Don’t Acquire a Company Until You Evaluate Its Data Security
Extract from an article by Chirantan Chatterjee and D. Daniel Sokol as published by Harvard Business Review
In any transaction between an acquiring company and a target company (seller), there is asymmetric information about the target’s quality. While managers have long understood this concept, recent events shed light on an emerging nuance in M&A — that of the data lemon. That is, a target’s quality may be linked to the strength of its cybersecurity and its compliance with data privacy regulation. When an acquirer does not protect itself against a data lemon and seek sufficient information about the target’s data privacy and security compliance, the acquirer may be left with a data lemon — a security breach, for example — and resulting government penalties, along with brand damage and loss of trust.
So what to do about data lemons? You can simply make the deal anyway, especially if the value created by the deal outweighs the risks. Or you can take the Verizon path and reduce the valuation post-acquisition. We propose a third option: due diligence not just on the financials of the target firm, but also its regulatory vulnerabilities during the M&A discussion process. The idea is to identify potential data breaches and cybersecurity problems before they become your problem.
- An Abridged Look at the Business of eDiscovery: A Short List of eDiscovery Investors
- An Abridged Look at the Business of eDiscovery: Mergers, Acquisitions, and Investments
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.