While deal teams are thinking about preparing and executing the deal, bad actors are watching the headlines for opportunities to launch attacks while the stakes are high and executives’ backs are turned, E&Y warn. Monetarily, the company is an attractive target because the impending deal has greatly increased the cost of the possible release of nonpublic information.
Cybersecurity has become a top priority for company leaders, boards of directors and audit committees. Mergers, acquisition, and divestitures make the need for cybersecurity even more acute.
The FBI has taken note of a recent explosion in ransomware attacks, issuing a warning in November 2021 that attackers are using “significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections.”¹ Likewise, the EY-Parthenon dedicated transaction cybersecurity team has witnessed increasing cyber attacks on companies doing deals, including cases that were very costly for the victims.
The potential damage is similar to the risks normally associated with cyber attacks — loss of protected information and data, exposure of trade secrets, legal judgments, fines and impact on customers. Financial losses can pale compared to reputational damage. And now, the stakes are far higher because there’s also a deal at risk.
For example, a $650 million acquisition by an airline of an aerospace component supplier fell apart in 2019 partly due to a ransomware attack that forced temporary factory closures at the target company. The supplier was acquired by a different company two years later.²
Fortunately, organizations can substantially reduce their exposure by guarding cybersecurity throughout the planning and execution of the transaction. Below, we explain two types of risks — transaction and counterparty risk — as well as the different phases of the transaction where these risks are likely to occur.
Transaction risk results from a change in management and employee behavior in the parent organization following the announcement of a deal.
Counterparty risk arises after the sale and transition processes are underway with the buyer.
FULL STORY
PHOTO
