The United States experienced a record number of mergers and acquisitions over the last two years, a trend that corporate executives expect to continue. When evaluating potential M&A targets, corporate boards have traditionally focused on financial, legal, and structural implications. There is a new consideration, however, that must be taken into account: cyber-security.
Case in point: In October, Wall Street investment firm Muddy Waters Capital shorted the stock of St. Jude Medical after receiving a research report of cyber-security vulnerabilities in their pacemakers. Outside extraordinary disclosures like St. Jude’s, cyber-security compliance problems are one of the most common types of issues uncovered during the due diligence process surrounding M&A. A recent report from management consultants West Monroe Partners found that 70 percent of senior M&A practitioners discovered a cyber-security problem after a deal went through, while only about a third of respondents identified cyber-security-related compliance issues during the due diligence process.
