Mitigating Cyber Risks in Divestiture: A Board of Directors Responsibility

Strategic Need;

Higher Interest rates for borrowing money for M&A deals force companies to focus on core "Cash Cow" products and services. Spinning off or selling off non-core Lines of businesses to competitors to pay off higher debt and generate money for M&A deals is becoming necessary.

• General Electric announced Nov 2022 splitting into three companies focused on aviation, health care, and energy by 2024.

• Oct 2022, IBM completed the spin-off of its managed infrastructure services unit into a new company called Kyndryl.

• Johnson and Johson, Sept 2022, selling its consumer health business to Carlyle Group for $16.3 Billion.

WHY ARE BRANDS TARGETED DURING DIVESTITURES? -

All the above deals mentioned pose higher risks and probability of cyber threats. Ransomware attackers are more sophisticated and target brands of every market cap size. They keep up with press releases to go after distracted management with building Valuations and finding suitable buyers for their spin-offs.

Reputation risks are heightened during a divestiture spin-off where confidential information is shared between parties. As a result, boards of directors must take responsibility for mitigating these risks to protect their company's reputation, financial stability, and shareholder value. In this brief article, we'll explore the cyber threats that can arise during divestiture and protect your company's assets. Capital One Nightmare: How a Data Breach Cost Millions and Damaged Reputation in a Spin Off

Capital One Nightmare Case Study - Valuations SANK!

The Capital One (S&P 100 and S&P500 component) data breach of 2019 is a cautionary tale for spin-off investors. Capital One, a U.S.-based financial institution, completed the spin-off of its subprime auto lending business, Flagship Credit Acceptance, to investment firm Perella Weinberg Partners. This move was part of its strategy to reduce exposure to riskier loans and focus on core businesses. However, shortly after the spin-off, a massive data breach was disclosed, affecting approximately 106 million customers and applicants in the U.S. and Canada. This breach exposed personal information and caused a significant drop in Capital One's stock price, along with several lawsuits, regulatory investigations, and customer complaints, costing the company between $100 million and $150 million.

Notably, the data breach also affected Flagship Credit Acceptance, exposing it to legal, regulatory, and reputational risks and reducing its attractiveness as an investment opportunity. This case highlights the importance of robust cyber security practices and governance, especially when using cloud services and third-party vendors. Investors must analyze these factors carefully before making any spin-off or divestiture decisions.

Don't Let Cyber Risks Sabotage Your Divestiture: Steps to Protect Your Assets

Divesting is a complex process requiring lots of coordination among the parties involved. But don't overlook the significant cyber risks that could threaten your success.

• Ensure the board of directors includes cybersecurity in their assessments of valuations and finding buyers for spin-offs to mitigate these risks.

• Protect your assets by conducting thorough due diligence, implementing robust cybersecurity measures, and training board members, management, and staff.

• Hiring cyber expertise around the boardroom is crucial to understand these evolving cyber risks. Safeguard your reputation, financial stability, and shareholder value with these essential steps.

Have a great Holiday weekend for U.S. GBAC Innovation readers and friends reach me for any confidential advice and collaborations!

All the best

Yusuf Azizullah

ya@globalboardadvisors.com