Group items tagged

Data breaches can have a big effect on a merger's overall value. There appears to be a worrying level of complacency toward the assessment of cyber-risks during M&A deals, despite increasing awareness of the cybersecurity risks facing businesses. International law firm Freshfields Bruckhaus Deringer found in a survey shared with Infosecurity that 90% of respondents believe cyber-breaches would result in a reduction in deal value; and 83% of dealmakers believe a deal could be abandoned if cybersecurity breaches are identified during deal due diligence or mid-transaction. Yet, too few tie-up architects are addressing the threat. A majority (78%) say that cybersecurity is not a risk that is currently analyzed in-depth or dealt with in deal due diligence. "It's surprising that dealmakers recognize the growing threat of cyber-attacks to businesses, but generally aren't addressing that risk during deals," said Chris Forsyth, co-head of the firm's international cybersecurity team. "You wouldn't dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks its faces around data management and cyber-security?" The firm said that the effect of a cyber-incident on value would work both ways - a business with a good track record and robust processes could be worth more than competitors, while a business with a bad track record could be worth less.

In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure. The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this, Swartz fought again. "It sort of lets the government run roughshod over privacy protections and share personal data about you," he said of the bill at the time. Again, he prevailed. Now, a year and a half after Swartz killed himself, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an article about the bill, the ACLU's Sandra Fulton wrote: CISA "poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws."