- in 2016, Marriott acquired Starwood for $13.6 billion, unaware that Starwood's reservation system had been attacked which exposed personal data of nearly 500 million of its customers.
- In 2017, Verizon discounted its original $4.8 billion purchase price of Yahoo by $350 million after it learned--post acquisition--of the latter's data breach exposures.
- In 2016, Abbott announced the acquisition of St. Jude Medical, a medical device manufacturer based in Minnesota, only to learn of a hacking risk in 500,000 of St. Jude's pacemakers a year later in 2017. Abbott ending up recalling the devices.
BOTTOM LINE: when purchasing an item of unknown value (you don't know whether a target acquisition has hidden liability associated with data breaches), anticipate that the target may have better information than the acquirer which would make the target more likely to sell because the target knows it is not worth what the acquirer has offered. Acquirers should "find the problem before they own it." (HBR Article)
Evidence that acquirers are anticipating adverse selection: After the EU adopted stricter liability associated with data breachers in the form of GDPR, venture capitalists were less likely to invest in startups or and a number of deals fell apart:
Evidence that acquirers are anticipating adverse selection: After the EU adopted stricter liability associated with data breachers in the form of GDPR, venture capitalists were less likely to invest in startups or and a number of deals fell apart:
- One study estimated that venture capital invested in EU startups fell by as much as 50 percent due to GDPR implementation. (NBER)
- “55% of respondents said they had worked on deals that fell apart because of concerns about a target company’s data protection policies and compliance with GDPR” (WSJ)
No comments:
Post a Comment