Large data breaches such as Equifax, Marriott Starwood and Global Payments have received a lot of press. What is not getting as much coverage is the large number of data breaches that impact the SMB marketplace. In 2017, cyberattacks cost small to medium-sized businesses an average of $2,235,000, according to Ponemon Institute’s “2017 State of Cybersecurity in SMBs” report.
Hackers target smaller firms because they do not have the same security and compliance standards or enforcement as larger companies which makes them easier to penetrate. Gaining access to smaller companies who serve as third party vendors can provide access to larger companies, as with the Target and Saks Fifth Avenue data breaches. Unfortunately, this is a growing trend in cyberattacks. Ponemon Institute’s third annual “Data Risk in the Third-Party Ecosystem“ study, released in November 2018, found that 59 percent of respondent companies experienced a data breach caused by a third party or vendor.
The Wall Street Journal reported on the growing importance of cybersecurity due diligence in M&A in March 2018: 1Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal. Gaps in data protection, undiscovered breaches, regulatory violations and other holes in a company’s technology operations can threaten transactions. Such problems can also decrease the value of a deal or leave an acquirer liable for problems after a merger.
MAPP Advisors focuses on the SMB payments market for mergers and acquisitions. We provide pre and post-transaction consulting. Our advisory services include cybersecurity due diligence and risk mitigation services for payments businesses and portfolios. Our services can significantly enhance the value of a payments asset for both buyers and sellers. To learn more about our M&A advisory services, contact [email protected].
1Nash, K.S. & Minaya, E. (March 5, 2018). Due diligence on cybersecurity becomes bigger factor in M&A. Wall Street Journal. Retrieved March 27. 2018, from https://www.wsj.com/articles/companies-sharpen-cyber-due-diligence-as-m-a-activity-revs-up-1520226061