Risks That Threaten Transactions

I have recent experience on a ￡150m corporate sale where the vendor business suffered a ransomware attack, the very morning the deal was to close. What was the impact of this and how could it have been prevented?

Was this a co-incidental event? You would suspect not. We don't know the finite details of the actual incident, however you could suspect that the attackers gained access to the vendors systems some time before the close date and, to their fortune uncovered this deal was in play and waited for their most opportune time to act; the day of the transaction close!

What this meant was a significant delay in the conclusion of the deal, increased costs on both sides, not to mention the operational challenges the vendor had in getting back to business as usual.

On this occasion the buyer felt the cyber risk to be low in this business; a number of factors may have influenced this, maybe the sector, the size of the business or they simply weren't aware of the cyber risk landscape.

The vendor suffered losses operationally, additional costs in recovery as well as price chip from the buyer. Its obvious to say it now, however a deep forensic review of the vendors systems should have uncovered the breach early in the process and the outcome essentially a different one. The buyer (Private Equity) perhaps felt they got a bargain as a result. However had this been a PE vendor looking to exit with enhanced value from initial investment, would this event have meant exiting at a loss? Certainly something for PE to consider for all exits.

The article below explores some of the considerations buyers and vendors need to make in the process of a transaction.