Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Could Security Concerns Scuttle M&A And Investment Deals?

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 8 Apr 2015 09:33:00 +0000 (UTC)
http://www.darkreading.com/attacks-breaches/could-security-concerns-scuttle-manda-and-investment-deals/d/d-id/1319798

By Ericka Chickowski
Dark Reading
April 6, 2015
Last week's breach of communication software start-up Slack offered a great example of how information security is not just a big consideration of customers and business partners, but also potential investors and acquiring companies. Increasingly, financial experts believe that the examination of a company's IT security posture should be as much a part of the due diligence process prior to investment or mergers and acquisition activity as an ROI analysis should be.
In the case of Slack, the breach occurred just after the company was rounding up $160 million in investment. According to a report from the Wall Street Journal, "It’s unclear when Slack discovered the breach or if new investors were told of it before they agreed to the deal." Because the funding story was the result of leaked information from confidential sources and the company is pretty closed-mouthed over the deal, it may be hard to ever know if the breach has or will materially impact the closing of Slack's latest funding round. But one thing you can bet on is that as large-scale breaches continue to gain awareness in the board room, M&A and other investment deals may include security contingencies to cover investors' backsides.
"I could foresee a situation in which, number one, a deal might go through, but one of the terms is that certain upgrades and certain measures be taken from a data security perspective between the time of signing and closing," says Scott Vernick, head of the data security and privacy practice at the law firm Fox Rothschild LLP. "And, two, I could see closing contingent upon there being no material adverse changes, just like anything else. I could also see certain holdbacks from the purchase price if the buyer determines that you've got to spend $5 million or $10 million or whatever it is to bring someone up to best practices or a more robust security environment."
As Vernick explains, though security evaluation adds yet another layer of complexity to the already arduous due diligence process, it is something that shouldn't be optional within the vetting process for M&A. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: