Merger and acquisition activity continues to be strong across multiple sectors. The people, processes and technology that one organization acquires when absorbing another, are essential to the purchasing company’s merged value realization and should be taken seriously. However, a fundamental shift is in progress. While people, processes and technology are still immensely important, the increasingly larger and vast quantities of data and data sources that companies have creates a fourth equally (if not more) vital asset and potential liability that should be considered.
Cybersecurity, data security, data privacy, and data breach risks are critical due diligence issues in the ultimate outcome of a successful transaction. Data has become a significant asset in companies across all industry groups and needs to be thoroughly discovered and classified pre-close of a transaction, and then rapidly secured post close. Post-acquisition discovery of security problems, and even notifiable breaches, is a far too common scenario. Discovering unknown data integration issues and security vulnerabilities can delay the successful integration of the newly acquired entity, leading to a loss in touted M&A value.
Best practices in our current environment dictate conducting a complete data discovery, classification, governance, and master data discovery audit of the acquired company to limit acquiror liability in the future. And to understand the impact on integration and meeting regulations such as HIPPA, PCI, CCPA and GDPR. According to Forbes, 40% of the acquiring companies engaging in a merger and acquisition transaction discovered a cybersecurity problem while integrating the acquired company post-transaction. One of the more publicized examples was Verizon’s discovery of a prior data breach at Yahoo! after executing an agreement to purchase the company. The discovery almost killed the deal, and resulted in a $350 million reduction in the purchase price paid by Verizon, Yahoo! paying a $35 million penalty to settle securities fraud charges alleged by the U.S. Securities and Exchange Commission, and an additional $80 million to settle securities lawsuits generated by shareholders. In another large breach, Marriott International found out subsequent to its merger with Starwood that hackers had stolen records for more than 500 million Starwood customers over a four-year period.
Deep Web scans during due diligence should be conducted to identify if any of the target company’s data is already stolen and up for sale. In order to perform a thorough scan, however, the acquiror needs to know where the data resides. WhamTech’s SmartData Fabric® uses a semi-automated capability/tool that enables organizations to accelerate discovery to insights to outcomes. By allowing initial discovery leveraging a widely-used open source network discovery tool to gain an understanding of devices/servers on the network that contain data sources, Deep Web scans can be more effectively implemented.
After closing a transaction, the rapid securing of all data is imperative. The WhamTech security-centric Merger and Acquisition Tool (MAT) uses SmartData Fabric® to run across fragmented and often siloed data sources—and successfully integrates multiple systems without copying or moving any of the original source data. WhamTech SmartData Fabric® MAT complements and leverages existing systems, applications and tools, and is not intended to be an expensive replacement, but rather enable additional advanced capabilities such as data security and seamless and automatic master data integration – thus providing rapid security in addition to smoothing many other post-merger integration challenges.
About WhamTech
WhamTech, Inc. is a software company whose mission is to develop security-centric distributed virtual data, master data and graph data management, and analytics technology software products. WhamTech develops these products to anticipate, meet and exceed the demands of customers seeking an alternative to the conventional approaches of data warehouses, federated data access with conventional adapters and enterprise search. WhamTech’s goal is to provide an improved and more seamless way to work with data, by leaving it where it resides, and change the way fundamental and advanced data management is addressed. For more information, visit WhamTech at www.whamtech.com or follow @WhamTech_Inc on Twitter.
By:
Larry King, CPA, CGMA WhamTech CFO/COO
Contact
Larry King, 972-991-5700 ext. 703
larry.king@whamtech.com