Coronavirus Cybersecurity Concerns Could Add Hurdles to Dealmaking

Coronavirus Cybersecurity Concerns Could Add Hurdles to Dealmaking 

Remote-work upheaval raises due diligence and business integration questions, experts say

The new coronavirus has thrown dealmaking into disarray, and cybersecurity experts say the workplace upheaval caused by the pandemic will complicate mergers and acquisitions when activity picks up.

Countless employees are working remotely on networks that might be vulnerable to attack, while others with access to confidential data have been laid off or furloughed. These developments accentuate cybersecurity issues crucial to good due diligence and business integration, experts say.

More risks hang over every potential deal, said Stacy Scott, managing director of risk-consulting firm Kroll Inc.’s cybersecurity and investigations practice: “Are we buying a breach?” 

Office closures have widened openings for opportunistic cyberattackers as companies have scrambled to expand virtual private networks and other remote-work capabilities. Employees’ use of personal laptops, mobile phones and printers can also create more security weaknesses.

The scale and speed at which businesses pivoted to remote work could make routine security practices, such as two-factor authentication or use of mobile device management services, more difficult to track internally, said Steven Chabinsky, retired partner of counsel at law firm White & Case LLP. Would-be buyers will have to validate during due diligence that target companies took proper precautions as they got workers online, Mr. Chabinsky said.

Those security questions extend to the due diligence process itself as more executives and lawyers work from home offices and communicate digitally, said Deborah Golden, U.S. cyber risk services leader at consulting firm Deloitte LLP.\

“When you think about the collaboration capabilities that are needed [in due diligence], how do you make sure you’re adequately protecting things like data privacy?” Ms. Golden said.

Layoffs and furloughs at many companies could add risk, said Joe Nocera, a partner in PricewaterhouseCoopers LLP’s cybersecurity and privacy practice. Current and former employees were the sources of 56% of cybersecurity incidents, according to a PwC survey of executives published in 2018, the most recent information available.

Coronavirus-related lockdowns forced many businesses to permanently or temporarily revoke employees’ access to computer networks with little advance planning, Mr. Nocera said.

“The idea that [companies] would remove thousands of employees’ access to information overnight is something that they’ve historically not had to do with their security systems,” he said. Buyers and sellers will have to show that they offboarded employees amid the confusion in a way that protected intellectual property, Mr. Nocera said.

M&A has nearly ground to a halt as the pandemic batters the global economy and curtails the in-person meetings so vital to sensitive negotiations. Beaumont Health Chief Executive John Fox said last week the Michigan-based medical provider is deferring a planned merger in Ohio because of uncertainties during the pandemic. 

Dealmaking volume excluding debt in 2020 dropped 56% in the U.S. and 34% globally through April 22 compared with the same period last year, according to analytics firm Dealogic LLC.

Dealmaking is likely to pick up as the economy reopens and businesses can forecast their earnings with more certainty. Healthy businesses will likely target weaker counterparts for acquisitions. Companies that can adapt their cybersecurity practices to the coronavirus pandemic could become more appealing acquisition targets down the road, said Sam Olyaei, an analyst with technology research firm Gartner Inc.

The fear of cyberattacks, coupled with regulations such as New York state rules requiring financial firms to assess and manage cyber risks, has pushed security to the fore among senior executives and board members in recent years, Mr. Olyaei said.

“This pandemic will be a catalyst for more cyber risk awareness at the board level—obviously also at the organizational level—and that will trickle down to things like M&A,” he said.

Article source: https://www.wsj.com/articles/coronavirus-cybersecurity-concerns-could-add-hurdles-to-dealmaking-11587979802