September 13, 2023 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value
Cyber security due diligence failure can vaporize value during strategic transactions such as M&A deals. Use of assessments helps decrease risk exposure and improve company valuation.
Key Takeaways
-
Cyber security due diligence is crucial during M&A deals. Forgoing cyber security assessments can increase risk exposure, leading to target company devaluation.
-
Companies that have experienced a breach can gain intimate knowledge of security gaps and how to secure their assets. Demonstrating proactive security measures can enhance the attractiveness of such companies during M&A deals.
-
Companies can turn cyber risks into opportunities by identifying realized risks and documenting remediation steps to help avoid them in the future, enabling reputational resilience through preparedness.
A cyber event can be a dealbreaker, as headlines in recent years have shown. In 2017, Verizon lowered its original offer1 for Yahoo Inc by US$350 million in the wake of two massive cyber attacks, exposing its three billion user accounts.
Further, a US$13.6 billion deal between Marriott International and Starwood Hotels to create the world’s largest hotel operator was jeopardized2 after a major breach within Starwood's reservation system. The hack was a result of a four-year attack and appeared to be the second largest on record.
The fallout from such attacks goes beyond immediate financial loss. In cases of leaked customer data, trust in a company is easily lost and hard to regain.
Corporate reputation crises spanning the last four decades have destroyed more than 50 percent of value in over 12 percent of cases, as well as $1.2 trillion in shareholder value over a 40-year period. Further evidence shows that shareholders can lose an average of 26 percent of value during the year after a major reputation crisis.
What is the True Value of Reputation?
Today's risks of damaged reputation are amplified by interconnectivity, social media, and a 24/7 news cycle. But it is often the way that companies react to reputational risk events that have an even greater impact than the initial threat.
“The way leaders respond to a reputational risk event such as a cyber attack is a key indicator of leadership strength, and speaks to the value of their underlying business,” says Jason Disborough, Aon’s CEO of Multinational Clients (International). “This in turn has a very tangible effect on shareholder value and should be taken into consideration during M&A deals.”
Based on Aon research of 340 reputation events over the last 40 years, the average impact on shareholder value has been 7 percent over the post-event year, with losses equivalent to around US$830 billion. Read more about Aon’s research and practice on reputational risk analytics.
7-22%
Impact on company value following an unresolved cyber event
Source: Aon’s 2023 Cyber Resilience Report
Turning Threats Into Opportunity
Companies can turn cyber risks into opportunities through preparation and remediation — allowing both target companies and potential acquirers to see the bigger strategic picture.
Will Shortt, Director of Cyber M&A for Aon, shares a case study of a corporate travel company that turned a cyber breach from a dealbreaker into a dealmaker. “The company experienced a phishing attack that resulted in a data breach. However, it had a robust incident response plan, which enabled the firm to quickly contain the incident and minimize the impact.”
The plan also allowed the company to capture and document the story, providing a positive discussion point when acquired. “We ran a series of customer briefings post incident to engage the corporate travel company’s customers,” Shortt explained. “They were seen as the good guys, with integrity during the entire process of assessing, mitigating, transferring, and recovering from the cyber event.”
Aon’s Cyber Loop model for sustained cyber resilience aims to quantify insights for improved future decision making. By developing relevant quantified risk scenarios and assessing control effectiveness against these loss models, businesses can quickly decide how to best allocate budget to maximize resilience.
“Building a cyber resilience strategy that centers on an understanding of managing the most material risks to shareholder value is not only good risk management; it also demonstrates robust leadership and risk governance to potential acquirers, regulators, and involved financial market participants,” says Adam Peckman, Aon’s APAC Head of Cyber Solutions.
The company was able to demonstrate to the potential buyer the proactive measures taken to improve cyber security, including multi-factor authentication and regular third-party assessments. This increased the attractiveness of the company during the M&A deal, ultimately leading to a higher valuation.
-
Case study 1: Caught on Camera
As part of a tier-1 cyber due diligence, Aon’s non-intrusive technical analysis discovered live camera feeds of the internal data centers, creating a physical security risk. With reputational impacts for the target company averted, Aon structured clear remediation activities and costs — and the private equity client proceeded with the deal.
-
Case study 2: Saving a Deal
A non-intrusive analysis by Aon’s incident response team as part of a tier-2 cyber due diligence of an online retailer revealed the customer database was the target of a cyber attack. Investigators did not find any customer data actively being sold on major dark web forums, indicating the attack was not successful. The private equity investor was happy with new risk measures and proceeded with the deal.
-
Cyber Due Diligence Can Be Powered by W&I Insurance
By default, cyber risk is excluded from standard Warranty and Indemnity (W&I) insurance. However, through a structured cyber due diligence process, it can be included into the W&I policy.
