CONTACT US
Acquiring certain technologies in a Mergers and Aquisition may assume additional cybersecurity risks that requires comprehensive due diligence.

4 Ways a Company Crisis Can Jeopardize an M&A

In July 2016, Verizon agreed to purchase Yahoo’s main business line for an estimated $4.8 billion. It has since been reported that Yahoo had been the victim of 2 significant security breaches. The first impacted the data of approximately 500 million users, while the second affected 1 billion users. While Verizon’s acquisition of Yahoo appears to still be on track, here are some ways a company crisis could cause and M&A to implode:

  1. One party (or both parties) in an M&A could back out if it appears the other has more negative reputational “baggage” than originally believed. This can be especially true if news of a crisis becomes public. The resulting media coverage may scare investors away from the M&A transaction. Because Verizon is reportedly interested in acquiring certain technologies of Yahoo’s, it is unlikely this will derail the transaction.
  2. A crisis can lower a company’s stock price, thereby affecting the price a buyer is willing to pay for the business. From the time just before news of Yahoo’s first data breach hit until just after the second breach, Yahoo’s stock price fell from $44 to $39, roughly an 11% decrease.
  3. If the crisis involves fraud or a data breach, additional costs will likely be incurred for a resulting investigation, which could cut into the actual proceeds received from an acquisition. Costs can include lawyer and/or investigator fees, as well as any fines or penalties. The SEC is currently investigating Yahoo to determine if cybersecurity risks and attacks were disclosed in a timely fashion. One possible remediation could be for Yahoo to reimburse Verizon, post-acquisition, for any costs or fines incurred.
  4. Verizon may incur significant cybersecurity risks by acquiring Yahoo technology. If the technical vulnerabilities that exposed Yahoo to data breaches are not properly addressed, the personal and financial information of Verizon customers could potentially be exposed to future cyberattacks.

An M&A partner should understand that by acquiring certain technologies, it may unknowingly assume additional risk. While the above example is not all-inclusive, it does serve as an example that comprehensive due diligence is imperative.

Mr. Kosnac provides accounting, auditing and business consulting services to businesses in both the public and private sectors. He also contributes to EisnerAmper's technology and life sciences blog.

* Required