Companies that fail to examine cybersecurity at firms they’re acquiring can risk losing as much as 30 percent of the deal’s value when they discover breaches later, according to a cyber consulting firm owned by KKR & Co.
It was widely reported last year when Verizon Communications Inc. cut its purchase price for Yahoo! Inc. by $350 million after discovering earlier data breaches at the technology company, said Chad Holmes, an executive vice president at Optiv. But many declines in value happen after acquisitions are completed, and most of those go unpublicized, Holmes said.
Many companies in manufacturing and other industries are deciding to buy information-technology firms to help them compete, Holmes said Aug. 7 in an interview on the sidelines of a cybersecurity conference in Las Vegas. That exposes them to the risk of overlooking data breaches or other cyber problems at their targets.
“When you’re buying a tech firm, you’re really buying intellectual property,” Holmes said. “If that IP was already compromised, stolen, what you’re paying for can go down considerably. Cyber due diligence in mergers and acquisitions has become a must.”
Optiv advises some 7,500 companies worldwide, many on their acquisitions. KKR bought a majority stake in the firm last year for about $1.8 billion from a group of investors including Blackstone Group LP, which kept a minority stake. Optiv’s customers include companies in the KKR and Blackstone portfolios, Holmes said.
©2018 Bloomberg L.P. All rights reserved. Used with permission