically, agents and brokers don’t have access to credit card information as transactions are typically handled by check. An insured pays a direct bill to insurance carriers, so the risk is on their side.
“You could have some data breach, but I don’t think anything enormous would dampen M&A activity in the insurance industry,” he says.