http://www.darkreading.com/attacks-breaches/could-security-concerns-scuttle-manda-and-investment-deals/d/d-id/1319798
By Ericka Chickowski
Dark Reading
April 6, 2015
Last week's breach of communication software start-up Slack offered a
great example of how information security is not just a big consideration
of customers and business partners, but also potential investors and
acquiring companies. Increasingly, financial experts believe that the
examination of a company's IT security posture should be as much a part of
the due diligence process prior to investment or mergers and acquisition
activity as an ROI analysis should be.
In the case of Slack, the breach occurred just after the company was
rounding up $160 million in investment. According to a report from the
Wall Street Journal, "It’s unclear when Slack discovered the breach or if
new investors were told of it before they agreed to the deal." Because the
funding story was the result of leaked information from confidential
sources and the company is pretty closed-mouthed over the deal, it may be
hard to ever know if the breach has or will materially impact the closing
of Slack's latest funding round. But one thing you can bet on is that as
large-scale breaches continue to gain awareness in the board room, M&A and
other investment deals may include security contingencies to cover
investors' backsides.
"I could foresee a situation in which, number one, a deal might go
through, but one of the terms is that certain upgrades and certain
measures be taken from a data security perspective between the time of
signing and closing," says Scott Vernick, head of the data security and
privacy practice at the law firm Fox Rothschild LLP. "And, two, I could
see closing contingent upon there being no material adverse changes, just
like anything else. I could also see certain holdbacks from the purchase
price if the buyer determines that you've got to spend $5 million or $10
million or whatever it is to bring someone up to best practices or a more
robust security environment."
As Vernick explains, though security evaluation adds yet another layer of
complexity to the already arduous due diligence process, it is something
that shouldn't be optional within the vetting process for M&A.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
