Request Demo

Corporate Compliance and Oversight

Marriott Breach Points To Issue In Security Reporting In M&A Deals

down-arrow

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to passport numbers to birth dates, had been compromised over four years. Specifically, the cybercriminals accessed the Starwood reservation database - Starwood hotels merged with Marriott in 2016.

While a breach of this size is unique, the situation is all too familiar. We saw in March that UnderArmour acquiree MyFitnessPal had over 150M users’ data compromised, causing UnderArmour’s stock to plummet. FedEx subsidiary TNT Express also was the victim of an attack, but FedEx was the one to feel the financial impact.

While it may not be the strategy of the cybercriminals to infiltrate potential acquisition targets, the trojan horse impact for these large acquiring enterprises can ripple for years after the acquisition.

The need for transparent cybersecurity reporting

During an M&A deal, the primary focus of the acquirer is the financial solvency of the organization. To investors, cash flow is still the currency in a deal. We live in a world, though, where information and data are just as important as cash flow. Specifically, the security protecting that data needs to be just as critical to an M&A conversation as the financial status of the acquiree.

For many organizations that still use spreadsheets, articulating the status of the security program in an effective and time-efficient manner to non-technical investors and stakeholders is nigh impossible.

CISO’s will become a critical player in M&A deals

As information security is seen as a critical business function, breaches like Marriott will become cautionary tales for M&A teams. CISO’s will need platforms and solutions that deliver comprehensive reports to summarize their program during an M&A event.

Both the buyer and seller will also need a single-pane-of-glass integrated risk solution that helps combine the two programs after the M&A event.

CISO’s need the tools to report

As we see with too many large organizations, it is too easy to overlook a cybersecurity program when it lives on spreadsheets. The fragmentation that a check-box compliance program has will continue to leave breaches like this undetected. As we’ve seen, the need for an integrated risk management solution is clear from an operational standpoint. What we will start seeing now is an integrated solution being mandated by the board and M&A committees.

You may also like

The Guide To A CEOs First ...
on May 16, 2019

One of the greatest challenges that CEOs and business-side leaders are faced with when tasked with implementing a cybersecurity program is the board-level reporting that goes on ...

Jerry Layden
What The NIST Privacy Framework ...
on May 14, 2019

On Wednesday May 1, the National Institute of Standards and Technology (NIST) released their latest draft version of the much anticipated NIST Privacy Framework. Following the ...

Padraic O'Reilly
The CEO's Guide To Understanding ...
on May 9, 2019

With high profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front row seat to the impact that cybersecurity can have on ...

Jerry Layden
The NIST Privacy Framework Is More ...
on May 17, 2019

In recent weeks, the National Institute of Standards and Technology released their latest draft of the new privacy framework. The forthcoming privacy framework will join NIST’s ...

The Road To An Internet Of Things ...
on May 2, 2019

As we’ve seen before, one of the greatest cybersecurity threats facing both consumer- and enterprise-focused organizations is the rise of connected devices - the internet of ...

George Wrenn
Is The NIST CSF Replacing HIPAA In ...
on April 30, 2019

In the recently released Cynergistek report on the state of healthcare sector cybersecurity framework adoption, I noticed an interesting trend - the rise in NIST CSF adoption and ...

George Wrenn