(Bloomberg) -- Cybersecurity issues are increasingly becoming a concern in mergers and acquisitions, a new survey shows, and lapses can jeopardize deals or haunt purchasers long after the deal is done.
Of more than 2,700 information technology and business decision makers surveyed by Forescout Technologies Inc. in seven countries, 53% reported that their organization had encountered a critical cybersecurity issue or incident that put an M&A deal in jeopardy. And 65% of respondents said they had experienced buyersâ remorse because of cybersecurity concerns after closing a deal.
The findings, released Monday, show that taking the time to conduct cybersecurity evaluations is important before and during an acquisition, even if it means finalizing the deal gets delayed, said Julie Cullivan, chief technology and people officer at Forescout. The company sells a security platform that allows companies to monitor and control access to their networks.
âCybersecurity is a challenge for every organization, and risk factors are changing all the time,â Cullivan said. âItâs about making sure you put as much energy into it up front.â
Recent acquisitions highlight the threat that cyber risks can pose to a companyâs reputation and bottom line.
Verizon Communications Inc. acquired Yahooâs Internet properties in 2017 at a $350 million discount after security breaches surfaced at the web company. And Marriott International Inc. inherited a massive security risk when it bought Starwood, including a breach that was disclosed just days after the deal was announced.
Yahoo and Starwood arenât isolated incidents. Earlier this month, Asco Industries, which Spirit AeroSystems Holdings Inc. agreed to buy in May 2018, was hit by a large-scale ransomware attack. The attacked cause a âseriousâ disruption of Ascoâs activities and its sites in Belgium, Canada, Germany and the U.S. were stopped.
Spirit AeroSystems won EU approval for the deal in March, but the acquisition has yet to be completed.
Thorough cybersecurity assessments that include utilizing third-party audits can often help avoid these types of issues, said Joe Cardamone, senior information security analyst and North America privacy officer for Haworth Inc., a designer and manufacturer of office furnishing products in Holland, Michigan.
âItâs not an intangible risk. Itâs a very tangible thing and true money that can be lost,â said Cardamone, who has been involved in Haworthâs acquisition of at least six companies. âTreat it like you are buying a used car. Iâd still want to look underneath the hood.â
Haworth, which is a Forescout customer, revamped its acquisition policy about five years ago to include information security.
--With assistance from Joshua Fineman.
To contact the reporter on this story: Derek Hall in Chicago at [email protected]
To contact the editors responsible for this story: Catherine Larkin at [email protected], Jeran Wittenstein
For more articles like this, please visit us at bloomberg.com
©2019 Bloomberg L.P.