Mar 02 2017

Cybersecurity and M&A: What can we learn from Yahoo?

Yahoo announced yesterday that CEO Marissa Mayer would forfeit a $12 million equity bonus due to the security breach incurred during her tenure.  The general counsel Ron Bell was forced to resign.  The breach cost Yahoo $350 million from its top value in the sale to Verizon and the company now faces at least 43 class action suits.

These events should serve as a warning to anyone in the M&A business.  A compromise assessment should be a part of any due diligence package done by investors.  You will want to know BEFORE term sheets are in process whether or not the company in question has had a breach.

Executives should also take note.  Boards will hold them accountable.

President Reagan had a famous saying, “Trust, but verify.”  Executives should ask for 3rd party verification of their company’s security.  Most CISOs would actually agree.  Their teams are usually doing a great job, but are understaffed and often underfunded.  Another set of eyes on a potential problem can make a big difference.  To quote Secretary Rumsfeld,

Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don’t know we don’t know.”

Don’t wait to find out the ‘unknown unknowns’ the hard way…