EXECUTIVE SUMMARY:

Once upon a time, Yahoo was worth a lot of money. And then it suffered a massive data breach. Somewhere in between, Verizon opted to buy the company. When all was said and done–and the extent of the breach turned out to be much larger than previously realized–Yahoo’s price tag was slashed $350 million from the original offer. Now, businesses seeking to acquire other companies are stepping up their due diligence on cybersecurity.

The Wall Street Journal reports, “Four or five years ago, cybersecurity due diligence consisted of asking a few questions in a short phone call, said Evan Wolff, a partner at Crowell & Moring LLP.

Now data compromises can diminish the value of a transaction, he said. Suspected theft of sensitive data uncovered through due diligence ‘becomes a business issue.’”

One company The Wall Street Journal talked to, Automatic Data Processing (ADP), approaches an acquisition with cybersecurity as a key valuation factor. When ADP set out to acquire WorkMarket, it dispatched a team of cybersecurity professionals and other investigators. “The ADP team combed the software maker’s technology, practices and internal policies. It also interviewed staff about monitoring for intrusions, training employees and performing other security tasks. The payroll processor also hired a cybersecurity firm to do its own evaluation,” reports The Wall Street Journal.

Without due diligence, companies risk cybersecurity issues surfacing down the road. One example: Fedex’s recent incident of customer data being exposed in the cloud. The problem stemmed from a business that FedEx had acquired in 2014.

Get the full story at The Wall Street Journal.