<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Corporate Compliance and Oversight, Cybersecurity for Boards and CEOs

Marriott Breach Points To Issue In Security Reporting In M&A Deals

down-arrow

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to passport numbers to birth dates, had been compromised over four years. Specifically, the cybercriminals accessed the Starwood reservation database - Starwood hotels merged with Marriott in 2016.

While a breach of this size is unique, the situation is all too familiar. We saw in March that UnderArmour acquiree MyFitnessPal had over 150M users’ data compromised, causing UnderArmour’s stock to plummet. FedEx subsidiary TNT Express also was the victim of an attack, but FedEx was the one to feel the financial impact.

While it may not be the strategy of the cybercriminals to infiltrate potential acquisition targets, the trojan horse impact for these large acquiring enterprises can ripple for years after the acquisition.

The need for transparent cybersecurity reporting

During an M&A deal, the primary focus of the acquirer is the financial solvency of the organization. To investors, cash flow is still the currency in a deal. We live in a world, though, where information and data are just as important as cash flow. Specifically, the security protecting that data needs to be just as critical to an M&A conversation as the financial status of the acquiree.

For many organizations that still use spreadsheets, articulating the status of the security program in an effective and time-efficient manner to non-technical investors and stakeholders is nigh impossible.

CISO’s will become a critical player in M&A deals

As information security is seen as a critical business function, breaches like Marriott will become cautionary tales for M&A teams. CISO’s will need platforms and solutions that deliver comprehensive reports to summarize their program during an M&A event.

Both the buyer and seller will also need a single-pane-of-glass integrated risk solution that helps combine the two programs after the M&A event.

CISO’s need the tools to report

As we see with too many large organizations, it is too easy to overlook a cybersecurity program when it lives on spreadsheets. The fragmentation that a check-box compliance program has will continue to leave breaches like this undetected. As we’ve seen, the need for an integrated risk management solution is clear from an operational standpoint. What we will start seeing now is an integrated solution being mandated by the board and M&A committees.

You may also like

How Does FAIR Fit into ...
on September 26, 2022

The Factor Analysis of Information Risk (FAIR) methodology breaks down risk into elements that organizations can compute, understand, analyze and quantify cyber threats and their ...

All-in-One Cybersecurity Board ...
on September 19, 2022

CISOs and Board Members can no longer ignore the importance of cybersecurity. New cyber attacks and threats surface every week and threaten the security of business operations. ...

Rules for Effective Cyber Risk ...
on September 12, 2022

Cybersecurity threats are becoming more challenging for businesses. According to PurpleSec’s Cyber Security Trend Report in 2021, cybercrime surged by 600% during the pandemic, ...

A Pocket Guide to Factor Analysis ...
on September 14, 2022

FAIR, short for Factor Analysis of Information Risk, is a risk quantification methodology founded to help businesses evaluate information risks. FAIR is the only international ...

Your Guide to Cyber Risk ...
on August 30, 2022

During the pandemic, online businesses flourished as people turned to e-commerce stores to shop from the comfort and safety of their homes. This unprecedented expansion of ...

Pros and Cons of Continual ...
on July 22, 2022

The cybersecurity landscape is constantly changing with the hackers that threaten this industry continually advancing their attack techniques. According to the Sophos 2022 Threat ...