It can be an especially exciting time for a company when it is about to enter into an acquisition agreement, both for the acquirer and acquiree. But before the deal is done, both companies must undergo a due diligence process to objectively examine financials and include the valuation of tangible and intangible assets, such as debts, contracts and other pertinent information. One topic that continues to be overlooked in this process is a company's cyberrisk. Given the potentially costly repercussions a major cybersecurity event can have on a company's liability, financial position or brand value, this oversight is both surprising and foolhardy.

According to a recent survey by global law firm Freshfields Bruckhaus Deringer, “Cybersecurity in M&A,” 78 percent of global respondents believe cybersecurity is not analyzed in great depth or specifically quantified as part of the merger and acquisition due diligence process. Interestingly, 83 percent of respondents said they believe a deal could be abandoned if previous breaches were identified, and 90 percent of such breaches could reduce the value of a deal.

Why then is cybersecurity so often overlooked during the due diligence and financial valuation phase?

Cybersecurity as a Measure of Financial Value

With almost every industry connected to cyberspace to some degree, a company's ability to defend or mitigate a cyberattack and get back to business quickly has become a barometer for its customers, partners, investors and insurers. Corporate efforts that protect, recover and sustain asset values online are critical to determining pricing and market value. Consider that a company's asset values can shift dramatically as a result of a data breach or other security event. Thus, financial methods that inadequately measure corporate security unwisely prioritize near-term and known asset values in an acquisition rather than the long-term, future-oriented and intangible values.