“While anything historical will not be covered, any unknown unknowns will be,” explains Will Shortt, Director of Cyber M&A for Aon. “Having cyber due diligence proactively included in the contract can strengthen a target entity’s sell price.”
Cyber Readiness in Action
Cyber breaches are now not a question of “if,” but “when”. However, such events can be a catalyst for improving cyber security and building resilience — adding value in the long-run. Companies that have experienced a breach gain first-hand knowledge in understanding security gaps and how to take action to secure their assets. By contrast, companies that simply assume they are secure may have a gap in maturity3, a misalignment on risk management.
“When you've been through the process of actually having a major cyber incident where you have engaged experts, resolved the underlying issue, and improved your cyber security, this could be seen as a positive,” says Ian McCaw, Head of Digital M&A for Aon.
“By identifying realized risks and documenting steps to avoid them in the future, target companies can build trust among customers and prove their value to potential acquirers in ways that would not have been possible prior to threats manifesting,” he adds.
Related Solutions
M&A Cyber Security Readiness Checklist
1. Assess
Ensure a robust and documented process exists to demonstrate good risk governance to potential acquirers: Have you
assessed cyber threats and determined how security controls directly impact balance sheet exposure?
2. Mitigate
Technology or cyber due diligence will be a key workstream in any M&A transaction: Have you employed security
controls based on industry standards to minimize financial impact from cyber risks?
3. Transfer
Protection against financial volatility that may impact shareholder value is a critical component of M&A risk
management: Have you adopted reasonable risk transfer strategies for cyber and transaction risk to safeguard the
valuation?
4. Recover
Cyber events may occur during delicate stages in the M&A transaction: Have you implemented threat and security
monitoring, business continuity, and incident response protocols to expedite recovery?
Regardless of the company’s breach experience, cyber security should always be a priority when preparing for M&A deals. “This will allow companies to demonstrate their proactive security measures, enabling reputation risk resilience through preparedness,” McCaw advises. “After rising from the ashes of a cyber incident, companies can navigate to increased attractiveness and a positive deal outcome.”
By identifying realized risks and documenting steps to avoid them in the future, target companies can build trust among customers and prove their value to potential acquirers in ways that would not have been possible prior to threats manifesting.”
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. All descriptions, summaries or highlights of coverage described herein are also for general informational purposes only and do not amend, alter or modify the actual terms and conditions of any policy. Coverage is governed only by the terms and conditions of any relevant policy. Insurance coverage in any particular case will depend upon the type policy in effect. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of their particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted, or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
-
Podcast 34 mins
On Aon’s Better Being Series: The World Wellbeing Movement -
Podcast 29 mins
On Aon’s Better Being Series: Mental Health and Creating Kinder Cultures -
Podcast 28 mins
On Aon’s Better Being Series: Managing Loss and Grief -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Podcast 24 mins
On Aon’s Better Being Series: Human Sustainability
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
-
Cyber Labs 16 mins
Detecting “Effluence”, An Unauthenticated Confluence Web Shell -
Cyber Labs 10 mins
Financially Motivated Criminal Group Targets Telecom, Technology & Manufacturing -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value -
Article 14 mins
To Combat Cyber Risk, Businesses Invest in Resilience -
Article 12 mins
For Cyber Readiness, the CISO and CRO Join Forces -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 38 mins
Buyer-Friendly Cyber and E&O Market: How to Take Advantage -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 27 mins
Top 5 Cyber Threats To Mergers and Acquisitions -
Article 15 mins
Cyber Attacks: How to Rapidly Detect, Respond and Contain Damage -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
-
Article 24 mins
Why Now is the Right Time to Customize Cyber and E&O Contracts -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 19 mins
Mitigating Insider Threats: Managing Cyber Perils While Traveling Globally -
Article 8 mins
Managing Cyber Risk through Return on Security Investment -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 13 mins
Escalating Cyber Security Risks Mean Businesses Need to Build Resilience
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
-
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Making Wellbeing Part of a Company’s DNA -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 10 mins
Why Workforce Wellbeing is Vital to Company Performance -
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
-
Article 9 mins
ESG Data: How Businesses Can Use Data to Gain an Edge -
Article 12 mins
Why ESG Is Even More Important In A Crisis Like COVID-19 -
Podcast 19 mins
On Aon Podcast: Approach to DE&I in the Workplace
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
-
Article 20 mins
Q4 2023: Global Insurance Market Overview -
Article 19 mins
Top Risk Trends to Watch in 2024 -
Article 11 mins
Generative AI: Emerging Risks and Insurance Market Trends
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
-
Article 22 mins
Top Risks Facing Organizations in Asia Pacific -
Article 21 mins
Top Risks Facing Organizations in North America -
Article 18 mins
Top Risks Facing Organizations in Europe -
Article 19 mins
Top Risks Facing Organizations in Latin America -
Article 18 mins
Top Risks Facing Organizations in the Middle East and Africa -
Article 21 mins
Top Risks Facing Organizations in the United Kingdom
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
-
Article 19 mins
How Technology Will Transform Employee Benefits in the Next Five Years -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 20 mins
Integrating Workforce Data to Uncover Hidden Insights -
Article 30 mins
How Employers Can Use Data to Improve Their Health Plans -
Podcast 25 mins
On Aon’s Better Being Series: Measuring Wellbeing -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 15 mins
Designing Tomorrow: Personalizing EVP, Benefits and Total Rewards -
Article 12 mins
How to Balance Cost with Growth in a Shifting Talent Market -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Article 13 mins
How Data and Analytics Can Optimize HR Programs
Insights for HR
Explore our hand-picked insights for human resources professionals.
