Log in
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 

MarketScreener Homepage  >  News  >  Economy & Forex  >  All News

News : Economy & Forex
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance Pro.CalendarSectors 
All NewsEconomyCurrencies / ForexCryptocurrenciesEconomic EventsPress releases

Companies Sharpen Cyber Due Diligence as M&A Activity Revenue Up

share with twitter share with LinkedIn share with facebook
03/05/2018 | 12:16am EDT

By Kim S. Nash and Ezequiel Minaya

Automatic Data Processing Inc. deployed a team of cybersecurity, risk management and financial-crime specialists to WorkMarket before acquiring it in January.

The ADP team combed the software maker's technology, practices and internal policies. It also interviewed staff about monitoring for intrusions, training employees and performing other security tasks. The payroll processor also hired a cybersecurity firm to do its own evaluation.

Security problems, said ADP's chief security officer Roland Cloutier, could kill any deal.

"If we found out data was exfiltrated, we may walk away," he said. "We've looked at a lot of companies and only purchased a few. Security always plays a part."

Companies are intensifying due diligence of acquisition targets to avoid costly cybersecurity surprises, particularly when intellectual property, such as software code or customer data drive the deal.

Scrutiny will continue as merger and acquisition activity heats up on expectations of extra cash from lower corporate tax rates. As of late February, 18 transactions valued at more than $5 billion each have been announced -- up from 10 such big deals during the same period in each of 2017 and 2016, according to Dealogic.

Gaps in data protection, undiscovered breaches, regulatory violations and other holes in a company's technology operations can threaten transactions. Such problems can also decrease the value of a deal or leave an acquirer liable for problems after a merger.

ADP investigators typically look for troublespots such as signs of an unauthorized presence on the target's network and scant or no evidence that employees have received security training.

No significant problems surfaced at WorkMarket, but deep study of a target's cybersecurity helps executives forecast deal costs, Mr. Cloutier said. ADP typically spends two to four months on the process.

Problems can arise even years later. FedEx Corp. moved quickly last month to secure a server that exposed data from customer driver's licenses and passports. FedEx inherited the server when it bought e-commerce service Bongo International in 2014.

Four or five years ago, cybersecurity due diligence consisted of asking a few questions in a short phone call, said Evan Wolff, a partner at Crowell & Moring LLP.

Now data compromises can diminish the value of a transaction, he said. Suspected theft of sensitive data uncovered through due diligence "becomes a business issue," he said.

Verizon Communications Inc. last year renegotiated an acquisition proposal with Yahoo Inc.'s board after details emerged about massive hacking incidents. Verizon would ultimately learn all three billion Yahoo accounts were hit.

As a result, Verizon lowered it's proposed purchase price by $350 million to $4.48 billion.

The company did studies to assess potential reputational harm and future risks, said Craig Silliman, Verizon's general counsel, speaking at a Wall Street Journal conference in December. "We said, 'We feel like we have enough clarity that we can put parameters around the risk here and negotiate a deal that effectively compensates us for the risk.'"

Home Depot Inc. performed cyberrisk due diligence before buying retailer The Company Store and tool-rental firm Compact Power Equipment Inc. in 2017, said finance chief Carol Tomé.

"Our plans are basically to integrate these companies," Ms. Tomé said. Their operations will be moved to Home Depot's platforms and networks, she said. "So we're closing down any little holes that the threat actor could take advantage of."

The company has assessed cyberrisk on potential deals for the past decade, according to a spokesman. Getting breached in 2014 elevated cybersecurity concerns among senior leaders at Home Depot, Ms. Tomé said. Hackers stole email and payment-card information of up to 56 million customers.

Home Depot's due diligence playbook includes penetration testing, Ms. Tomé said. "We have a heightened sense of awareness in this area and our due diligence is exhaustive."

Waste Management Inc. doesn't dedicate a team to cyber issues during the diligence phase. The company instead focuses on the later stage of moving data from the target's systems into its own, said CFO Devina Rankin.

The company spends $100 million to $200 million a year on garbage and recycling haulers. Legal, finance and digital groups move data about employees at acquired companies, usually within a week of closing the transaction. Customer data is absorbed within one month, she said.

Acquirers sometimes find costly cybersecurity issues embedded in contracts that a target signed with its own customers, said Buck De Wolf, general counsel for General Electric Co.'s global research group. GE has purchased at least 14 companies since 2015, including several small software providers, according to its annual reports.

Small companies hungry for sales might make onerous promises about how they will help and what they will pay for in a data breach related to their products, Mr. De Wolf said, speaking at security conference in December. It can be "a Trojan Horse" when taking on a new company, he said. Reviewing contracts helps GE avoid these problems, he said.

Tatyana Shumsky contributed tot this article.

Write to Ezequiel Minaya at ezequiel.minaya@wsj.com

Stocks mentioned in the article
ChangeLast1st jan.
ALTABA INC. 0.00% 19.63 Delayed Quote.0.00%
AUTOMATIC DATA PROCESSING, INC. 1.08% 137.99 Delayed Quote.-19.93%
FEDEX CORPORATION 6.55% 183.53 Delayed Quote.13.91%
GENERAL ELECTRIC COMPANY 1.11% 6.4 Delayed Quote.-42.65%
JUST GROUP PLC 2.06% 46.54 Delayed Quote.-41.09%
LINE CORPORATION 0.19% 5390 End-of-day quote.0.75%
ONE STOP SYSTEMS, INC. -2.89% 2.69 Delayed Quote.33.17%
TEAM, INC. 10.18% 5.41 Delayed Quote.-66.12%
THE HOME DEPOT, INC. 0.84% 271.64 Delayed Quote.24.39%
VERIZON COMMUNICATIONS 1.21% 58.53 Delayed Quote.-5.81%
WASTE MANAGEMENT 2.13% 112.72 Delayed Quote.-1.09%
WILL GROUP, INC. 3.10% 599 End-of-day quote.-52.16%
share with twitter share with LinkedIn share with facebook
Latest news "Economy & Forex"
01:59pU.S. CDC reports 4,974,959 coronavirus cases
01:35p'LIKE GOLD' : Canadian canola prices spike as shippers find back door to China
01:23pMillennials Slammed by Second Financial Crisis -2-
01:23pMillennials Slammed by Second Financial Crisis Fall Even Further Behind
01:14pSaudi Arabia's tourism landmark Al Ula signs agreement with Accor
12:17pDonors promise 'major' humanitarian aid for Lebanon
11:54aAH&LA AMERICAN HOTEL & LODGING ASSOCIATION : Ahla statement on executive orders
11:35aSaudi Aramco says it still plans to pay $75 billion in dividends for 2020
11:09aWORLD BANK : More productive activities and opportunities for improving the livelihoods of Miskito communities in Honduras
10:55aSaudi Aramco's profit plunges 73.4%
Latest news "Economy & Forex"