In July, Verizon announced that it would acquire Yahoo’s Internet business for $4.8 billion. In September, Yahoo disclosed that a massive data breach had compromised 500 million user accounts. The breach happened nearly two years ago, in late 2014. Now, Verizon has stated publicly that it believes the breach has had a material impact on Yahoo. Some have reported that the purchase price could be slashed by $1 billion. Whatever the number turns out to be, the lesson is that cyber security impacts valuation.
Cyber due diligence can help an acquiring company better understand the value of an acquisition target and the risks of closing. A cyber lawyer can evaluate areas of risk created by: (1) the target’s failure to understand and meet legal requirements regarding the protection of information; (2) the target’s reliance on the wrong internal and external policies; and (3) contract terms and insurance coverage that do not appropriately protect the company if/when a breach occurs.
Companies that are looking to be acquired should expect to be the subject of this kind of due diligence. It is far easier to get your house in order now than to be told by an acquiring company that your cyber business practices are a reason to slash a sale price.