The Cyber Short: Cybersecurity Implications and Considerations for M&A

Abbott Laboratories (ABT), a global manufacturer of healthcare product, announced the acquisition of St. Jude Medical (STJ) in April 2016. The $25 billion deal is now in peril after a recently-released cybersecurity report alleged that STJ’s pacemakers and defibrillators – part of a category that represents 50% of STJ’s revenues – were vulnerable to wireless cyberattack by hackers, jeopardizing the safety of thousands of device recipients.

The author of the security report, MedSec Holdings, fed their findings to Muddy Waters Research, an investment research firm that subsequently shorted STJ stock. This arrangement financially benefited Muddy Waters and Medsec when the damaging report was made public and the STJ’s stock price dropped more than 10%. As a result of the report, more shares of STJ were traded on the date of the cybersecurity report release than on the day the acquisition was announced in April.  Muddy Waters and other short-sellers stand to profit even more if the deal falls through because of these cybersecurity lapse disclosures.

Public scrutiny around acquisitions has heightened for both companies involved in a deal. Senior leadership, including the Board of Directors, must ensure that cybersecurity due diligence is conducted as faithfully as any other diligence area.  In a 2016 NYSE Governance survey, three-quarters of respondents said that a high profile data breach at an acquisition target would have serious implications on a pending acquisition.  Moreover, more than half of the respondents said that a high profile cyber breach would diminish an acquisition target’s value.   Cybersecurity risk can be viewed and managed as a risk amplifier of other categories like financial, operational and strategic risk. Though cybersecurity issues sometimes surface during the early diligence phase, it is more often the case that issues don’t become apparent until after the deal closes – during the integration phase – leading to integration delays, cost overruns, and, worse case, a breach.

Source: The Cyber Short: Cybersecurity Implications and Considerations for M&A

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s