Cyber Attack Risk ‘Could Derail M&A Boom’

The collapse of five proposed mega-deals on August 5, for reasons ranging from a lack of board engagement to excessive regulatory interference, was “one of the darkest days for mergers and acquisitions [M&A] in Wall Street history”, says lawyer Jane Jenkins and demonstrates the fragility of the current M&A boom.

Writing in UK business daily
City A.M.
, Jenkins, who is a partner and co-head of law firm Freshfields Bruckhaus Deringer’s cyber security team in London, notes that already this year 339 deals worth US$428bn (£256bn) have collapsed – the highest number since 2008.

She says that the statistics underline the risks facing companies during deals, with the cyber security risk often overlooked. While there have been few published instances of cyber attacks affecting M&A, a recent survey of dealmakers across the US, Europe and Asia revealed that 83% think a cyber security breach occurring during a deal would be enough to derail it.

Dealmakers’ top concerns over the course of the M&A process include target firms suffering cyber attacks during discussions, the target being a victim of data or intellectual property theft by cyber attack, and evidence of a target not handling a past breach effectively; thus leading to reputational damage and fines.

Yet despite a growing awareness of the threat posed by cyber attacks, 78% of dealmakers say cyber security is not sufficiently dealt with as part of due diligence.

Jenkins says that cyber security in the M&A process goes beyond keeping sensitive data safe. Acquirers must assess whether their target carries an acceptable level of cyber risk in the same way they would analyse its financial position. As investors, corporates and regulators wake up to cyber risk, more companies are being penalised and more executives are feeling pressure to treat it seriously.

“While Wall Street’s traumatic Tuesday this month may have dampened spirits in the M&A market, rumours of a new mega deal could easily swing sentiment back to positive,” Jenkins concludes.

“But buyers and sellers, and their professional advisers, need to consider the very real and very present dangers posed by cyber security, or there could be yet more dark days on the horizon.”


Related reading