Cybersecurity Due Diligence Is Crucial in All Mergers and Acquisitions, Including Energy Transactions
A Cautionary Tale in Cybersecurity Due Diligence
Can a single data breach kill or sideline a deal? Perhaps so. In October, Verizon signaled that Yahoo’s disclosure of a 2014 cyberattack might be a “material” change to its July USD 4.83 billion takeover bid, which could lead Verizon to renegotiate or even drop the deal entirely. Concern over cybersecurity issues is not unique to technology or telecommunications combinations. In a 2016 NYSE Governance Services survey of public company directors and officers, only 26% of respondents would consider acquiring a company that recently suffered a high-profile data breach, while 85% of respondents claimed that it was “very” or “somewhat” likely that a major security vulnerability would affect a merger or acquisition under their watch (e.g., 52% said it would significantly lower valuation).
Bottom Line: Cybersecurity should play a more meaningful role in the due diligence portion of any potential merger and acquisition (M&A) deal. Certainly this is so when a material portion of the value in the acquisition comes from intangible assets that might be most vulnerable to hackers. Financial information comes to mind. Personal information of employees does as well. But companies also need to be concerned about their trade secrets, know-how, and other confidential business information whose value inheres in its secrecy. Therefore, a merely perfunctory approach to cybersecurity can become very costly. The union of companies today is a union of information, malware and all.
Energy M&A Is Not Immune
To weather the plunge in prices, many oil companies have sought out new innovations to reduce the cost of extraction and exploration. Investments in digital technologies will likely only increase. A 2015 Microsoft and Accenture survey of oil and gas industry professionals found that “big data” and the industrial internet of things are targets for greater spending in the next 3 to 5 years. Cybersecurity threats were perceived in the survey as one of the top two barriers to realizing value from these technologies.