Cyber Risk Considerations During the M&A Process
Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches. And in November 2018, Marriott publicly disclosed that Starwood’s guest reservation database — containing hundreds of millions of personal records — had been compromised since 2014, prior to the Marriott acquisition. These incidents — and countless others — raise critical questions.  How should Boards be thinking about cyber risk in the acquisition process? What steps should they take to address this risk prior to the acquisition?
Samsung / LoopPay Breach Illustrates Third-Party Cyber Risks for Enterprises
Last week, it was announced that LoopPay (now a Samsung subsidiary) was the victim of a data breach. LoopPay’s technology is apparently central to Samsung’s mobile payment system, yet Samsung said the breach has not affected the Samsung Pay technology. While the LoopPay breach did not extend to Samsung’s networks, the case illustrates how enterprises must evaluate security throughout the entire lifecycle of a relationship with a business partner, vendor, supplier, or portfolio member.