Over the past decade environmental due diligence has become a normal part of investment and acquisition due diligence. With cyber security breaches becoming more common and often very costly, this area will be increasingly diligenced in acquisition transactions.
How well a company has locked down its systems and data will have a direct effect on how much a potential buyer is willing to shell out for an acquisition — or whether a buyer will even bite in the first place, said a panel of cybersecurity experts Thursday. The reason is that cybersecurity is becoming a key factor in analyzing the amount of risk that a financial or strategic buyer would take on with an acquisition. "We did an acquisition one time — about $10 million. It brought tons of servers, a big IT infrastructure," said Howard Schmidt, a partner with consulting firm Ridge Schmidt Cyber LLC, of a transaction that occurred during his time as chief security officer at Microsoft. "When all was said and done, it cost more than $20 million to rebuild the systems ... "