Evaluating Cybersecurity Risks in Mergers & Acquisitions

  • Threat Beta,  

Understanding cyber threats is a key element to due diligences

Not long ago, due diligence around mergers and acquisitions focused primarily on financial performance and product pipelines. Today, vulnerability to cyber threats is a key element in this process – as Yahoo found when two massive cyber-attacks led Verizon to reduce its purchase price for the Internet company by $350 million.

Cybersecurity impacts the value of a company

Now that all companies rely on interconnected digital data and IT systems, infrastructure security has a real impact on the value of the company to a purchaser –in terms of the cost of upgrading to more secure hardware, and of potential damage to stock price and brand equity from previous, ongoing or potential cyber-attacks. According to an IBM study, the average global cost of a data breach is close to $4m – and this is before reputational damage is taken into account.

Quantifying cybersecurity risks requires a clear measure of the likelihood and severity of a cyber-attack, broken down by attack type and potential financial losses. There is also a need for threat risk quantification to assess financial impact by asset type, and for benchmarking to allow comparisons within a particular industry sector and historically.

Beware of cyber vulnerability

Without appropriate cyber due diligence, “the acquirer in an M&A transaction is at risk of buying the cyber vulnerability of the target company and assuming the damage and liability from incidents it suffers,” writes the American Bar Association. The acquirer may not understand the potentially devalued nature of the assets it is buying, nor the size of liabilities it may take on.

Threat Beta – measures cybersecurity threats

In an innovative approach to measuring the cybersecurity threats of an individual company from an attacker’s point of view, Cybeta’s Threat Beta™ solution, uses proprietary data algorithms to assess a company’s risk cluster, technology vulnerabilities, and third-party exposure in comparison to all other companies. With this new rating standard, a higher number the more likely an attacker can exploit a technology’s vulnerabilities. This tool can also evaluate vendors, applications, and technologies, to enable business leaders to focus on areas that pose the greatest enterprise risk.

Threat Beta’s proprietary algorithm was built using machine learning and industry expertise to analyze any public and private company. This can provide a direct, real-time comparison of their relative risks. For example, Marriott’s Threat Beta indicated that an attack was imminent – and could potentially have saved them large sums of money, while protecting brand reputation and customer trust.

Predict and prevent cyber-attacks with Threat beta. Built by experts from various U.S. National Intelligence communities and designed to mimic the best cyber adversaries, Threat Beta provides critical insights into your organization’s cyber posture at present, over time, and into the future.

Related Posts
Insight

Communicating Cyber Risks to the Board: The Value of a Comparative Metric for Investment Decision-making

February 2019 Full Story
Insight

Credential Stuffing Attacks are on the Rise

April 2019 Full Story
Insight

Tips to Help Prevent, Detect, and Respond to a Data Theft

January 2019 Full Story
Insight

Cyber Health Check

March 2019 Full Story
Insight

Evaluating Cybersecurity Risks in Mergers & Acquisitions

May 2019 Full Story