-
Article 9 mins
COVID-19 has Permanently Changed the Way We Think About Wellbeing -
Article 11 mins
DE&I in Benefits Plans: A Global Perspective -
Article 13 mins
How Data and Analytics Can Optimize HR Programs -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 10 mins
Case Study: The LPGA Unlocks Talent Potential with Data -
Article 16 mins
Navigating the New EU Directive on Pay Transparency -
Article 14 mins
How to Design Better Talent Assessment to Promote DE&I -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 10 mins
Rethinking Your Total Rewards Programs During Mergers and Acquisitions -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
-
Article 16 mins
Driving Inclusion and Diversity with Employee Benefits -
Article 24 mins
Five Big Human Resources Trends to Watch in 2024 -
Article 13 mins
How Companies are Mitigating Rising Medical Costs -
Report 2 mins
The Global Medical Trend Rates Report 2024 -
Podcast 26 mins
On Aon’s Better Being Series: Physical Wellbeing and Resilience -
Article 16 mins
How the Right Employee Wellbeing Strategy Impacts Microstress and Burnout at Work -
Article 14 mins
Addressing the Wellbeing Disconnect With a Data-Informed Strategy -
Article 28 mins
Advancing Women’s Health and Equity Through Benefits and Support -
Podcast 20 mins
On Aon Podcast: Technology Impacting the Future of Health and Benefits -
Article 12 mins
How Collective Retirement Plans Help Support Financial Sustainability -
Article 15 mins
Four Ways Retirement Plans Can Reduce the Gender Savings Gap -
Article 24 mins
Understanding and Preparing for the Rise in Pay Transparency
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
-
Article 21 mins
Exit Strategy Value Creation Opportunities Exist as Economic Pressures Persist -
Article 10 mins
Future Trends for Financial Sponsors: Secondary Transactions -
Article 16 mins
ESG Factors are Carrying Increasing Importance in Mergers and Acquisitions Dealmaking -
Article 24 mins
3 Ways to Unlock M&A Value in a Challenging Credit Environment -
Article 14 mins
An Ever-Complex Global Tax Environment Requires Strong M&A Risk Solutions -
Article 8 mins
Project Management for HR: The Secret Behind a Successful M&A Deal -
Article 18 mins
Cultural Alignment Planning Drives M&A Success -
Article 14 mins
From Risk to Reward: Turning Data Breaches into Deal Value
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
-
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap -
Article 21 mins
How Technology Enhancements are Boosting Parametric
Property Risk Management
Our Property Risk Management collection gives you access to the latest insights from Aon's thought leaders to help organizations make better decisions. Explore our latest insights to learn how your organization can benefit from property risk management.
