It is becoming increasingly important for deal teams to understand the level of cyber security risk being taken on as part of the acquisition process.
In 2016, Marriot International Inc (Marriot) acquired Starwood Hotels & Resorts Inc (Starwood) for c$13.6b. Unknown to them at the time, the Starwood guest booking system was insecure and had suffered a cyber breach in 2014, exposing the details of 339 million guests, 7 million from the UK.
On discovery of the attack in 2018, Marriot was fined £18.4m by the Information Commissioner’s Office (ICO).
With cyber crime on the rise and an increase in geopolitically motivated attacks, it is becoming increasingly important for deal teams to understand cyber risks and manage them accordingly. Cyber due diligence is an effective and efficient way of doing this.