Article

The Yahoo Breach and M&A Due Diligence

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,187 viewsSign in to rate
The Yahoo hack demonstrates that cyber security has become a fundamental part of M&A transactions. Data breaches and a failure to comply with governmental and industry standards can impact a company in many ways, as Yahoo is finding out the hard way. The company’s recent disclosure of a massive data breach, which resulted in 500 million user accounts being compromised, resulted in multiple class action lawsuits being filed against the company and may trigger a government investigation into why it took so long to disclose the breach. The Yahoo breach has also shaken up the mergers and acquisitions (M&A) world, and it may have put its planned acquisition by Verizon at risk. As data breaches, ransomware, DDoS attacks, and other cyber attacks escalate in frequency, severity, and cost, cyber security due diligence has emerged as a serious issue in the M&A sector. Information security issues at an acquisition target could significantly impact a deal’s price, keep the deal from going forward at all, or, if the problems are not detected during the due diligence process, inflict a world of pain on the acquirer company; should its deal to acquire Yahoo go through, Verizon is reportedly planning to put $1 billion in reserve to cover the costs to clean up the breach. While the Yahoo breach has put cyber security due diligence into the spotlight, scenarios where M&A deals were negatively impacted by cyber security issues have been occurring for some time. A survey of senior M&A executives by consulting firm West Monroe Partners, published several months before the Yahoo hack, found the following: • 80% of respondents felt cyber security issues were “highly important” to M&A due diligence • 40% of acquirers had discovered a cyber security issue at an acquired firm after a deal had gone through • 32% of respondents pointed to a lack of qualified personnel involved in the diligence process in recent deals Respondents also reported that the three most common cyber security problems uncovered during the M&A due diligence process were compliance issues (70%), the lack of a comprehensive data security infrastructure (40%), and vulnerability to insider threats (37%). What Can Acquirers and Acquisition Targets Do? The Yahoo hack did not happen out of thin air; it was the result of years of the company repeatedly putting the product user experience ahead of security and refusing to implement even the most basic proactive cyber security measures. Acquisition targets must take their cyber security as seriously as they take their accounting practices. This includes not just protection against breaches but ensuring that the company is compliant with all applicable regulatory and industry standards. Conversely, acquirers must pore over a target company’s cyber security and compliance practices as carefully as they would the company’s books. Additionally, nearly 1/3 of the respondents to the West Monroe survey complained of a lack of qualified personnel to perform cyber security due diligence. This is not surprising. Cyber security is a complex, dynamic field; new threats and technologies are emerging daily, and most firms do not have the monetary or human resources to handle their own information security-in house. Outside cyber security experts should be involved in the M&A process on both ends. Target companies should have security vulnerability studies conducted before putting themselves on the market, and acquirers must enlist help to perform due diligence during the acquisition process.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026