-
Article 18 mins
Navigating the Challenges of the Year-End Property Market -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Podcast 19 mins
On Aon Podcast: Navigating and Preparing for Catastrophes -
Article 13 mins
Parametric Insurance: A Complement to Traditional Property Coverage -
Article 12 mins
Navigating Climate Risk Using Multiple Models and Data Sets -
Article 9 mins
Rising Losses From Severe Convection Storms Mostly Explained by Exposure Growth -
Article 21 mins
Why Parametric Solutions Should Be Part of Your Next Renewal Conversation -
Article 10 mins
Using Parametric Insurance to Close the Earthquake Protection Gap
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
-
Article 20 mins
5 Ways Artificial Intelligence can Boost Claims Management -
Article 8 mins
Artificial Intelligence and the Next Frontier for Financial Institutions -
Article 12 mins
Mitigating Insider Threats: Your Worst Cyber Threats Could be Coming from Inside -
Article 9 mins
8 Steps Toward Building Better Resilience Against Rising Ransomware Attacks -
Article 18 mins
Overcoming the Reputational Cost of Cyber Attacks: The 10-Day Plan -
Article 17 mins
Why HR Leaders Must Help Drive Cyber Security Agenda -
Article 15 mins
How to Futureproof Data and Analytics Capabilities for Reinsurers
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
-
Article 14 mins
Cyber Attack or Data Breach -
Article 9 mins
Business Interruption -
Article 10 mins
Economic Slowdown or Slow Recovery -
Article 12 mins
Failure to Attract or Retain Top Talent -
Article 12 mins
Regulatory or Legislative Changes -
Article 10 mins
Supply Chain or Distribution Failure -
Article 14 mins
Commodity Price Risk or Scarcity of Materials -
Article 10 mins
Damage to Brand or Reputation -
Article 10 mins
Failure to Innovate or Meet Customer Needs -
Article 10 mins
Increasing Competition
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
-
Report 5 mins
Global Risk Management Survey -
Article 10 mins
Four Steps to Develop Strong Property Risk Coverage in a Hardening Market -
Article 10 mins
Managing Project Risks: 5 Ways Credit Solutions Can Help -
Article 34 mins
Cutting Supply Chains: How to Achieve More Reward with Less Risk -
Article 24 mins
Driving Private Equity Value Creation Through Credit Solutions -
Article 12 mins
Tips for 2024 Salary Increase Planning -
Article 12 mins
4 Steps to Help Take Advantage of a Buyer-Friendly Directors' & Officers' Market -
Article 18 mins
Managing Reputational Risks in Global Supply Chains -
Article 10 mins
How an Outsourced Chief Investment Officer Can Help Improve Governance and Manage Complexity -
Article 12 mins
Decarbonizing Your Business: Finding the Right Insurance and Strategy -
Article 17 mins
Reputation Analytics as a Leading Indicator of ESG Risk
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
-
Report 5 mins
Climate and Catastrophe Insight -
Article 26 mins
How Investors are Making Better Decisions Amid a Changing Climate -
Article 12 mins
Improving Agricultural Practices to Address Climate Risks -
Article 22 mins
Understanding Freeze Risk in a Changing Climate -
Article 19 mins
Insurance Plays a Key Role in Transitioning to a Low Carbon Future -
Article 17 mins
How Academic Research Can Help Drive Climate Risk Resilience -
Podcast 11 mins
On Aon Podcast: Climate Science Through Academic Collaboration -
Article 11 mins
How Companies Are Using Climate Modeling to Improve Risk Decisions -
Podcast 9 mins
On Aon Insights: Climate and Supply Chain -
Article 14 mins
Using Parametric Insurance to Match Capital to Climate Risk -
Article 27 mins
How the Construction Industry is Navigating Climate Change -
Article 16 mins
Record Heatwaves: Protecting Employee Health and Safety
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
-
Article 12 mins
Using Data to Close Workforce Gaps in Financial Institutions -
Article 11 mins
Using Data to Close Workforce Gaps in Retail Companies -
Article 15 mins
Using Data to Close Workforce Gaps in Technology Companies -
Article 8 mins
Using Data to Close Workforce Gaps in Manufacturing Companies -
Article 14 mins
Using Data to Close Workforce Gaps in Life Sciences Companies -
Report 9 mins
Measure Workforce Resilience for Better Business Outcomes -
Podcast 21 mins
On Aon Podcast: Methodology to Predict Employee Performance for the LPGA -
Article 17 mins
What Does a Resilient Workforce Look Like? -
Article 8 mins
Training and Transforming Managers for the Future of Work -
Article 21 mins
Building a Resilient Workforce That Steers Organizational Success | An Outlook Across Industries
More Like This
-
Article 24 mins
Capturing Carbon on the Critical Pathway to Net Zero
As the world races to reduce climate risks and limit CO<sub>2</sub> emissions, the demand for scalable and cost-effective decarbonization technologies is increasing. Carbon capture projects form an important part of the low carbon energy transition, bringing both challenges and opportunities.
-
Article 13 mins
Protecting North American Contractors from Extreme Heat Risks with Parametric
Growing extreme heat conditions have escalated risks, delays and costs for the construction industry in North America. Parametric insurance can help protect against such risks, offering contractors and building owners agility, efficiency and flexibility.
-
Article 21 mins
How Insurance Can Help Hedge Potential Exposures Under the New Unified Patent Court System
The launch of the Unified Patent Court allows for a new patent filing process across Europe using a centralized system. While this brings significant financial and operational benefits, navigating these changes will demand a robust litigation risk management strategy.
