Any fan of the TV show ‘Dr Who’ will be well versed in the threat of Cyber. Well, cybermen – those less than fleet-footed, emotionless adversaries of the good Doctor – at least.

Those cybermen were bent on human destruction - very similar in fact to the cyber that businesses, organisations and ‘ordinary members of the public’ have become more accustomed to in recent years.

According to recent UK Government figures 50 per cent of businesses reported having some form of cyber security breach or attack in the last 12 months. That increases to 70 per cent for medium sized firms.
The most common form of attack was phishing, followed by others impersonating organisation in emails or online and then malware.

These attacks brought worry, stress and cost to employers and their staff. The Government calculated that on average a breach cost a business about £1,200. For medium firms it shot up to nearly £11,000.

It is why when you talk to any corporate finance advisers or lawyers they tell you that cyber security is becoming an increasingly hot topic – and sometimes a dealbreaker – when it comes to M&A.

It is playing an increasingly important part in the due diligence process. Alongside the traditional focus on finance, liabilities, contracts, and licences potential acquirers are – like those cybermen again – lasering down on a target’s cyber security resilience.

It makes perfect sense.

By acquiring a business, you are adding everything within their four walls. That includes more than likely integrating their computer systems – perhaps on legacy software and hardware, perhaps only in the early stages of digital adoption and a rudimentary approach to cyber security such as firewalls and user authorisation.

It could be a lengthy process getting all of those systems up to speed and secure. A process which any hacker, seeing a buyer and seller’s happy faces in the business or trade press, can look for transitional gaps in security to take advantage of.

It also includes their people – perhaps unaware of the threat of a spam call or email from a hacker trying to hunt down clues to let them into the system or carelessly using a work laptop in a public place or even (although this usually only applies it seems to MPs and members of British intelligence) leaving laptops or mobiles on trains.

An acquirer when making an offer needs to factor in the cost of making systems more cybersecure, cyber training for the new staff coming on board, perhaps increased cyber insurance costs and the increased threat of legal and reputational liabilities until security is enhanced.

This isn’t just theoretical. When Verizon bought Yahoo in 2017 for $4.48 billion, the price was reduced from an initial $4.8 billion after Yahoo's disclosure of two massive data breaches affecting over 1 billion user accounts.

So, if you’re a seller what do you need to do to ensure that your cyber policies and practices don’t squander the chance of a deal or lead to a lower offer price?
- Get prepared – Don’t leave cybersecurity concerns until you are sitting around the board table discussing sale or exit options. Evaluate the risks well ahead of any decision or negotiation. That means reviewing your existing systems and security policies and products.

- Get your documents ready – Are you compliant with the regulations and standards such as General Data Protection Regulations (GDPR)? Don’t hide any breaches – be prepared to show a potential acquirer how you reacted to an attack or leak of information.

- Best Practice – Do you have cyber training in place for staff? Also, do you have an incident response plan? Do staff know what to do and how to identify and report a breach? How quickly can you get back on your feet with backup systems?

- If you’re an acquirer you also need to have a post-integration plan in place to ensure your new division or business can get up to cyber resilient speed as soon as possible.

- Remain aware of evolving cyber threats. Read articles in the press, attend cyber security events, talk to your networks, invest in the latest security products.

As the digital transformation of business and society at large grows then so will the risk of cyberattack. As such this will become an even more important factor in M&A deals as the years roll on. By being pro-active on cyber security you can attract interest in a crowded and more vulnerable marketplace.

It may not protect you from a cyberman, but it should protect the value of your business.